Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2017
Ran by tobi (06-05-2017 19:26:14)
Running from C:\Users\tobi\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2016-08-18 11:27:54)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3211118102-3945958172-1215576064-500 - Administrator - Disabled)
Guest (S-1-5-21-3211118102-3945958172-1215576064-501 - Limited - Disabled)
tobi (S-1-5-21-3211118102-3945958172-1215576064-1000 - Administrator - Enabled) => C:\Users\tobi
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Ansel (Version: 372.54 - NVIDIA Corporation) Hidden
Cossacks: Back to War (HKLM\...\Steam App 4850) (Version: - GSC Game World)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7967.2139 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\OneDriveSetup.exe) (Version: 17.3.6390.0509 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.0.6312 - Mozilla)
NVIDIA Graphics Driver 372.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.54 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.822 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Skype™ 7.29 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.29.102 - Skype Technologies S.A.)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3211118102-3945958172-1215576064-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\tobi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1C44F8D1-D6DA-4543-8FEC-3D4C37FD66BB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {469EE6D7-79D1-4021-91F7-A64F1EE6F5AC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-04-19] (Microsoft Corporation)
Task: {54B5531F-378E-4AFC-8011-C14101DAE9D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-06] (Google Inc.)
Task: {611A01F5-6038-426A-A3AD-6BAB6957495E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-04-28] (Microsoft Corporation)
Task: {77949F2C-C570-496D-BA57-8D6B9BB142A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-06] (Google Inc.)
Task: {C75F412F-CAB4-4D1D-A318-37A840970A69} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe
Task: {DFEEBE67-B18E-40AB-B735-715495A536C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {FEEE487A-6FF2-47D4-9917-A826EB623622} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-04-28] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-08-18 14:01 - 2016-08-11 13:49 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-20 02:10 - 2016-07-20 02:11 - 00187824 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-03-11 19:24 - 2017-03-11 19:24 - 00959168 _____ () C:\Users\tobi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2017-03-11 18:49 - 2017-04-28 10:09 - 08931008 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-08-08 05:37 - 2016-08-08 05:37 - 00298448 _____ () C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
2017-05-06 15:52 - 2017-05-02 03:03 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libglesv2.dll
2017-05-06 15:52 - 2017-05-02 03:03 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\libegl.dll
2016-08-29 10:09 - 2016-08-29 10:09 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-09-24 23:39 - 2016-06-27 23:57 - 50663704 _____ () C:\Users\tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libcef.dll
2016-09-24 23:39 - 2016-06-27 23:58 - 01881880 _____ () C:\Users\tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libglesv2.dll
2016-09-24 23:39 - 2016-06-27 23:58 - 00082200 _____ () C:\Users\tobi\AppData\Local\razer\InGameEngine\cache\RzStats.Manager\cef\libegl.dll
2016-08-18 16:24 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\tobi:Heroes & Generals [38]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{FDECEE75-A69E-4B87-BA5E-F0F3F2288B86}] => (Allow) D:\ghS\SteaM\Steam.exe
FirewallRules: [{AA069F18-F06A-4BBC-B4FC-602F04F46B6F}] => (Allow) D:\ghS\SteaM\Steam.exe
FirewallRules: [{09B67137-A4E0-47EF-9116-98D787100227}] => (Allow) D:\ghS\SteaM\bin\steamwebhelper.exe
FirewallRules: [{CC7A4FEF-85F1-484A-B7E5-1016EF449C90}] => (Allow) D:\ghS\SteaM\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{8D1601FE-2355-460C-A7B0-0483E2131B17}D:\ghs\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\ghs\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [UDP Query User{E31CD5BB-1E85-4DEC-A027-F85C3E20DACB}D:\ghs\steam\steamapps\common\counter-strike global offensive\csgo.exe] => (Allow) D:\ghs\steam\steamapps\common\counter-strike global offensive\csgo.exe
