Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Adware is clearly slowing PC down.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Adware is clearly slowing PC down.

Unread postby Johannes247 » January 28th, 2016, 8:00 am

Hey! Thanks for the help ahead of time!
I recently bought a new pc and in the past two weeks Ive began to get s***** ads and redirects from legit sites to ads. My browser (Edge) has began slow and freezes often due to "long Script" or something. It has also crashed a few times. Some videos blocked by ads. Ive ran both Malewarebytes and AdwCleaner and both came up empty. Primary use is gaming.

**FRST SCAN and ADDITION are in the File!**

FRST AND ADDITION.txt
You do not have the required permissions to view the files attached to this post.
Last edited by NonSuch on January 30th, 2016, 6:11 pm, edited 1 time in total.
Reason: Expletive deleted.
Johannes247
Active Member
 
Posts: 11
Joined: January 28th, 2016, 7:30 am
Advertisement
Register to Remove

Re: Adware is clearly slowing PC down.

Unread postby wannabeageek » January 30th, 2016, 3:17 pm

Hi Johannes247,

I will look at your logs and get back with you later today, my time.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Adware is clearly slowing PC down.

Unread postby wannabeageek » January 30th, 2016, 9:49 pm

Hello Johannes247, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Note: Save or Move all downloaded files to your Desktop.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Oskari (administrator) on OSKU (28-01-2016 13:25:45)
Running from C:\Users\Oskari\Downloads



Step 1.
Please post all logs from this folder: C:\AdwCleaner
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Adware is clearly slowing PC down.

Unread postby Johannes247 » January 30th, 2016, 10:31 pm

# AdwCleaner v5.029 - Logfile created 15/01/2016 at 22:47:52
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\Users\Oskari\AppData\Local\MalwareProtectionLive
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\pokki

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : Pokki

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C8B2CE1-363B-4CA0-8E8A-2FCAC8DEF924}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1454 bytes] ########### AdwCleaner v5.029 - Logfile created 17/01/2016 at 01:03:15
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [653 bytes] ##########
# AdwCleaner v5.030 - Logfile created 18/01/2016 at 04:10:42
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [653 bytes] ########### AdwCleaner v5.030 - Logfile created 25/01/2016 at 02:23:38
# Updated 17/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C4].txt - [652 bytes] ##########
# AdwCleaner v5.029 - Logfile created 15/01/2016 at 22:45:27
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\TweakBit
Folder Found : C:\Users\Oskari\AppData\Local\MalwareProtectionLive
Folder Found : C:\WINDOWS\SysNative\Tasks\pokki

***** [ Files ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : Pokki

***** [ Registry ] *****

Key Found : HKCU\Software\SweetLabs App Platform
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C8B2CE1-363B-4CA0-8E8A-2FCAC8DEF924}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1302 bytes] ##########
# AdwCleaner v5.029 - Logfile created 17/01/2016 at 01:02:23
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [561 bytes] ##########
# AdwCleaner v5.030 - Logfile created 18/01/2016 at 04:10:08
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [561 bytes] ##########
# AdwCleaner v5.030 - Logfile created 18/01/2016 at 04:26:37
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [561 bytes] ##########
# AdwCleaner v5.030 - Logfile created 18/01/2016 at 04:30:43
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [561 bytes] ##########
# AdwCleaner v5.030 - Logfile created 18/01/2016 at 04:33:16
# Updated 17/01/2016 by Xplode
# Database : 2016-01-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S6].txt - [561 bytes] ##########
# AdwCleaner v5.030 - Logfile created 23/01/2016 at 02:02:02
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [561 bytes] ##########
# AdwCleaner v5.030 - Logfile created 23/01/2016 at 03:49:33
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [561 bytes] ##########
# AdwCleaner v5.030 - Logfile created 25/01/2016 at 01:11:49
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S9].txt - [561 bytes] ##########
# AdwCleaner v5.030 - Logfile created 25/01/2016 at 02:23:10
# Updated 17/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [560 bytes] ##########
# AdwCleaner v5.030 - Logfile created 25/01/2016 at 02:29:22
# Updated 17/01/2016 by Xplode
# Database : 2016-01-11.2 [Local]
# Operating system : Windows 10 Home (x64)
# Username : Oskari - OSKU
# Running from : C:\Users\Oskari\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S11].txt - [560 bytes] ##########

C:\ProgramData\TweakBit\FixMyPC\1.x\StatDB.json->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\StatDB.json.vir
C:\ProgramData\TweakBit\FixMyPC\1.x\Unfixed.err->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\Unfixed.err.vir
C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\CheckSerialNumber.log->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\Logs\CheckSerialNumber.log.vir
C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPC.log->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPC.log.vir
C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPCLogic.log->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPCLogic.log.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk.vir
Johannes247
Active Member
 
Posts: 11
Joined: January 28th, 2016, 7:30 am

Re: Adware is clearly slowing PC down.

Unread postby wannabeageek » January 31st, 2016, 1:29 am

Hi Johannes247,

These files at the end appear not to be tied to any specific log. What log(s) did they come from?
C:\ProgramData\TweakBit\FixMyPC\1.x\StatDB.json->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\StatDB.json.vir
C:\ProgramData\TweakBit\FixMyPC\1.x\Unfixed.err->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\Unfixed.err.vir
C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\CheckSerialNumber.log->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\Logs\CheckSerialNumber.log.vir
C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPC.log->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPC.log.vir
C:\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPCLogic.log->C:\AdwCleaner\Quarantine\C\ProgramData\TweakBit\FixMyPC\1.x\Logs\FixMyPCLogic.log.vir
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk->C:\AdwCleaner\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk.vir
Also, of all the logs you posted some appear incomplete. This could be an optical illusion since all the logs are posted back to back and run together.
From this point on please post each log requested in its own post.

TweakBit\FixMyPC
Did you install and run this? These are a waste of money since there are free cleaners that do more. Also, by running FixMyPC any links to your problem may have been removed. I really do not see anything in the logs you provided that would cause the issue(s) you posted in the beginning.

What I need to know:
  • What log or logs did the files I put in quotes above come from?
  • Are you still experiencing unwanted ads or redirects?
  • What operating system did you upgrade from when you installed Windows 10?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Adware is clearly slowing PC down.

Unread postby Johannes247 » January 31st, 2016, 10:41 am

Those files were the quarantine from Adwclear.
I don't remember ever installing Tweakbit or FixMyPC. That's what was rather fishy about those files..
I Upgraded from Windows 8.

As for the ads.. I get them randomly. Its not a constant thing. Right now, there are blank spaces where there were usually regular ads and usually soon after that the new ads would appear.
Before I contacted this forum, I removed a few unnecessary programs in hope that could remove the ads, but that that time it didn't seem to help.
Johannes247
Active Member
 
Posts: 11
Joined: January 28th, 2016, 7:30 am

Re: Adware is clearly slowing PC down.

Unread postby wannabeageek » January 31st, 2016, 12:06 pm

Hi Johannes247,

Do you recall what programs you removed?

==================== Restore Points =========================

ATTENTION: System Restore is disabled
From what I have read, the default install for Windows 10 disables this function. Why Microsoft would do such a thing is beyond my understanding. Because without a Restore Point, you could not recover from a serious system crash or a bad update.

So let's begin with a system backup that works.

Step 1.
Registry Backup (TCRB)
TCRB should still be on your desktop - if not;
Please download tweaking.com_registry_backup_setup.exe
Choose a download site for the installer... download and save it to your desktop.
Double click on the "...setup.exe" program and install the program. Let the install use the default installation. How to tutorial here.

Once the program is installed...
  1. Double click the Tweaking.com Registry Backup icon ... on your Desktop to open the program.
  2. Right mouse click the Tweaking.com Registry Backup icon, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  3. It should open with the Backup Registry tab selected and all file options checked. Check any that are not already checked.
  4. Click on Backup Now to create a backup of your Registry.
    You'll see "Waiting for Volume Shadow Copy snapshot..." this may take a few moments, just be patient.
  5. When completed you should see a message saying something like ... Successful ??/?? Registry Files Backed Up ... ?? is total number of files, both numbers should match.
  6. Close and exit the program.

< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Activate System Restore
  1. To get to System Protection is via the Cortana/search box on the task bar.
  2. Type in “System Protection” and at the top of the pop-up panel you should see Create a restore point Control panel.
  3. Click that and the System Properties window appears.
  4. Next, select the radio button that says: "Turn on system protection".
  5. Click Apply, and then OK.
  6. Close the System Properties window.


Step 3.
Create a System Restore Point
  1. Search for Create a restore point from the taskbar and select it from the list of results.
  2. On the System Protection tab in System Properties, select Create.
  3. Enter a description for the restore point: "UserCreated1"
  4. Select Create
  5. Click OK.


What I need back from you:
Post each separately.
  1. List of programs you removed
  2. Verify that each step completes 1 to 3
  3. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Adware is clearly slowing PC down.

Unread postby Johannes247 » February 1st, 2016, 5:35 am

I cant recall all the programs I removed, There was a big set of pre-installed programs and I also removed a few games.
Step 1 was successful and registry files were backed up.
Johannes247
Active Member
 
Posts: 11
Joined: January 28th, 2016, 7:30 am

Re: Adware is clearly slowing PC down.