FirewallRules: [{AAB91FEF-0335-46EB-955A-24416FD08FFE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{434BE1F9-1B44-4F5C-937C-B9FE2121A3A5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EB1277A2-A5DB-4F0F-BC5A-FE8EECC10BEC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0AA41DF0-0C37-4ABF-90E0-95E4EDBB1F2E}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4248AF8F-70DD-452D-A5E8-A6D263A569C9}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{DBC73DCF-806D-4E0B-A335-ACA254C516AF}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{0F3F4AA6-88D7-4BD0-9624-5280837E6D87}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{5EA2C313-0872-4158-A7D2-84373B499C4C}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{6FBB41D9-05E3-41BB-8B51-8E9F78EB32E6}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{D45DE01D-8004-4397-AA43-C8C4238474FB}] => (Allow) D:\ghS\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{32629CFC-08C5-43BD-9561-FD41FA220F72}] => (Allow) D:\ghS\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C6995804-6F06-4D14-A7D7-90A7474FA3B8}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\csbtw.exe
FirewallRules: [{00DD3ABE-5868-40CD-BF8E-C5B89050D33B}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\csbtw.exe
FirewallRules: [{3D9DC22E-E862-4B34-A846-DCE33AFD70B2}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\HView.exe
FirewallRules: [{C2A75468-FF47-41AD-AA87-F9466AA26AC1}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\HView.exe
FirewallRules: [{83364127-8CB4-47B5-B00E-1689F8F51B4A}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\ScenarioEditor.exe
FirewallRules: [{2808306D-4AC0-49C0-9974-4A9924D5B49A}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\ScenarioEditor.exe
FirewallRules: [{0783C263-D318-401F-87DE-C79012481316}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\cshlp.exe
FirewallRules: [{90F1D2DC-ECE8-4088-8A08-C7E9F9918A6C}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\cshlp.exe
FirewallRules: [{B25773E3-D50F-4AB0-AAC4-BC54E22FF1A4}] => (Allow) D:\ghS\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B9D2B17F-76A4-4543-9756-EC755F6FDD65}] => (Allow) D:\ghS\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [TCP Query User{4AE5A607-570B-45BC-9D02-DEA9FED8B228}C:\games\cs 1.6 v42 full\hl.exe] => (Allow) C:\games\cs 1.6 v42 full\hl.exe
FirewallRules: [UDP Query User{692CB3A7-9A26-4975-BC1F-062D67E7C704}C:\games\cs 1.6 v42 full\hl.exe] => (Allow) C:\games\cs 1.6 v42 full\hl.exe
FirewallRules: [{06800894-A14F-494C-8A03-72680060787E}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\dmcr.exe
FirewallRules: [{DD755683-C8DE-4333-B946-6732DCABF5E4}] => (Allow) D:\ghS\Steam\steamapps\common\Cossacks Back to War\bin\dmcr.exe
FirewallRules: [{49B9A3B7-BD53-42B0-9093-0EC2886ABAFF}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{F92D43BD-DE37-4861-BFFE-9ED10DAA4EC6}] => (Allow) C:\Windows\SysWOW64\dplaysvr.exe
FirewallRules: [{70D9457C-A8F2-4A76-8E99-6AED3CA80DDC}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{F274A595-62D8-424B-9624-E8F4B23C84A7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{FE275259-6255-4B51-97C1-54564542AC7A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8871D4F6-737F-4F6D-BD59-5ECAED7BC3C3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{186FC68E-FEB6-43E3-B10F-BA7B0E8DE026}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FE43CE67-FA5E-4427-B5D2-0C0622E2E434}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/06/2017 06:19:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/06/2017 06:16:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/06/2017 03:38:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/06/2017 01:23:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/05/2017 08:22:18 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: tobi-PC)
Description: Application or service 'Internet Pass-Through Service' could not be restarted.