Unread postby Johannes247 » February 1st, 2016, 5:41 am

Step 2 Worked.. but I`ve got a question how much space should I allow for restore points?
Johannes247
Active Member
 
Posts: 11
Joined: January 28th, 2016, 7:30 am

Re: Adware is clearly slowing PC down.

Unread postby Johannes247 » February 1st, 2016, 5:43 am

Step 3 also successful.
Johannes247
Active Member
 
Posts: 11
Joined: January 28th, 2016, 7:30 am

Re: Adware is clearly slowing PC down.

Unread postby Johannes247 » February 1st, 2016, 6:13 am

It appears Kaspersky is blocking the adware to some degree. The ads don't respond to clicks and when I inspect the site elements, there are errors saying permission denied.
Johannes247
Active Member
 
Posts: 11
Joined: January 28th, 2016, 7:30 am

Re: Adware is clearly slowing PC down.

Unread postby wannabeageek » February 3rd, 2016, 6:42 pm

Posted your FRST log.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Oskari (administrator) on OSKU (28-01-2016 13:25:45)
Running from C:\Users\Oskari\Downloads
Loaded Profiles: Oskari (Available Profiles: Oskari)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Akamai Technologies, Inc.) C:\Users\Oskari\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Oskari\AppData\Local\Akamai\netsession_win.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Valve Corporation) E:\Steam\Steam.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14601160 2015-07-02] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => E:\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2787264 2016-01-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2012-11-29] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\Run: [Steam] => E:\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\Run: [GalaxyClient] => E:\GalaxyClient\GalaxyClient.exe [7744568 2015-10-23] (GOG.com)
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\Run: [Spotify Web Helper] => C:\Users\Oskari\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-22] (Spotify Ltd)
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Oskari\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\Run: [Spotify] => C:\Users\Oskari\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-22] (Spotify Ltd)
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-11-19] (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DisHiber.lnk [2015-07-10]
ShortcutTarget: DisHiber.lnk -> D:\LXDiag\DisHiber.bat (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{0955fd0a-f9fc-4a70-8a3b-b80cbfef6802}: [DhcpNameServer] 46.17.97.90 8.8.8.8
Tcpip\..\Interfaces\{acbfdd45-8d9c-477a-afe0-744ef3d9407f}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{c20eb8a2-ae2b-4287-bae3-52fe452f08c2}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID= ... EC913AC93A
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {989EE9FD-A026-457D-BDFA-518B1AB2C7D0} URL =
SearchScopes: HKU\.DEFAULT -> {989EE9FD-A026-457D-BDFA-518B1AB2C7D0} URL =
SearchScopes: HKU\S-1-5-21-3973165617-3313924940-2255048865-1001 -> DefaultScope {989EE9FD-A026-457D-BDFA-518B1AB2C7D0} URL =
SearchScopes: HKU\S-1-5-21-3973165617-3313924940-2255048865-1001 -> {989EE9FD-A026-457D-BDFA-518B1AB2C7D0} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-01-07] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-01-07] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\IEExt\ie_plugin.dll [2016-01-23] (AO Kaspersky Lab)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-01-07] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll No File

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-01-07] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-23] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\FFExt\light_plugin_firefox [2016-01-23]

Chrome:
=======
CHR HomePage: Default -> hxxps://fi.search.yahoo.com/?type=926458&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://fi.search.yahoo.com/?type=926458&fr=yo-yhp-ch"
CHR Profile: C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google-presentaatiot) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-08]
CHR Extension: (Google-dokumentit) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-08]
CHR Extension: (Google Drive) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (YouTube) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Google-haku) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (Kaspersky Protection) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-01-25]
CHR Extension: (Google-taulukot) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-08]
CHR Extension: (Google Docsin offline-tila) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-04]
CHR Extension: (Chrome Web Storen maksut) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-08]
CHR Extension: (Gmail) - C:\Users\Oskari\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-08]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/deta ... ihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/deta ... ihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\avp.exe [194000 2015-08-12] (Kaspersky Lab ZAO)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-17] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2762936 2016-01-07] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-07-10] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-07-10] (Creative Labs) [File not signed]
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [238376 2015-08-21] (EasyAntiCheat Ltd)
S3 GalaxyClientService; E:\GalaxyClient\GalaxyClientService.exe [1616440 2015-10-23] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7184440 2015-12-07] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-01-12] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-01-12] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6308288 2016-01-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [4812736 2016-01-12] (NVIDIA Corporation)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [476904 2015-02-04] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [242944 2015-01-07] (acer)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [57344 2015-10-30] (Microsoft Corp.)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [469264 2013-06-26] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-01-23] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-01-23] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2016-01-23] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-23] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2016-01-23] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\system32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-01-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
S3 RtkAvrcp; C:\Windows\System32\drivers\RtkAvrcp.sys [59608 2014-05-22] (Realtek Semiconductor Corporation)
S3 RtkAvrcpCtrlr; C:\Windows\System32\drivers\RtkAvrcpCtrlr.sys [69848 2013-06-21] (Realtek Semiconductor Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [593624 2015-12-06] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 13:25 - 2016-01-28 13:25 - 02370560 _____ (Farbar) C:\Users\Oskari\Downloads\FRST64.exe
2016-01-28 13:25 - 2016-01-28 13:25 - 00023428 _____ C:\Users\Oskari\Downloads\FRST.txt
2016-01-28 13:25 - 2016-01-28 13:25 - 00000000 ____D C:\FRST
2016-01-28 13:05 - 2016-01-28 13:05 - 00000000 ____D C:\WINDOWS\LastGood
2016-01-28 13:05 - 2016-01-23 02:47 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-01-28 13:04 - 2016-01-23 05:31 - 42983992 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 37615040 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 31115712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 24941112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 21202488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 20741880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 17632544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 17224664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 17174032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 17116616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 02543160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 02187712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436175.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436175.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00948672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00882232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00784640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00745408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00689600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00630592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00601752 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00541184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00445912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00423360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00378784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00377792 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00316960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00175368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-01-28 13:04 - 2016-01-23 05:31 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-01-26 13:54 - 2016-01-26 13:54 - 00000206 _____ C:\Users\Oskari\Desktop\Tom Clancy's The Division Beta.url
2016-01-26 13:54 - 2016-01-26 13:54 - 00000206 _____ C:\Users\Oskari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tom Clancy's The Division Beta.url
2016-01-25 21:48 - 2016-01-25 21:48 - 00000202 _____ C:\Users\Oskari\Desktop\GameLooper.url
2016-01-25 21:47 - 2016-01-25 21:47 - 01088347 _____ C:\Users\Oskari\Downloads\Sales-Call.pptx
2016-01-25 02:28 - 2016-01-25 02:32 - 00157176 _____ C:\WINDOWS\ntbtlog.txt
2016-01-25 02:28 - 2016-01-25 02:28 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-01-23 02:59 - 2016-01-28 12:48 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-01-23 02:59 - 2016-01-23 02:59 - 00002128 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2016-01-23 02:59 - 2016-01-23 02:59 - 00000664 _____ C:\Users\Oskari\Desktop\BDPUARLauncher - Shortcut.lnk
2016-01-23 02:59 - 2016-01-23 02:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2016-01-23 02:59 - 2016-01-23 02:59 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-01-23 02:59 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-01-23 02:58 - 2016-01-23 03:24 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-01-23 02:58 - 2016-01-23 03:24 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-01-23 02:58 - 2016-01-23 03:01 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-01-23 02:57 - 2016-01-23 02:58 - 171372744 _____ (Kaspersky Lab) C:\Users\Oskari\Downloads\kav16.0.0.614fi-fi.exe
2016-01-23 02:44 - 2016-01-23 02:44 - 48831832 _____ C:\Users\Oskari\Downloads\BDPUARLauncher.exe
2016-01-23 02:34 - 2016-01-23 02:34 - 00001055 _____ C:\Users\Oskari\Desktop\AdwCleaner - Shortcut.lnk
2016-01-23 02:32 - 2016-01-25 02:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-23 02:32 - 2016-01-23 02:32 - 00001139 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-23 02:32 - 2016-01-23 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-23 02:32 - 2016-01-23 02:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-23 02:32 - 2016-01-23 02:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-23 02:32 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-23 02:32 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-23 02:32 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-23 02:21 - 2016-01-23 02:31 - 22908888 _____ (Malwarebytes ) C:\Users\Oskari\Downloads\mbam-setup-2.2.0.1024 (2).exe
2016-01-19 16:35 - 2016-01-19 16:35 - 00002497 _____ C:\Users\Oskari\Desktop\Word 2016.lnk
2016-01-19 16:35 - 2016-01-19 16:35 - 00002496 _____ C:\Users\Oskari\Desktop\PowerPoint 2016.lnk
2016-01-19 16:35 - 2016-01-19 16:35 - 00002459 _____ C:\Users\Oskari\Desktop\Excel 2016.lnk
2016-01-18 04:08 - 2016-01-18 04:09 - 01505280 _____ C:\Users\Oskari\Downloads\AdwCleaner.exe
2016-01-18 01:24 - 2015-12-18 08:10 - 00090768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-01-15 22:45 - 2016-01-25 02:29 - 00000000 ____D C:\AdwCleaner
2016-01-13 00:36 - 2016-01-05 04:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-13 00:36 - 2016-01-05 04:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 00:36 - 2016-01-05 04:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 00:36 - 2016-01-05 04:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-13 00:36 - 2016-01-05 04:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-13 00:36 - 2016-01-05 04:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 00:36 - 2016-01-05 04:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-13 00:36 - 2016-01-05 04:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 00:36 - 2016-01-05 04:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 00:36 - 2016-01-05 04:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 00:36 - 2016-01-05 04:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 00:36 - 2016-01-05 04:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 00:36 - 2016-01-05 04:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 00:36 - 2016-01-05 04:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-13 00:36 - 2016-01-05 04:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-13 00:36 - 2016-01-05 04:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 00:36 - 2016-01-05 04:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 00:36 - 2016-01-05 04:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 00:36 - 2016-01-05 04:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 00:36 - 2016-01-05 04:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 00:36 - 2016-01-05 04:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-13 00:36 - 2016-01-05 04:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 00:36 - 2016-01-05 04:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-13 00:36 - 2016-01-05 04:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 00:36 - 2016-01-05 04:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 00:36 - 2016-01-05 04:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 00:36 - 2016-01-05 04:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 00:36 - 2016-01-05 04:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 00:36 - 2016-01-05 04:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 00:36 - 2016-01-05 04:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 00:36 - 2016-01-05 04:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 00:36 - 2016-01-05 04:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 00:36 - 2016-01-05 04:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 00:36 - 2016-01-05 04:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 00:36 - 2016-01-05 04:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 00:36 - 2016-01-05 03:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-13 00:36 - 2016-01-05 03:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-13 00:36 - 2016-01-05 03:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 00:36 - 2016-01-05 03:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 00:36 - 2016-01-05 03:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 00:36 - 2016-01-05 03:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-13 00:36 - 2016-01-05 03:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 00:36 - 2016-01-05 03:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 00:36 - 2016-01-05 03:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 00:36 - 2016-01-05 03:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 00:36 - 2016-01-05 03:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 00:36 - 2016-01-05 03:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 00:36 - 2016-01-05 03:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-13 00:36 - 2016-01-05 03:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 00:36 - 2016-01-05 03:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-13 00:36 - 2016-01-05 03:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 00:36 - 2016-01-05 03:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 00:36 - 2016-01-05 03:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-13 00:36 - 2016-01-05 03:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 00:36 - 2016-01-05 03:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 00:36 - 2016-01-05 03:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 00:36 - 2016-01-05 03:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 00:36 - 2016-01-05 03:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 00:36 - 2016-01-05 03:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 00:36 - 2016-01-05 03:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 00:36 - 2016-01-05 03:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 00:36 - 2016-01-05 03:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 00:36 - 2016-01-05 03:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 00:36 - 2016-01-05 03:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 00:36 - 2016-01-05 03:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 00:36 - 2016-01-05 03:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 00:36 - 2016-01-05 03:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 00:36 - 2016-01-05 03:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 00:36 - 2016-01-05 03:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 00:36 - 2016-01-05 03:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-13 00:36 - 2016-01-05 03:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 00:36 - 2016-01-05 03:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 00:36 - 2016-01-05 03:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 00:36 - 2016-01-05 03:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 00:36 - 2016-01-05 03:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 00:36 - 2016-01-05 03:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 00:36 - 2016-01-05 03:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 00:36 - 2016-01-05 03:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 00:36 - 2016-01-05 03:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 00:36 - 2016-01-05 03:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 00:36 - 2016-01-05 03:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 00:36 - 2016-01-05 03:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-13 00:36 - 2016-01-05 03:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-13 00:36 - 2016-01-05 03:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-13 00:36 - 2016-01-05 03:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-13 00:36 - 2016-01-05 03:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-13 00:36 - 2016-01-05 03:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-13 00:36 - 2016-01-05 03:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-13 00:36 - 2016-01-05 03:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-09 20:10 - 2016-01-09 20:10 - 694067034 _____ C:\WINDOWS\MEMORY.DMP
2016-01-09 20:10 - 2016-01-09 20:10 - 00261940 _____ C:\WINDOWS\Minidump\010916-7093-01.dmp
2016-01-09 20:10 - 2016-01-09 20:10 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 ____D C:\Users\Oskari\AppData\Local\7Wonders2
2016-01-04 00:08 - 2016-01-04 00:08 - 00000201 _____ C:\Users\Oskari\Desktop\Borderlands 2.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-28 13:13 - 2015-09-16 14:28 - 00007605 _____ C:\Users\Oskari\AppData\Local\Resmon.ResmonCfg
2016-01-28 13:08 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-28 13:08 - 2015-08-06 14:38 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-28 13:06 - 2015-12-06 18:19 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-28 13:06 - 2015-12-06 18:19 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-28 13:05 - 2015-12-06 18:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-28 13:02 - 2015-08-06 13:24 - 00000000 ____D C:\Users\Oskari\AppData\Local\CrashDumps
2016-01-28 12:40 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-28 12:40 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-28 12:40 - 2015-08-08 23:20 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-28 12:37 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-28 12:34 - 2015-08-06 13:22 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4BA6FB0B-C981-4D25-AFDB-F4E0820080EC}
2016-01-28 12:31 - 2015-08-08 23:20 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-26 22:38 - 2015-08-08 23:22 - 00002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-01-25 21:48 - 2015-08-06 15:24 - 00000000 ____D C:\Users\Oskari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-25 21:47 - 2015-08-06 13:10 - 00000000 ____D C:\Users\Oskari\AppData\Local\Packages
2016-01-25 19:34 - 2015-12-01 20:33 - 12474312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-01-25 02:42 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-25 02:36 - 2015-12-06 18:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-25 02:35 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-25 02:22 - 2015-09-06 14:24 - 00000000 ____D C:\Users\Oskari\AppData\Local\Spotify
2016-01-25 01:25 - 2015-08-06 13:31 - 00000000 ____D C:\Users\Oskari\AppData\Local\ElevatedDiagnostics
2016-01-25 01:08 - 2015-09-06 14:22 - 00000000 ____D C:\Users\Oskari\AppData\Roaming\Spotify
2016-01-23 05:31 - 2015-12-01 20:33 - 19778944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-01-23 05:31 - 2015-12-01 20:33 - 14114944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-01-23 05:31 - 2015-12-01 20:33 - 03648552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-01-23 05:31 - 2015-12-01 20:33 - 03230824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-01-23 05:31 - 2015-12-01 20:33 - 00035832 _____ C:\WINDOWS\system32\nvinfo.pb
2016-01-23 03:24 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2016-01-23 03:24 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2016-01-23 03:01 - 2015-12-22 04:53 - 00530368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-01-23 03:01 - 2015-12-22 04:53 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-01-23 03:01 - 2015-12-06 18:19 - 06366656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-01-23 03:01 - 2015-12-06 18:19 - 02992064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-01-23 03:01 - 2015-12-06 18:19 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-01-23 03:01 - 2015-12-06 18:19 - 01263040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-01-23 03:01 - 2015-12-06 18:19 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-01-23 03:01 - 2015-12-06 18:19 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-01-23 02:59 - 2015-10-30 09:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-23 02:59 - 2015-10-30 08:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-23 02:59 - 2015-07-10 11:05 - 00000000 ____D C:\Users\Default.migrated
2016-01-22 04:06 - 2015-12-06 18:19 - 06125650 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-01-20 22:20 - 2015-12-06 18:20 - 00000000 ____D C:\Users\Oskari
2016-01-18 01:33 - 2015-08-06 16:15 - 00000000 ____D C:\Users\Oskari\AppData\Local\NVIDIA Corporation
2016-01-18 01:24 - 2015-11-09 22:49 - 00001458 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-01-18 01:24 - 2015-11-09 22:48 - 00000000 ____D C:\Users\Oskari\AppData\Local\NVIDIA
2016-01-17 01:19 - 2015-10-22 21:05 - 00000000 ____D C:\Users\Oskari\AppData\Roaming\Octoshape
2016-01-17 01:17 - 2015-09-27 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2016-01-16 00:52 - 2015-08-24 13:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-16 00:51 - 2015-08-24 13:19 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-15 23:16 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-15 23:15 - 2015-07-10 21:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-15 11:45 - 2015-08-08 23:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-15 11:45 - 2015-08-08 23:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-15 00:17 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-14 14:53 - 2015-08-08 23:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-12 06:41 - 2015-11-09 22:48 - 01542600 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-01-12 06:41 - 2015-11-09 22:48 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-01-12 06:40 - 2015-11-19 23:04 - 00112032 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-01-12 06:40 - 2015-11-09 22:48 - 01860120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-01-12 06:40 - 2015-11-09 22:48 - 01756608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-01-03 03:40 - 2015-10-30 09:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-03 03:40 - 2015-10-30 09:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 20:58 - 2015-10-30 08:28 - 00000000 ___RD C:\Users

==================== Files in the root of some directories =======

2015-08-06 13:10 - 2015-08-06 14:08 - 0002284 _____ () C:\Users\Oskari\AppData\Local\BTServer.log
2015-09-16 14:28 - 2016-01-28 13:13 - 0007605 _____ () C:\Users\Oskari\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Oskari\AppData\Local\Temp\Nexus Mod Manager-0.61.4.exe
C:\Users\Oskari\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Oskari\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Oskari\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Oskari\AppData\Local\Temp\nvStInst.exe
C:\Users\Oskari\AppData\Local\Temp\sfamcc00001.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-17 19:04

==================== End of FRST.txt ============================
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Adware is clearly slowing PC down.