Error: (05/05/2017 06:41:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/05/2017 01:29:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/04/2017 09:06:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/04/2017 11:36:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (05/03/2017 09:59:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
System errors:
=============
Error: (05/06/2017 03:35:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Update service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/06/2017 03:35:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Error: (05/05/2017 06:39:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
Error: (05/05/2017 06:39:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3240 CPU @ 3.40GHz
Percentage of memory in use: 52%
Total physical RAM: 4059.86 MB
Available physical RAM: 1929.88 MB
Total Virtual: 8117.9 MB
Available Virtual: 5504.11 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:205.08 GB) (Free:170.73 GB) NTFS
Drive d: () (Fixed) (Total:726.33 GB) (Free:688.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A6C7A6C7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=205.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=726.3 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-05-2017
Ran by tobi (administrator) on TOBI-PC (06-05-2017 19:25:36)
Running from C:\Users\tobi\Downloads
Loaded Profiles: tobi (Available Profiles: tobi)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
() C:\ProgramData\Razer\Synapse\RzStats\RzStats.Manager.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\InGameEngine\32bit\RazerIngameEngine.exe
(Razer, Inc.) C:\Users\tobi\AppData\Local\Razer\InGameEngine\cache\RzStats.Manager\rzcefrenderprocess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-08-22] (Razer Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\Run: [Steam] => D:\ghS\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\...\MountPoints2: {416d12b4-656b-11e6-a743-94de80ee485f} - F:\HTC_Sync_Manager_PC.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{07113958-D9AA-44A2-A6B3-09D5BE76DA4D}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-3211118102-3945958172-1215576064-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://
www.msn.com/?ocid=iehp
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-04-28] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL [2017-04-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-04-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-04-28] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL [2017-04-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-04-28] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-04-28] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: r5iidbph.default
FF ProfilePath: C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default [2017-05-06]
FF Extension: (Dark YouTube Theme) - C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default\Extensions\jid1-hDf2iQXGiUjzGQ@jetpack.xpi [2017-01-18]
FF Extension: (Adblock Plus) - C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF Extension: (Shield Recipe Client) - C:\Users\tobi\AppData\Roaming\Mozilla\Firefox\Profiles\r5iidbph.default\features\{d9a81d3b-b285-4dfb-a3c0-43dc2fb16e01}\shield-recipe-client@mozilla.org.xpi [2017-04-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-04-28] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://
www.google.com/"
CHR Profile: C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default [2017-05-06]
CHR Extension: (Google Slides) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-06]
CHR Extension: (Google Docs) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-06]
CHR Extension: (Google Drive) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-06]
CHR Extension: (Dark Skin for Youtube™) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfeknfgchonpnofdjokchhdhdnddhglm [2017-05-06]
CHR Extension: (YouTube) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-06]
CHR Extension: (Adobe Acrobat) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-06]
CHR Extension: (Google Sheets) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-06]
CHR Extension: (Google Docs Offline) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-06]
CHR Extension: (AdBlock) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-05-06]
CHR Extension: (Black Black Chrome Theme Dark Blue Highlight) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njpbabhpbnilgchdjbajcbgnnclkaida [2017-05-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-06]
CHR Extension: (Gmail) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-06]
CHR Extension: (Chrome Media Router) - C:\Users\tobi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-06]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-04-19] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187824 2016-07-20] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-05-07] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [136312 2016-06-27] (Razer, Inc.)