Unread postby wannabeageek » February 3rd, 2016, 6:43 pm

Addition.txt log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Oskari (2016-01-28 13:54:55)
Running from C:\Users\Oskari\Downloads
Windows 10 Home (X64) (2015-12-06 16:26:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3973165617-3313924940-2255048865-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3973165617-3313924940-2255048865-503 - Limited - Disabled)
Guest (S-1-5-21-3973165617-3313924940-2255048865-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3973165617-3313924940-2255048865-1003 - Limited - Enabled)
Oskari (S-1-5-21-3973165617-3313924940-2255048865-1001 - Administrator - Enabled) => C:\Users\Oskari

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Anti-Virus (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2001 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3023 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8111 - Acer Incorporated)
Acer UEIP App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 2.00.3002 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 2.00.3002 - Acer Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.13.2000.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bejeweled 3 (HKLM-x32\...\Steam App 78000) (Version: - PopCap Games, Inc.)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dragon Age: Origins (HKLM-x32\...\Steam App 17450) (Version: - BioWare)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version: - Telltale Games)
GameLooper (HKLM-x32\...\Steam App 435060) (Version: - GameLooper)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.82 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
Hotkey Utility (HKLM-x32\...\{A6DC88AD-501A-44BC-884D-57435F972E2C}) (Version: 3.00.8104 - Acer Incorporated)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Anti-Virus (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Life Is Strange™ (HKLM-x32\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Logitech Gaming Software 8.70 (HKLM\...\Logitech Gaming Software) (Version: 8.70.315 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version: - Konami Digital Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2056 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version: - Monolith Productions, Inc.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.4 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.9.1.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.9.1.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1019 - Microsoft Corporation) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.833.833.121614 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30166 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0247 - REALTEK Semiconductor Corp.)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
SHIELD Streaming (Version: 4.1.0260 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.9.1.22 - NVIDIA Corporation) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{AF2E323C-1E8A-4CE6-BE9E-B29296BF7FAE}) (Version: 1.00.03 - Creative Technology Limited)
Splinter Cell Blacklist (HKLM-x32\...\Uplay Install 91) (Version: - Ubisoft)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tales from the Borderlands (HKLM-x32\...\Steam App 330830) (Version: - Telltale Games)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.11.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.0.10.0 - GOG.com)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version: - CD PROJEKT RED)
Tom Clancy's The Division Beta (HKLM-x32\...\Uplay Install 2036) (Version: - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 7.3 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3973165617-3313924940-2255048865-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Oskari\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05035996-EBF1-43C1-8C8E-26E2DB4685E9} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {12AC85AE-9F3E-44ED-B58F-FDB28778F56E} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2014-08-30] ()
Task: {1B241FD9-1BE3-44A4-AC65-3B8DBDDEC73D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {1B4D6162-61E8-433C-9424-87EA90886CB6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2853F079-D75F-448E-AB59-FF34C71F6061} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {43062899-F0FC-4D36-9DFF-84CF93796A7A} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-10-16] (Acer Incorporated)
Task: {4A13A029-B2F7-400E-81BD-77194E282982} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-11-19] (Acer)
Task: {4AD6DED2-AD02-497F-8035-191150E2BE9F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5259E257-E3F5-49D6-AF3C-5509E2091928} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2014-08-30] ()
Task: {60D1879A-7798-46A7-9500-1AA535B9F55E} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2015-11-17] (Acer Incorporated)
Task: {6621404D-9579-4DC8-896F-0E607E8C339D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {77C4CB0C-7D38-4944-A1EE-6B75DCDA6784} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [2014-03-04] (Acer Incorporated)
Task: {8C67B1A6-1211-4B3D-B536-B76DAC6E9762} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2014-06-09] (Acer Incorporated)
Task: {9FEA4432-9C61-41AA-8CF9-DFECC91F3411} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-02-04] (Acer Incorporated)
Task: {A484FBFC-4DAE-42C2-A4C6-86DCFCCBE718} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {A5F906A5-237C-4113-9F05-520982506222} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CDC72EB2-3854-4E7B-A07B-F27B2F8E68E3} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {D3F3030D-D69B-4495-A5AF-6B07B9C3B780} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D422600E-3D57-4F92-9D9C-BD5FA069741C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-08] (Google Inc.)
Task: {E5C4F3F9-B480-4A32-9401-E42431F1A662} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-02-04] (Acer Incorporated)
Task: {F55573B5-2452-46C5-AEA8-1DC98E993AD6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-16] (Microsoft Corporation)
Task: {F90A295B-03B6-4F58-A70D-E4867AC01004} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-01-07] (Microsoft Corporation)
Task: {F91E0B22-DDF4-413D-9554-10D172775ABB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-01-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-12-04 10:06 - 2016-01-07 06:13 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-12-22 04:49 - 2016-01-12 06:43 - 00291264 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-07 04:16 - 2015-12-07 04:16 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-07 04:16 - 2015-12-07 04:16 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-15 23:15 - 2016-01-07 16:14 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-07-10 21:28 - 2012-11-01 20:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-07-02 02:28 - 2015-07-02 02:28 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-07-02 02:28 - 2015-07-02 02:28 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2016-01-22 19:40 - 2016-01-22 19:41 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-06 18:19 - 2016-01-23 03:01 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-20 20:48 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-20 20:48 - 2015-12-07 06:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 00:36 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 00:36 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-13 00:36 - 2016-01-05 03:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-13 00:36 - 2016-01-05 03:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 16.0.0\kpcengine.2.3.dll
2015-07-10 21:20 - 2013-09-16 06:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-12-02 20:12 - 2015-11-17 05:12 - 00063192 _____ () C:\Program Files (x86)\Acer\AOP Framework\acer\inteldll.dll
2015-11-09 22:48 - 2016-01-12 06:43 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-19 14:39 - 2015-11-19 14:39 - 00194048 _____ () C:\Program Files (x86)\Acer\Acer Portal\curllib.dll
2015-11-19 14:39 - 2015-11-19 14:39 - 00110592 _____ () C:\Program Files (x86)\Acer\Acer Portal\OpenLDAP.dll
2015-12-06 18:21 - 2015-12-06 18:21 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2015-11-17 11:11 - 2015-11-17 11:11 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2015-11-17 11:10 - 2015-11-17 11:10 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2016-01-22 19:40 - 2016-01-22 19:41 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 19:40 - 2016-01-22 19:41 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-11 00:54 - 2015-11-10 21:55 - 00778752 _____ () E:\Steam\SDL2.dll
2015-08-06 13:32 - 2015-07-03 18:12 - 04962816 _____ () E:\Steam\v8.dll
2015-12-15 14:33 - 2015-12-14 22:01 - 02547280 _____ () E:\Steam\video.dll
2015-10-08 17:48 - 2015-09-24 02:33 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2015-10-08 17:48 - 2015-09-24 02:33 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-10-08 17:48 - 2015-09-24 02:33 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-10-08 17:48 - 2015-09-24 02:33 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-10-08 17:48 - 2015-09-24 02:33 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-08-06 13:32 - 2015-07-03 18:12 - 01556992 _____ () E:\Steam\icui18n.dll
2015-08-06 13:32 - 2015-07-03 18:12 - 01187840 _____ () E:\Steam\icuuc.dll
2015-12-15 14:33 - 2015-12-14 22:01 - 00804432 _____ () E:\Steam\bin\chromehtml.DLL
2015-11-05 23:08 - 2015-11-04 00:00 - 00201728 _____ () E:\Steam\bin\openvr_api.dll
2015-12-11 00:54 - 2015-11-17 02:31 - 47846176 _____ () E:\Steam\bin\libcef.dll
2015-10-08 17:48 - 2015-09-25 01:56 - 00119208 _____ () E:\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Oskari\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 172.20.10.1 - 46.17.97.90
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\StartupApproved\Run: => "Octoshape Streaming Services"
HKU\S-1-5-21-3973165617-3313924940-2255048865-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{584C4165-80B6-4301-8290-07D961F7FA9E}] => (Allow) C:\Steam Games\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{81461315-0A3D-4740-AB6E-585CA08217AF}] => (Allow) C:\Steam Games\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{75B3F450-23F6-45D9-B6F3-436AEB844312}] => (Allow) LPort=1900
FirewallRules: [{61381A56-5B84-4113-9CD2-41AFAE111496}] => (Allow) LPort=2869
FirewallRules: [{A7E676AF-F575-4426-AD11-E50816A65D1A}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [UDP Query User{C970D450-75A3-4814-97A4-48F2F7CFDF34}C:\users\oskari\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Block) C:\users\oskari\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [TCP Query User{A1540679-1DB6-4A8E-8D02-C47B4E3FC1A4}C:\users\oskari\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Block) C:\users\oskari\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [UDP Query User{9D8F8795-3281-4DB2-B9BE-81969A737C60}C:\steam games\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\steam games\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [TCP Query User{6FC7CD4B-B8E0-4545-A66A-A07BBF0CE997}C:\steam games\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\steam games\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{DDA16AFA-A6D1-48D7-B34B-EF83E1208F99}] => (Allow) C:\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{A840DABE-3FB0-41AB-ADE2-707C25CA69CD}] => (Allow) C:\Steam Games\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{F928DCA6-EAF7-4528-982A-202C868D8A35}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{95934D1F-F9B7-4350-8F71-73F3CE7FD70F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF22D92C-4D40-48CF-8FE7-FB98E76D5FC6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{571306D8-FE7C-442D-A55A-2966E7887D74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{06070761-E4B9-48E6-B435-A01285A03424}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{C14BFAA0-BEAC-4012-8D2A-8339BBB78EF8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FBA16F85-A465-41EA-A543-BF6A0D0267D4}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{222D3484-F4E1-405D-AAA8-9E3AB4D6D0CF}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{E0310869-CEF9-46B7-8D60-163677C63F8E}] => (Allow) E:\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{91ACE069-D817-4CCC-BB0F-26843ABB5F83}] => (Allow) E:\iTunes.exe
FirewallRules: [{5604B963-9D52-4476-91ED-19639870C447}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57EB29DC-20B0-4365-94DA-070314A07889}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4E8E6680-8768-4C90-87AF-8B5335F911FF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{03919596-DD83-4474-97AF-A6C0FD8B6CB7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{E098CBEC-4B6C-44AA-BDBB-2E92E270A716}C:\users\oskari\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\oskari\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [TCP Query User{3B43DD7F-8CB5-43C7-92E5-DC2C571E265F}C:\users\oskari\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\oskari\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{BBC0C7B3-9FA8-47FE-A77D-BADF082492A0}C:\users\oskari\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\oskari\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{99D48AB1-A3D1-46FB-9E71-8CA9228B7D9C}C:\users\oskari\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\oskari\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B1B15F65-F450-4390-9518-21A09ED45FAB}] => (Allow) E:\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{F19F3088-52F2-45C0-8026-156ED5B1B3CC}] => (Allow) E:\Steam\steamapps\common\Game of Thrones\Thrones.exe
FirewallRules: [{D8EF4637-3465-4505-8408-7FA530399C48}] => (Allow) E:\Combat Arms EU\NMService.exe
FirewallRules: [{6DE9279E-274D-4DA0-AD9A-51251D585862}] => (Allow) E:\Combat Arms EU\NMService.exe
FirewallRules: [{6AECECD5-35C9-42B4-A94E-DFC33BBD5064}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [{31390FD8-3B8D-4E6F-A358-383277ADAC42}] => (Allow) C:\ProgramData\NexonEU\NGM\NGM.exe
FirewallRules: [UDP Query User{184C48B5-3C4D-4309-B562-B0B238EE23F5}C:\users\oskari\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\oskari\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{1EEC9226-10B8-4A7E-830A-A3B99D317E7C}C:\users\oskari\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\oskari\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{329CB802-4E08-4223-9288-613E91E5664B}C:\users\oskari\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\oskari\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{6B01AC5B-E7FE-4160-8140-B51A30ABE350}C:\users\oskari\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\oskari\appdata\roaming\spotify\spotify.exe
FirewallRules: [{229133F5-83EC-45ED-A39D-38228B72F96D}] => (Allow) E:\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{79AC0D9D-AB54-4CFB-BD2C-43805A04F9B6}] => (Allow) E:\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{3C522757-6CE5-4381-8928-3DC8288C6ED2}] => (Allow) E:\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{DC9E6282-0EAD-4731-A1F5-80BC23868656}] => (Allow) E:\Ubisoft Game Launcher\games\Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{E88D5571-81FC-4A63-8F8D-A60E315107CD}] => (Allow) E:\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{5B42223D-80D2-4432-B509-6E396313EA9D}] => (Allow) E:\Steam\steamapps\common\EvolveGame\Bin64_SteamRetail\Evolve.exe
FirewallRules: [{AF314349-C3D0-4938-B45F-0364E61DAE25}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{23D2A227-C7BE-41C8-A623-E8F5B9FA6A05}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E77999D3-852F-48DE-A5BD-0ED26D57DB7C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{379ABCA9-431E-4543-86C2-CDC54767B887}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{023ADFD0-C2A2-45C1-A269-CAD4B9CC33E9}] => (Allow) C:\Steam Games\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{A849B240-0598-4445-AE87-E8E645F20E50}] => (Allow) C:\Steam Games\steamapps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{C09A93D5-DA83-4D70-9D16-B74683100B3A}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{B33EFE48-46CC-4C99-ACEB-FF4B2CBE3E31}] => (Allow) E:\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [UDP Query User{FD45D66E-F15A-486A-B6A0-90A5ADF84231}E:\popcorn time\nw.exe] => (Allow) E:\popcorn time\nw.exe
FirewallRules: [TCP Query User{3CC153D7-0884-4185-9CC3-5E06C4F7871C}E:\popcorn time\nw.exe] => (Allow) E:\popcorn time\nw.exe
FirewallRules: [{A7388443-DFD6-4705-BEFC-4C26657D9999}] => (Allow) C:\Users\Oskari\AppData\Local\Temp\nsv8C2F.tmp\Installer-10067444.exe
FirewallRules: [{E9E9479F-4150-4946-A7E8-EE6634B0384B}] => (Allow) C:\Users\Oskari\AppData\Local\Temp\nsv8C2F.tmp\Installer-10067444.exe
FirewallRules: [{0A617A0F-71D5-4A14-9EC6-1387BCB1C6F0}] => (Allow) E:\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{980B2DAA-8B5F-48D1-99BB-C52476EC2470}] => (Allow) E:\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe
FirewallRules: [{1C7AD324-1A70-4CF0-B699-B9E51406EFE8}] => (Allow) E:\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{0AC89760-BBDE-4DC1-BE1B-ACBEC16E6A68}] => (Allow) E:\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe
FirewallRules: [{5E8C7243-A1E5-4E86-8163-65149448F65B}] => (Allow) E:\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{1D434444-318F-4B19-9D23-99474E7AD520}] => (Allow) E:\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe
FirewallRules: [{33815EAE-8F80-41A7-BCB6-31BB56D25754}] => (Allow) E:\Steam\steamapps\common\Dragon Age Origins\DAOriginsLauncher.exe
FirewallRules: [{779FCDB1-B75D-406A-A7F7-8A2E3B6C8F06}] => (Allow) E:\Steam\steamapps\common\Dragon Age Origins\DAOriginsLauncher.exe
FirewallRules: [{DDC739AC-9087-484D-ABE9-906CB88D1A35}] => (Allow) E:\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAOrigins.exe
FirewallRules: [{50879FEC-3289-4636-939D-F777B5D0E81A}] => (Allow) E:\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAOrigins.exe
FirewallRules: [{8729C9B8-4E7A-4B6F-BEEA-CCA409B30F42}] => (Allow) E:\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F863E5A3-5332-4D8B-897D-C5F5BCC46288}] => (Allow) E:\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{6DA79766-774A-4AD0-8733-3D3BBFE14801}] => (Allow) E:\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{6D3E5450-3A6B-4155-81A6-027443D0444C}] => (Allow) E:\Steam\steamapps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [UDP Query User{31237F1C-AFD3-4DAE-AC7A-78E96DA0D1A5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{AE4A001A-9243-4DC0-94AE-14DCD7EC6610}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{F7777C37-A508-4EF0-BFD9-BB6DAD496CA1}] => (Allow) E:\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{CA8B6D70-B416-4AEC-BDB6-DD67F6F7377B}] => (Allow) E:\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{FD261548-89D2-476F-A82E-1B3F196849DB}] => (Allow) E:\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{C6CCE0DA-B217-4CAB-AA76-3F087AB2A697}] => (Allow) E:\Steam\steamapps\common\Besiege\Besiege.exe
FirewallRules: [{7843FFD9-D68E-4403-A776-3272F79B8733}] => (Allow) C:\Steam Games\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{CBFBF5CC-2CBF-435C-B153-2103B6740E83}] => (Allow) C:\Steam Games\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{D3D404CD-1E12-4CE7-900C-27B13AFAF617}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3E56C79A-328D-436D-97BB-9A21DD56E2C7}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3EF4EC21-D49F-4A5D-B9A1-285028EE88DC}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{1842A782-846F-4B00-A278-4C36A51E6263}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{1AFD281C-52EE-470F-A9A2-640CA0CC8964}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{09E270E4-6007-4E4D-8D36-5B2AF89A8AF6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{214D2C72-6CDE-477B-9623-14FE58C9F23B}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{93DBF38E-32BE-41BA-93BD-F065A93B8709}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{5E196A19-3F27-4C0E-85D9-9EA61E4E1A48}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{796C850E-6111-41C6-AB9B-B33B58857D80}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{710BC90A-A2C9-436C-BD60-B36F7D425BD0}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{37D8B864-D184-4CB3-8CB1-2BA078F1C567}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{524BDFB7-4114-44F2-8154-D6D31868D3E7}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{ADEA2510-E52E-49DC-9ADE-C3CA85B76069}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{357CF5E7-95B4-4BDE-8F59-895400FF3C0D}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EE7DDCBB-6B36-4F7E-8E64-9805D8E091E3}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{F628FB5F-62FA-4F2C-968E-D3B01A784966}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{7FAD8A3D-E3C2-4E88-A076-62728ED26C50}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{36EEEBC1-3ECD-4D51-B03E-8F7EDFFA9687}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{861AF890-3FDF-4891-B268-97A6C77F6308}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{BE3DE2B5-8C43-4C46-9E96-26342B3EE55A}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{57605256-3BCF-40FE-8490-ACF61479DD31}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{6129E863-8895-405B-B174-793E3441E5C1}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{7CD72A88-3CB3-4195-B711-611E762EB05E}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{638BA445-DE34-4B3B-88E3-A6877253894C}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{68244E83-7F88-406D-83FD-C5FD1A60C8F6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{04AC8437-A3C5-4D8A-B59E-F692498E51E6}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{EE4AD413-2242-4A85-8065-6D913CE79BED}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{24DD0E2B-F2D0-4C81-ABF0-12B73AE0234B}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{C53A300F-C79A-4A8A-AB8E-363745B079BB}] => (Allow) C:\Program Files (x86)\Acer\abMedia\DMCDaemon.exe
FirewallRules: [{0BBC23FD-E60B-46A2-BEB0-64E522B72514}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{8B0E6176-E61B-4399-BC08-5B26F7790825}] => (Allow) C:\Program Files (x86)\Acer\abMedia\WindowsUpnpMV.exe
FirewallRules: [{6792D85A-B194-454B-B9F1-3E24ABFDA6A1}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{F1FB7943-20CA-45B6-92AB-AA4DBC0DEEA1}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{55B649CE-AA88-4326-A18C-0C1E1E64C4D0}] => (Allow) C:\Users\Oskari\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{ED6ACA36-9483-40D6-ACB2-C203A2F420B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{FCE4B051-0082-45ED-A526-1BE53645CE7D}] => (Allow) C:\Steam Games\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{C49353C3-D222-4E63-8220-92C044C5BDC1}] => (Allow) C:\Steam Games\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [TCP Query User{C72F95DD-4F81-4DB8-A7B7-CD91DE1546A3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{CCA35463-A489-44DF-AD7C-E47086B4AB1E}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{C8BAEC6C-64CE-497E-9E8D-0A85C7FBE851}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D749AB92-3E13-43C3-82FB-61F9B6A492BC}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{7666B35A-B3BC-49F0-9699-026E01572479}] => (Allow) E:\Steam\steamapps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{40D80B9A-3426-4F18-8EEA-5C8F963FC5C3}] => (Allow) E:\Steam\steamapps\common\Tales from the Borderlands\Borderlands.exe
FirewallRules: [{BCE166EA-9B49-41A6-88F9-832C770B36C4}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{001656AC-923F-4197-857A-09E9CE2F0594}] => (Allow) E:\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{C84E7B5F-36E6-4960-BC9A-80BD54FAF26D}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{0B4C111F-D698-4CB1-A455-D6135502C10D}] => (Allow) E:\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{EFB14A9D-D09A-4215-B973-1B1F4B0A7CDF}] => (Allow) E:\Steam\steamapps\common\GameLooper\GameLooper.exe
FirewallRules: [{5FAEA6B4-5654-4963-90E7-94B14011004F}] => (Allow) E:\Steam\steamapps\common\GameLooper\GameLooper.exe
FirewallRules: [{86EC4728-D199-4FA9-9C76-F5F50F88E021}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2016 01:24:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: OSKU)
Description: Package Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (01/28/2016 01:11:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: OSKU)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (01/28/2016 01:01:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: edgehtml.dll, version: 11.0.10586.63, time stamp: 0x568b2368
Exception code: 0xc0000005
Fault offset: 0x0000000000323cf2
Faulting process id: 0x10b4
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5