R3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 sshid; C:\Windows\System32\DRIVERS\sshid.sys [51400 2016-05-27] (SteelSeries ApS)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 GPU-Z; \??\C:\Users\tobi\AppData\Local\Temp\GPU-Z.sys [X] <==== ATTENTION
S3 HTCAND64; System32\Drivers\ANDROIDUSB.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-06 19:25 - 2017-05-06 19:26 - 00012736 _____ C:\Users\tobi\Downloads\FRST.txt
2017-05-06 19:25 - 2017-05-06 19:25 - 02429440 _____ (Farbar) C:\Users\tobi\Downloads\FRST64.exe
2017-05-06 19:25 - 2017-05-06 19:25 - 00000000 ____D C:\FRST
2017-05-06 18:04 - 2017-05-06 18:08 - 60107896 _____ (Malwarebytes ) C:\Users\tobi\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-06 15:53 - 2017-05-06 15:53 - 00000000 ____D C:\Users\tobi\AppData\Roaming\Google
2017-05-06 15:52 - 2017-05-06 16:23 - 00000000 ____D C:\Users\tobi\AppData\Local\Google
2017-05-06 15:52 - 2017-05-06 15:52 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-06 15:52 - 2017-05-06 15:52 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-06 15:51 - 2017-05-06 15:52 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-06 15:51 - 2017-05-06 15:51 - 01130328 _____ (Google Inc.) C:\Users\tobi\Downloads\ChromeSetup(1).exe
2017-05-06 15:51 - 2017-05-06 15:51 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-06 15:51 - 2017-05-06 15:51 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-06 15:41 - 2017-05-06 15:41 - 00040898 _____ C:\Users\tobi\Desktop\bookmarks_5_6_17.html
2017-05-06 15:33 - 2017-05-06 15:35 - 00000000 ____D C:\AdwCleaner
2017-05-06 15:33 - 2017-05-06 15:33 - 04102600 _____ C:\Users\tobi\Downloads\adwcleaner_6.046.exe
2017-05-05 20:23 - 2017-05-05 20:23 - 01130328 _____ (Google Inc.) C:\Users\tobi\Downloads\ChromeSetup.exe
2017-05-05 18:45 - 2017-05-05 18:56 - 00004427 _____ C:\Users\tobi\Desktop\New Text Document.txt
2017-05-05 18:36 - 2017-05-05 18:36 - 00000000 ____D C:\Windows\pss
2017-05-05 15:35 - 2017-05-05 15:35 - 00522653 _____ ( ) C:\Users\tobi\Downloads\Neighbour_From_Hell_1_Game.exe
2017-05-01 16:31 - 2017-05-01 16:31 - 00000355 _____ C:\Users\tobi\Downloads\index.html.old
2017-04-28 10:12 - 2017-04-28 10:12 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-04-23 06:48 - 2017-04-23 06:48 - 00005309 _____ C:\Users\tobi\Downloads\wZxJscDnMSY
2017-04-22 07:35 - 2017-04-22 07:35 - 00000000 ____D C:\Users\tobi\AppData\Local\ElevatedDiagnostics
2017-04-22 04:25 - 2017-04-22 04:25 - 00000000 ____D C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-04-22 04:25 - 2017-04-22 04:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
2017-04-22 04:24 - 2017-04-22 04:25 - 16270006 _____ C:\Users\tobi\Downloads\sa-mp-0.3.7-install.exe
2017-04-22 04:21 - 2017-04-22 04:21 - 00527292 _____ C:\Users\tobi\Downloads\Setup.rar
2017-04-18 20:40 - 2017-04-18 20:41 - 00000000 ____D C:\Temp
2017-04-18 20:40 - 2017-04-18 20:40 - 00000000 ____D C:\ProgramData\HTC
2017-04-17 14:55 - 2017-05-06 18:15 - 00000000 __SHD C:\ProgramData\TCISYF
2017-04-17 14:55 - 2017-05-06 18:12 - 00000000 ____D C:\ProgramData\XKQ
2017-04-17 14:55 - 2017-04-17 14:55 - 02577278 _____ C:\Users\tobi\Downloads\Untitled 1.odp
2017-04-17 01:43 - 2017-04-17 01:43 - 00000000 ____D C:\Users\tobi\AppData\Roaming\OpenOffice
2017-04-17 01:21 - 2017-04-17 01:21 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.3
2017-04-17 01:20 - 2017-05-05 14:41 - 00000000 ____D C:\Users\tobi\Desktop\OpenOffice 4.1.3 (en-US) Installation Files