Error: (01/28/2016 12:41:29 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (01/28/2016 12:37:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OSKU)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/26/2016 10:08:44 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (01/26/2016 09:44:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OSKU)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/26/2016 09:44:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OSKU)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/26/2016 05:37:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.63, time stamp: 0x568b202a
Faulting module name: eModel.dll, version: 11.0.10586.63, time stamp: 0x568b1c63
Exception code: 0xc0000005
Fault offset: 0x000000000020334d
Faulting process id: 0x18f0
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5

Error: (01/25/2016 10:08:43 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220


System errors:
=============
Error: (01/28/2016 12:42:34 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SAMSUNG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0955FD0A-F9FC-4A70-8A3B-B80CBFEF6802}.
The master browser is stopping or an election is being forced.

Error: (01/27/2016 01:12:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_14005fc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/27/2016 01:12:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_14005fc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/27/2016 01:12:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_14005fc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/27/2016 01:12:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_14005fc service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/27/2016 01:12:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/26/2016 09:51:18 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SAMSUNG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0955FD0A-F9FC-4A70-8A3B-B80CBFEF6802}.
The master browser is stopping or an election is being forced.

Error: (01/26/2016 07:36:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/26/2016 06:33:08 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (01/26/2016 10:59:26 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SAMSUNG-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0955FD0A-F9FC-4A70-8A3B-B80CBFEF6802}.
The master browser is stopping or an election is being forced.


CodeIntegrity:
===================================
Date: 2016-01-25 20:36:07.264
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-25 02:22:42.120
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-25 02:22:42.110
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-25 02:08:39.815
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-25 02:08:39.808
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-25 02:08:39.801
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-25 02:08:39.790
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-25 02:08:39.783
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-25 02:08:39.775
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-01-25 02:08:39.765
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 8111.61 MB
Available physical RAM: 4793.42 MB
Total Virtual: 9391.61 MB
Available Virtual: 5287.16 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:117.99 GB) (Free:22.99 GB) NTFS
Drive e: (DATA) (Fixed) (Total:914.51 GB) (Free:539.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: D55670F9)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: D5567092)

Partition: GPT.

==================== End of Addition.txt ============================
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Adware is clearly slowing PC down.

Unread postby wannabeageek » February 3rd, 2016, 6:51 pm

Hi Johannes247 ,

Since we are looking for that "needle in a haystack" run the following:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Right mouse click SystemLook.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  • Copy and paste the content of the following codebox into the main textfield;
  • To make this easy, click the "select all" button then hover over the highlighted text and right mouse click to select copy.
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *borgata*
    *Cheat*
    *Conduit*
    *Coupons*
    *deluge*
    *Enigma*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *Hoyle*
    *iLivid*
    *MyPC*
    *Iminent*
    *Poker*
    *Realms*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Somoto*
    *Sweet*
    *Tarma*
    *Torre*
    *trolltech*
    *systweak*
    *vshare*
    *whitesmoke*
    *YahooPartnerToolbar*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *borgata*
    *Cheat*
    *Conduit*
    *Coupons*
    *deluge*
    *Enigma*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *Hoyle*
    *iLivid*
    *MyPC*
    *Iminent*
    *Poker*
    *Realms*
    *Searchqu*
    *Searchnu*
    *Slick*
    *smartbar*
    *Somoto*
    *Sweet*
    *Tarma*
    *Torre*
    *trolltech*
    *systweak*
    *vshare*
    *whitesmoke*
    *YahooPartnerToolbar*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    borgata
    Cheat
    Conduit
    Coupons
    deluge
    Enigma
    searchab
    Fun4IM
    Funmoods
    Hoyle
    iLivid
    MyPC
    Iminent
    Poker
    Realms
    Searchqu
    Searchnu
    Slick
    smartbar
    Somoto
    Sweetpack
    Tarma
    Torre
    trolltech
    systweak
    vshare
    whitesmoke
    YahooPartnerToolbar
    Yontoo
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Adware is clearly slowing PC down.

Unread postby Johannes247 » February 4th, 2016, 6:14 am

SystemLook 30.07.11 by jpshortstuff
Log created at 11:56 on 04/02/2016 by Oskari
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppBackgroundTask\Microsoft.Windows.AppBackgroundTask.Commands.dll --a---- 8704 bytes [07:17 30/10/2015] [07:17 30/10/2015] 9A274584B65FC23ACAD33F6D6385FB6B
C:\Windows\WinSxS\amd64_microsoft-windows-b..nager-wmiv2provider_31bf3856ad364e35_10.0.10586.0_none_019d558b8fbfae83\Microsoft.Windows.AppBackgroundTask.Commands.dll --a---- 8704 bytes [07:17 30/10/2015] [07:17 30/10/2015] 9A274584B65FC23ACAD33F6D6385FB6B

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
No files found.

Searching for "*borgata*"
No files found.

Searching for "*Cheat*"
C:\Steam Games\steamapps\common\GarrysMod\sourceengine\scripts\cheatcodes.txt --a---- 2877 bytes [19:16 29/11/2015] [19:16 29/11/2015] 368EB7EC7E8FD46A2F937F122D8ABB3D
C:\Windows\System32\drivers\EasyAntiCheat.sys --a---- 229624 bytes [15:20 21/08/2015] [21:58 17/09/2015] 2D4BDE66ADB8B178A9FDD1651D43C458
C:\Windows\SysWOW64\EasyAntiCheat.exe --a---- 238376 bytes [15:20 21/08/2015] [15:06 21/08/2015] 510BA039CB5FB5A8D05DF5C465B396C4

Searching for "*Conduit*"
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01UtilRed_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] EE2B5F29FB9D7B744FA0ECC155C4F062
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01UtilRed_Damage_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] E2034D81C7B8BAECA99ECEE5BFFB78E5
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01UtilYellow_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] D5F9079A636FBCF7801AEB15FDD88E79
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01UtilYellow_Damage_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] D5376BDA211A6C5CD1FDD058B0493818
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] 95A37A44FFE0C8DFF071F291CA3100AC
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01_Damage_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] 309F53A147FF5879298E2AA8A27D33EA
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01_Damage_n.DDS --a---- 349680 bytes [21:12 28/11/2015] [21:12 28/11/2015] 5B94093C756FCDA43E9E0FB9FCD69AD2
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01_Damage_s.DDS --a---- 349680 bytes [21:12 28/11/2015] [21:12 28/11/2015] BE099C2AB875B7AFF7842672D0379365
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01_n.DDS --a---- 349680 bytes [21:12 28/11/2015] [21:12 28/11/2015] 5B94093C756FCDA43E9E0FB9FCD69AD2
C:\Games\Nexus Mod Manager\Fallout4\Mods\VirtualInstall\615616231561-978-0-12--1of4\textures\interiors\Vault\VltConduitsVents01_s.DDS --a---- 349680 bytes [21:12 28/11/2015] [21:12 28/11/2015] 09515570920B7DE624738502118A28D2
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1339696 bytes [13:54 04/08/2015] [13:54 04/08/2015] 0A6F0EFC5B7C1861BF5E0E8F014E81ED
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01UtilRed_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] EE2B5F29FB9D7B744FA0ECC155C4F062
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01UtilRed_Damage_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] E2034D81C7B8BAECA99ECEE5BFFB78E5
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01UtilYellow_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] D5F9079A636FBCF7801AEB15FDD88E79
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01UtilYellow_Damage_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] D5376BDA211A6C5CD1FDD058B0493818
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] 95A37A44FFE0C8DFF071F291CA3100AC
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01_Damage_d.DDS --a---- 1398256 bytes [21:12 28/11/2015] [21:12 28/11/2015] 309F53A147FF5879298E2AA8A27D33EA
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01_Damage_n.DDS --a---- 349680 bytes [21:12 28/11/2015] [21:12 28/11/2015] 5B94093C756FCDA43E9E0FB9FCD69AD2
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01_Damage_s.DDS --a---- 349680 bytes [21:12 28/11/2015] [21:12 28/11/2015] BE099C2AB875B7AFF7842672D0379365
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01_n.DDS --a---- 349680 bytes [21:12 28/11/2015] [21:12 28/11/2015] 5B94093C756FCDA43E9E0FB9FCD69AD2
C:\Steam Games\steamapps\common\Fallout 4\Data\Textures\interiors\Vault\VltConduitsVents01_s.DDS --a---- 349680 bytes [21:12 28/11/2015] [21:12 28/11/2015] 09515570920B7DE624738502118A28D2

Searching for "*Coupons*"
No files found.

Searching for "*deluge*"
No files found.

Searching for "*Enigma*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*Hoyle*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*MyPC*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Poker*"
C:\Users\Oskari\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Links\Governor of Poker 3 Free - Play online for free Youdagames.com.url --a---- 156 bytes [20:14 14/01/2016] [20:14 14/01/2016] A1E8E6F8D2528A007F7DCB4ABC83DC3F
C:\Users\Oskari\AppData\Local\Steam\Bejeweled3\cached\sounds\pokerchips.wav --a---- 80064 bytes [15:42 23/08/2015] [15:42 23/08/2015] 3C69D3AF1EA853B45E14DFB8116F952A
C:\Users\Oskari\AppData\Local\Steam\Bejeweled3\cached\sounds\pokerscore.wav --a---- 354032 bytes [15:42 23/08/2015] [15:42 23/08/2015] 6F5D36B716FE7E3379EC30678F4CC878
C:\Users\Oskari\AppData\Local\Steam\Bejeweled3\cached\sounds\poker_4ofakind.wav --a---- 1046760 bytes [15:42 23/08/2015] [15:42 23/08/2015] E719D7262CEDED2B6687347CDC6E01D5
C:\Users\Oskari\AppData\Local\Steam\Bejeweled3\cached\sounds\poker_flush.wav --a---- 961937 bytes [15:42 23/08/2015] [15:42 23/08/2015] FCA7526B6E54AEA9967C85A03BECB646
C:\Users\Oskari\AppData\Local\Steam\Bejeweled3\cached\sounds\poker_fullhouse.wav --a---- 662309 bytes [15:42 23/08/2015] [15:42 23/08/2015] 378A8BEEEA07519EB5928684091494F6

Searching for "*Realms*"
No files found.

Searching for "*Searchqu*"
C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe\AppCode\Data\SearchQueryData.js --a---- 10437 bytes [08:28 21/11/2014] [08:28 21/11/2014] BBA5ED5725258BF785903CE78B931802

Searching for "*Searchnu*"
No files found.

Searching for "*Slick*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Somoto*"
No files found.

Searching for "*Sweet*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*Torre*"
C:\Program Files\WindowsApps\Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt\Converters\ConvertorResources.xbf --a---- 4395 bytes [12:07 20/09/2015] [12:08 20/09/2015] D0A6AFE0B1D3A3E3F56748723D395360
C:\Program Files (x86)\Microsoft Office\root\Office16\1033\SOCIALCONNECTORRES.DLL --a---- 250696 bytes [11:45 30/01/2016] [22:04 17/01/2016] 0DFF574EA23254AE73556962BB6BB943
C:\Program Files (x86)\Windows Live\Installer\LangSelectorRes.dll --a---- 412352 bytes [19:35 31/03/2014] [19:35 31/03/2014] 0B92E34CBE0F5A2FD1D4623AC1ADC70C
C:\Windows\System32\ieetwcollectorres.dll --a---- 5120 bytes [07:18 30/10/2015] [07:18 30/10/2015] 4F422091C42AD3A18F27A6DB63A5B1AA
C:\Windows\System32\en-US\ieetwcollectorres.dll.mui --a---- 4096 bytes [09:02 30/10/2015] [09:02 30/10/2015] 598BC5A7D849ED0CCA67FCB6C2B6B275
C:\Windows\WinSxS\amd64_microsoft-windows-i..collector.resources_31bf3856ad364e35_11.0.10586.0_en-us_bacb9203bd2e0325\ieetwcollectorres.dll.mui --a---- 4096 bytes [09:02 30/10/2015] [09:02 30/10/2015] 598BC5A7D849ED0CCA67FCB6C2B6B275
C:\Windows\WinSxS\amd64_microsoft-windows-ie-ieetwcollector_31bf3856ad364e35_11.0.10586.0_none_838daa0917f7d8e0\ieetwcollectorres.dll --a---- 5120 bytes [07:18 30/10/2015] [07:18 30/10/2015] 4F422091C42AD3A18F27A6DB63A5B1AA

Searching for "*trolltech*"
No files found.

Searching for "*systweak*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*YahooPartnerToolbar*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*borgata*"
No folders found.

Searching for "*Cheat*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*Coupons*"
No folders found.

Searching for "*deluge*"
No folders found.

Searching for "*Enigma*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*Hoyle*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*MyPC*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Poker*"
C:\Users\Oskari\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8UP8HVKT\#AppContainer\d1k6j4zyghhevb.cloudfront.net\sw\clients\flash\unibet\unibetpoker.swf d------ [22:40 11/12/2015]

Searching for "*Realms*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Slick*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Somoto*"
No folders found.

Searching for "*Sweet*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*Torre*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*systweak*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*YahooPartnerToolbar*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Bandoo"
No data found.

Searching for "borgata"
No data found.

Searching for "Cheat"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\EasyAntiCheat]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EasyAntiCheat]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EasyAntiCheat]
"DisplayName"="EasyAntiCheat"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EasyAntiCheat]
"ImagePath"="C:\WINDOWS\system32\EasyAntiCheat.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EasyAntiCheat]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EasyAntiCheat]
"DisplayName"="EasyAntiCheat"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EasyAntiCheat]
"ImagePath"="C:\WINDOWS\system32\EasyAntiCheat.exe"

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"E1810453A043A7E44B90136643272B7F"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\E1810453A043A7E44B90136643272B7F]
"File"="iSyncConduit.dll"

Searching for "Coupons"
No data found.

Searching for "deluge"
No data found.

Searching for "Enigma"
No data found.