2017-04-17 01:20 - 2017-04-17 01:20 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2017-04-17 00:59 - 2017-04-17 01:15 - 140742472 _____ C:\Users\tobi\Downloads\Apache_OpenOffice_4.1.3_Win_x86_install_en-US.exe
2017-04-13 15:21 - 2017-04-13 15:21 - 00000000 ____D C:\Users\tobi\AppData\Roaming\MAXON
2017-04-13 15:12 - 2017-04-13 15:15 - 85916232 _____ C:\Users\tobi\Downloads\CINEBENCHR15.038.zip
2017-04-13 15:12 - 2017-04-13 15:12 - 01768110 _____ C:\Users\tobi\Downloads\IntelBurnTest.zip
2017-04-13 15:11 - 2017-04-13 15:11 - 02528523 _____ C:\Users\tobi\Downloads\cpu-z_1.78-en.zip
2017-04-13 14:59 - 2017-04-13 14:59 - 02109224 _____ (techPowerUp (
www.techpowerup.com)) C:\Users\tobi\Downloads\GPU-Z.1.18.0.exe
2017-04-13 14:55 - 2017-04-13 14:56 - 40376862 _____ C:\Users\tobi\Downloads\MSIAfterburnerSetup.zip
2017-04-13 14:54 - 2017-04-13 14:54 - 00100635 _____ C:\Users\tobi\Downloads\MSIAfterburnerRemoteServer.zip
2017-04-13 14:52 - 2017-04-13 14:52 - 00514172 _____ C:\Users\tobi\Downloads\openhardwaremonitor-v0.8.0-beta.zip
2017-04-13 02:25 - 2017-04-13 02:26 - 00000000 ____D C:\Users\tobi\Downloads\sve valjda
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-05-06 18:26 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-06 18:26 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-06 18:24 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-06 18:24 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-05-06 18:18 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-06 15:51 - 2016-11-17 01:56 - 00000000 ____D C:\Users\tobi\AppData\LocalLow\Mozilla
2017-05-06 15:48 - 2016-09-30 20:42 - 00000000 ____D C:\Program Files (x86)\GUM3005.tmp
2017-05-06 15:35 - 2016-12-26 20:35 - 00000987 _____ C:\Users\tobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-05-06 15:35 - 2016-10-01 12:25 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-05-06 15:35 - 2016-10-01 12:25 - 00001053 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-05-05 20:22 - 2016-12-30 01:37 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-05 18:53 - 2016-10-30 22:48 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-05-05 15:35 - 2016-11-15 21:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-30 11:03 - 2016-10-01 12:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-28 10:13 - 2017-03-11 18:46 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-28 10:12 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-04-28 10:11 - 2017-03-11 18:30 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-22 04:25 - 2016-12-26 17:22 - 00000000 ____D C:\Users\tobi\Documents\GTA San Andreas User Files
2017-04-17 14:44 - 2009-07-14 06:45 - 00451288 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-17 01:35 - 2016-08-18 13:38 - 00117064 _____ C:\Users\tobi\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-13 15:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2017-04-12 22:34 - 2016-10-30 22:48 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
Some files in TEMP:
====================
2016-10-27 20:27 - 2016-10-27 20:34 - 50563233 _____ (Popcorn Time ) C:\Users\tobi\AppData\Local\Temp\setup_575A.exe
2017-05-05 18:41 - 2017-04-22 04:22 - 0099896 _____ () C:\Users\tobi\AppData\Local\Temp\Uninstall.exe
2006-05-24 07:10 - 2006-05-24 07:10 - 0455600 ____R (Macrovision Corporation) C:\Users\tobi\AppData\Local\Temp\_is3D8C.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-05-04 23:33
==================== End of FRST.txt ============================