Searching for "searchab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2]
"XPath"="./SearchableContent/SettingIdentity/HostID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3]
"XPath"="./SearchableContent/SettingIdentity/SettingID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4]
"XPath"="./SearchableContent/SettingIdentity/PageID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5]
"XPath"="./SearchableContent/SettingIdentity/GroupID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6]
"XPath"="./SearchableContent/SettingIdentity/Condition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05]
"XPath"="./SearchableContent/ApplicationInformation/AppID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20]
"XPath"="./SearchableContent/ApplicationInformation/DeepLink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3]
"XPath"="./SearchableContent/ApplicationInformation/Icon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24]
"XPath"="./SearchableContent/SettingInformation/HighKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25]
"XPath"="./SearchableContent/SettingInformation/LowKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26]
"XPath"="./SearchableContent/SettingInformation/Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2]
"XPath"="./SearchableContent/SettingIdentity/HostID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3]
"XPath"="./SearchableContent/SettingIdentity/SettingID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4]
"XPath"="./SearchableContent/SettingIdentity/PageID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5]
"XPath"="./SearchableContent/SettingIdentity/GroupID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6]
"XPath"="./SearchableContent/SettingIdentity/Condition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05]
"XPath"="./SearchableContent/ApplicationInformation/AppID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20]
"XPath"="./SearchableContent/ApplicationInformation/DeepLink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3]
"XPath"="./SearchableContent/ApplicationInformation/Icon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24]
"XPath"="./SearchableContent/SettingInformation/HighKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25]
"XPath"="./SearchableContent/SettingInformation/LowKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26]
"XPath"="./SearchableContent/SettingInformation/Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2]
"XPath"="./SearchableContent/SettingIdentity/HostID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3]
"XPath"="./SearchableContent/SettingIdentity/SettingID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4]
"XPath"="./SearchableContent/SettingIdentity/PageID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5]
"XPath"="./SearchableContent/SettingIdentity/GroupID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6]
"XPath"="./SearchableContent/SettingIdentity/Condition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05]
"XPath"="./SearchableContent/ApplicationInformation/AppID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20]
"XPath"="./SearchableContent/ApplicationInformation/DeepLink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3]
"XPath"="./SearchableContent/ApplicationInformation/Icon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24]
"XPath"="./SearchableContent/SettingInformation/HighKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25]
"XPath"="./SearchableContent/SettingInformation/LowKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26]
"XPath"="./SearchableContent/SettingInformation/Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2]
"XPath"="./SearchableContent/SettingIdentity/HostID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3]
"XPath"="./SearchableContent/SettingIdentity/SettingID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4]
"XPath"="./SearchableContent/SettingIdentity/PageID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5]
"XPath"="./SearchableContent/SettingIdentity/GroupID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6]
"XPath"="./SearchableContent/SettingIdentity/Condition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05]
"XPath"="./SearchableContent/ApplicationInformation/AppID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20]
"XPath"="./SearchableContent/ApplicationInformation/DeepLink"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3]
"XPath"="./SearchableContent/ApplicationInformation/Icon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24]
"XPath"="./SearchableContent/SettingInformation/HighKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25]
"XPath"="./SearchableContent/SettingInformation/LowKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26]
"XPath"="./SearchableContent/SettingInformation/Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2]
"XPath"="./SearchableContent/SettingIdentity/HostID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3]
"XPath"="./SearchableContent/SettingIdentity/SettingID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4]
"XPath"="./SearchableContent/SettingIdentity/PageID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5]
"XPath"="./SearchableContent/SettingIdentity/GroupID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6]
"XPath"="./SearchableContent/SettingIdentity/Condition"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05]
"XPath"="./SearchableContent/ApplicationInformation/AppID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20]
"XPath"="./SearchableContent/ApplicationInformation/DeepLink"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3]
"XPath"="./SearchableContent/ApplicationInformation/Icon"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24]
"XPath"="./SearchableContent/SettingInformation/HighKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25]
"XPath"="./SearchableContent/SettingInformation/LowKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26]
"XPath"="./SearchableContent/SettingInformation/Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{02E7E69E-E80A-48E3-8B1D-6448C25B1710}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2]
"XPath"="./SearchableContent/SettingIdentity/HostID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3]
"XPath"="./SearchableContent/SettingIdentity/SettingID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4]
"XPath"="./SearchableContent/SettingIdentity/PageID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5]
"XPath"="./SearchableContent/SettingIdentity/GroupID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6]
"XPath"="./SearchableContent/SettingIdentity/Condition"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05]
"XPath"="./SearchableContent/ApplicationInformation/AppID"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20]
"XPath"="./SearchableContent/ApplicationInformation/DeepLink"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3]
"XPath"="./SearchableContent/ApplicationInformation/Icon"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10]
"XPath"="./SearchableContent/SettingInformation/Description"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2]
"XPath"="./SearchableContent/SettingInformation/Name"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24]
"XPath"="./SearchableContent/SettingInformation/HighKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25]
"XPath"="./SearchableContent/SettingInformation/LowKeywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26]
"XPath"="./SearchableContent/SettingInformation/Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\CLSID\{5A90DD8E-2A0C-45D1-873A-82B61604CEB2}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6]
"XPath"="./SearchableContent/SettingInformation/Description"

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "Hoyle"
No data found.

Searching for "iLivid"
No data found.

Searching for "MyPC"
No data found.

Searching for "Iminent"
No data found.

Searching for "Poker"
No data found.

Searching for "Realms"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
@="ISearchQueryHelperPriv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
@="ISearchQueryHelperPriv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{4bfdca75-9660-3ab4-bea9-da6579662b6a}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{1E041E06-E1C5-4B7B-ADD3-20E32D155C2E}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{a7544317-65bb-3802-9376-3d59fa0a45b3}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{d6519d77-1cdf-30a5-812e-d88fb4798a29}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
@="ISearchQueryHelperPriv"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
@="ISearchQueryCondition"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
@="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

Searching for "Searchnu"
No data found.

Searching for "Slick"
No data found.

Searching for "smartbar"
No data found.

Searching for "Somoto"
No data found.

Searching for "Sweetpack"
No data found.

Searching for "Tarma"
[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DeviceIds\SBP2\STARMATIX_INC.&STARMATIX-DISK_CHANGER&CMDSETID104D8]

Searching for "Torre"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B8E6B8E-7F56-11D7-B569-505054503030}]
@="ISecurityDescriptorReference"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{98F9A6F3-4D29-5351-8B12-751DC977A331}]
@="IAsyncOperationCompletedHandler<GattReadClientCharacteristicConfigurationDescriptorResult*>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6B8E6B8E-7F56-11D7-B569-505054503030}]
@="ISecurityDescriptorReference"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{98F9A6F3-4D29-5351-8B12-751DC977A331}]
@="IAsyncOperationCompletedHandler<GattReadClientCharacteristicConfigurationDescriptorResult*>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\613B99D5CFD7FCB4793B500086BB4113]
"{98D1A627-00E0-49A0-92B7-0F61A41FF461},1033\socialconnectorres.dll"="zn=BVO(8A$!!!!!MKKSkGimme_OnDemandData<OutlookSocialConnector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Classes\Installer\Components\726A1D890E000A94297BF0164AF14F16]
"1033\socialconnectorres.dll"="zn=BVO(8A$!!!!!MKKSkOutlookSocialConnectorIntl_1033<"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\ClickToRun\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CF24F5F6BF1533344B842B23972F5EE4]
"00006109A10090400000000000F01FEC"="C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\SOCIALCONNECTORRES.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\SubscriptionManager\AllowList]
"settingsynchost.exe"="@{c:\windows\system32\Bmr2SettingMonitorRes.pri?ms-resource://Bmr2SettingMonitorRes/Resources/3}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F5BCE814E4A40F15F9089031E84B1821]
"C18BC956E45B1FD46B813F757793A345"="C:\Program Files (x86)\Windows Live\Installer\LangSelectorRes.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{9e5f9046-43c6-4f62-ba13-7b19896253ff}]
"ResourceFileName"="%SystemRoot%\system32\ieetwcollectorres.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{9e5f9046-43c6-4f62-ba13-7b19896253ff}]
"MessageFileName"="%SystemRoot%\system32\ieetwcollectorres.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{6B8E6B8E-7F56-11D7-B569-505054503030}]
@="ISecurityDescriptorReference"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{98F9A6F3-4D29-5351-8B12-751DC977A331}]
@="IAsyncOperationCompletedHandler<GattReadClientCharacteristicConfigurationDescriptorResult*>"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IEEtwCollectorService]
"DisplayName"="@%SystemRoot%\system32\ieetwcollectorres.dll,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IEEtwCollectorService]
"Description"="@%SystemRoot%\system32\ieetwcollectorres.dll,-1001"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IEEtwCollectorService]
"DisplayName"="@%SystemRoot%\system32\ieetwcollectorres.dll,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IEEtwCollectorService]
"Description"="@%SystemRoot%\system32\ieetwcollectorres.dll,-1001"

Searching for "trolltech"
No data found.

Searching for "systweak"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "YahooPartnerToolbar"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-
Johannes247
Active Member
 
Posts: 11
Joined: January 28th, 2016, 7:30 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware