Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer.exe idling around 20% CPU


  • This topic is locked This topic is locked
30 replies to this topic

#1 Salmiakbal

Salmiakbal

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 05 September 2016 - 04:10 PM

So lately my laptop has been producing a lot of heat while not doing much work. This is probably because of a clogged air vent, but it also led me to believe the CPU was doing unnecessary work. What I found out via task manager is that explorer.exe is constantly idling around 20% CPU load. What I tried is ending and restarting the explorer.exe from the task manager
and deleting the content in the temp folders in C:/windows/temp and appdata/local/temp, then rebooting the computer. These two fixes are what I found most through google but they did not help.
 
I found out more people have had this problem and many of them were solved by this and other fora through DDS, FRST analysis and the like, so that is why I am posting in this particular forum. If you think I posted this wrong, please tell me.
 
Closing down explorer.exe causes a significant temperature drop in my CPU (from 75C to 60C). Also wmiprvse.exe occasionally pops up and uses around the same CPU percentage as explorer.exe, and killing it in task manager does nothing as it pops right back up (this may be entirely unrelated to the explorer.exe problem, but I thought I should let you know)
 
Many thanks in advance and if you need more info, please let me know.
 
Paul
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Paul (administrator) on PAULELITEBOOK (05-09-2016 23:02:26)
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & Gast)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Nightly\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.424_none_767fbf7a263fc7d3\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Flux Software LLC) C:\Users\Paul\AppData\Local\FluxSoftware\Flux\flux.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(Suunto) C:\Users\Paul\AppData\Local\Apps\2.0\1HX9B33N.933\64790PR0.OHL\move..tion_391e8feca7b0cf78_0001.0004_b812c6590f0f8eec\Moveslink2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
() C:\Users\Paul\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Mozilla Corporation) C:\Program Files\Nightly\plugin-container.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Farbar) C:\Users\Paul\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-09-18] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-07-05] (Apple Inc.)
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Run: [f.lux] => C:\Users\Paul\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Run: [Moveslink2] => C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1332224 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2015-12-28]
ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2015-12-10]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf516187-cd30-48bc-9cbd-d7cf36b27fe4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dc91a518-954c-440a-993b-4e07eb5c6a5d}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default
FF Homepage: hxxps://www.facebook.com/
hxxps://www.youtube.com/feed/subscriptions
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1212818415-2308318455-2339852290-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1212818415-2308318455-2339852290-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-17] (Ubisoft)
FF Extension: (Tab Auto Reload) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\extensions\TabAutoReload@schuzak.jp.xpi [2015-07-24]
FF Extension: (Ghostery) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\firefox@ghostery.com.xpi [2016-08-12]
FF Extension: (Woordenboek Nederlands) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2015-05-11] [not signed]
FF Extension: (Tab Groups) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\tabgroups@quicksaver.xpi [2016-06-02]
FF Extension: (YouTube High Definition) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-08-22]
FF Extension: (Adblock Plus) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-07]
CHR Extension: (Google Documenten) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-07]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-07]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-07]
CHR Extension: (Google Spreadsheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-07]
CHR Extension: (Offline Documenten) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-16]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3248320 2016-08-28] (Microsoft Corporation)
S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [630272 2012-08-08] (Embarcadero Technologies, Inc.) [File not signed]
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [4868608 2012-08-08] (Embarcadero Technologies, Inc.) [File not signed]
R2 NVWMI; C:\WINDOWS\system32\nvwmi64.exe [1290016 2013-09-18] (NVIDIA Corporation)
S2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2015-06-18] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-12-10] (SolidWorks) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [35328 2013-10-11] (Validity Sensors, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
U5 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2009-05-14] (Google Inc)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-14] (Broadcom Corporation.)
R3 cpuz138; C:\Users\Paul\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [27320 2016-09-05] (CPUID)
S3 e1cexpress; C:\Windows\system32\DRIVERS\e1c65x64.sys [472016 2016-03-29] (Intel Corporation)
R3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 SaiK0CCC; C:\Windows\system32\DRIVERS\SaiK0CCC.sys [171016 2010-04-29] (Saitek)
R3 SaiU0CCC; C:\Windows\System32\drivers\SaiU0CCC.sys [41096 2010-04-29] (Saitek)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-03] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [700128 2015-12-08] (Sunplus)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-05] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Users\Paul\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.sys [14544 2016-09-05] (OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 23:02 - 2016-09-05 23:03 - 00020394 _____ C:\Users\Paul\Desktop\FRST.txt
2016-09-05 22:56 - 2016-09-05 23:02 - 02397696 _____ (Farbar) C:\Users\Paul\Desktop\FRST64(1).exe
2016-09-05 22:26 - 2016-09-05 22:27 - 01381850 _____ C:\Users\Paul\Desktop\bookmarks.html
2016-09-05 19:05 - 2016-09-05 19:05 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-05 17:07 - 2016-09-05 17:07 - 00000000 ____D C:\Program Files (x86)\ESET
2016-09-05 17:05 - 2016-09-05 23:02 - 00000000 ____D C:\FRST
2016-09-05 17:05 - 2016-09-05 17:05 - 02397696 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2016-09-05 16:54 - 2016-09-05 16:55 - 33087944 _____ (Adlice Software ) C:\Users\Paul\Downloads\setup(3).exe
2016-09-05 16:53 - 2016-09-05 16:53 - 10451640 _____ (SurfRight B.V.) C:\Users\Paul\Downloads\HitmanPro.exe
2016-09-05 16:52 - 2016-09-05 16:52 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-09-05 16:51 - 2016-09-05 16:51 - 11438608 _____ (SurfRight B.V.) C:\Users\Paul\Downloads\hitmanpro_x64(1).exe
2016-09-05 16:44 - 2016-09-05 16:44 - 11438608 _____ (SurfRight B.V.) C:\Users\Paul\Downloads\HitmanPro_x64.exe
2016-09-05 16:43 - 2016-09-05 16:43 - 03826240 _____ C:\Users\Paul\Downloads\AdwCleaner.exe
2016-09-05 15:57 - 2016-09-05 22:54 - 00000000 ____D C:\Users\Paul\Desktop\OpenHardwareMonitor
2016-09-05 15:56 - 2016-09-05 15:56 - 00511764 _____ C:\Users\Paul\Downloads\openhardwaremonitor-v0.7.1-beta(1).zip
2016-09-05 15:55 - 2016-09-05 15:55 - 00002560 _____ C:\WINDOWS\_MSRSTRT.EXE
2016-09-05 15:54 - 2016-09-05 15:55 - 00511764 _____ C:\Users\Paul\Downloads\openhardwaremonitor-v0.7.1-beta.zip
2016-09-05 15:53 - 2016-09-05 15:53 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-09-05 15:53 - 2016-09-05 15:53 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-05 15:53 - 2016-09-05 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-05 15:53 - 2016-09-05 15:53 - 00000000 ____D C:\Program Files\CCleaner
2016-09-05 15:52 - 2016-09-05 15:53 - 08227032 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup521.exe
2016-09-05 15:46 - 2016-09-05 15:55 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2016-09-05 15:46 - 2016-09-05 15:46 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Eusing
2016-09-05 15:45 - 2016-09-05 15:46 - 00984554 _____ C:\Users\Paul\Downloads\EFRCSetup.exe
2016-09-05 15:42 - 2016-09-05 15:51 - 00000000 ____D C:\Users\Paul\AppData\Roaming\GlarySoft
2016-09-05 15:41 - 2016-09-05 15:51 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-09-05 15:40 - 2016-09-05 15:41 - 05090248 _____ C:\Users\Paul\Downloads\rrsetup.exe
2016-09-05 15:14 - 2016-09-05 21:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-05 15:14 - 2016-09-05 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Paul\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-05 15:11 - 2016-09-05 15:11 - 00604960 _____ (Reimage) C:\Users\Paul\Downloads\ReimageRepair.exe
2016-09-04 18:33 - 2016-09-04 18:33 - 05201280 _____ (Piriform Ltd) C:\Users\Paul\Downloads\spsetup129.exe
2016-09-04 18:33 - 2016-09-04 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-09-04 18:33 - 2016-09-04 18:33 - 00000000 ____D C:\Program Files\Speccy
2016-08-28 17:16 - 2016-09-05 16:18 - 00000000 ____D C:\Program Files\Nightly
2016-08-28 14:20 - 2016-08-28 14:20 - 00394496 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2016-08-28 14:20 - 2016-08-28 14:20 - 00271104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2016-08-28 14:20 - 2016-08-28 14:20 - 00089328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00639728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00334616 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00244504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00085744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2016-08-27 20:36 - 2016-08-27 20:38 - 527736272 _____ C:\Users\Paul\Downloads\maandag%20nacht.zip
2016-08-23 17:05 - 2016-08-23 17:05 - 00000000 ____D C:\Users\Gast\AppData\Local\MicrosoftEdge
2016-08-23 07:52 - 2016-08-23 07:52 - 00209753 _____ C:\Users\Paul\Downloads\WhatsApp Image 2016-08-22 at 22.59.00.jpeg
2016-08-21 22:56 - 2016-08-21 22:56 - 00466168 _____ C:\Users\Paul\Downloads\WhatsApp Image 2016-08-21 at 17.19.20.jpeg
2016-08-18 08:59 - 2016-08-18 08:59 - 00003334 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-18 08:58 - 2016-08-18 08:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Skype
2016-08-15 15:09 - 2016-08-15 15:09 - 00010938 _____ C:\Users\Paul\AppData\Local\recently-used.xbel
2016-08-10 15:41 - 2016-09-05 15:10 - 00000000 ____D C:\temp
2016-08-10 15:30 - 2016-08-10 15:30 - 00002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 22:51 - 2014-06-17 13:16 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B89AD4B7-B869-4EC6-BA0C-FB0E8E803236}
2016-09-05 22:41 - 2016-01-07 19:20 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-05 22:39 - 2015-10-19 21:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-05 22:16 - 2015-08-03 23:59 - 00005842 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 21:24 - 2015-12-10 15:09 - 00007599 _____ C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2016-09-05 21:05 - 2015-10-30 11:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-09-05 21:05 - 2015-03-09 18:40 - 00000000 ____D C:\Program Files (x86)\Bulk Image Downloader
2016-09-05 20:54 - 2015-12-20 13:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-05 20:54 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-05 20:51 - 2014-12-16 16:02 - 00000572 _____ C:\WINDOWS\Tasks\MATLAB R2014b Startup Accelerator.job
2016-09-05 20:49 - 2016-04-26 10:54 - 00000000 ____D C:\Users\Paul\AppData\LocalLow\Mozilla
2016-09-05 20:49 - 2016-01-29 17:11 - 00000000 ____D C:\Users\Paul\AppData\Local\Deployment
2016-09-05 20:49 - 2016-01-07 19:20 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-05 20:46 - 2015-12-10 05:14 - 00000000 ____D C:\Users\Paul
2016-09-05 20:30 - 2013-11-13 19:02 - 00000000 ____D C:\Users\Paul\AppData\Local\Packages
2016-09-05 20:12 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-05 19:52 - 2013-11-18 18:39 - 00000000 ____D C:\ProgramData\Embarcadero
2016-09-05 19:51 - 2015-12-10 05:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-05 19:37 - 2015-05-10 10:11 - 00000000 ____D C:\Users\Paul\AppData\Local\CrashDumps
2016-09-05 19:05 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-05 19:05 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-05 18:59 - 2013-11-13 19:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-05 17:50 - 2016-05-24 18:39 - 00000000 ____D C:\Users\Gast
2016-09-05 16:56 - 2015-05-03 12:28 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-09-05 16:46 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-05 16:46 - 2014-11-27 12:02 - 00000000 ____D C:\AdwCleaner
2016-09-05 16:34 - 2015-01-02 18:29 - 00000000 ____D C:\Users\Paul\AppData\Roaming\MPC-HC
2016-09-05 16:34 - 2014-07-07 20:46 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-05 16:32 - 2015-12-10 14:01 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-05 16:21 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-05 16:18 - 2014-07-31 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-05 15:41 - 2013-11-28 21:35 - 00000000 ____D C:\Program Files (x86)\Assassins Creed IV Black Flag
2016-09-05 13:03 - 2014-08-21 14:10 - 00000000 ____D C:\Users\Paul\AppData\Local\Adobe
2016-09-04 15:15 - 2013-11-13 23:21 - 00000000 ____D C:\Users\Paul\AppData\Roaming\transmission
2016-09-03 12:45 - 2015-04-19 00:09 - 00000000 ____D C:\Users\Paul\AppData\Local\ElevatedDiagnostics
2016-08-22 19:05 - 2015-12-10 05:03 - 05013960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-21 12:15 - 2014-09-20 01:07 - 00000000 ____D C:\Users\Paul\Documents\Proteus-Eretes
2016-08-18 12:48 - 2013-11-14 14:39 - 00000000 ____D C:\Users\Paul\Documents\TU Delft
2016-08-18 11:45 - 2015-12-11 00:36 - 00000000 ____D C:\Users\Paul\AppData\Local\TempSWBackupDirectory
2016-08-18 08:59 - 2016-05-24 18:44 - 00002407 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 08:59 - 2016-05-24 18:44 - 00000000 ___RD C:\Users\Gast\OneDrive
2016-08-15 15:09 - 2014-09-19 16:39 - 00000000 ____D C:\Users\Paul\AppData\Local\gtk-2.0
2016-08-15 15:09 - 2014-09-19 16:38 - 00000000 ____D C:\Users\Paul\.gimp-2.8
2016-08-15 14:59 - 2016-05-29 16:07 - 00000034 _____ C:\Users\Paul\AppData\Roaming\AdobeWLCMCache.dat
2016-08-14 13:45 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 21:26 - 2016-08-05 19:51 - 00000000 ____D C:\Users\Paul\Desktop\Warcraft III
2016-08-10 20:46 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-08 20:43 - 2016-01-07 19:20 - 00002292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-05-29 16:07 - 2016-08-15 14:59 - 0000034 _____ () C:\Users\Paul\AppData\Roaming\AdobeWLCMCache.dat
2016-08-15 15:09 - 2016-08-15 15:09 - 0010938 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2015-12-10 15:09 - 2016-09-05 21:24 - 0007599 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2016-07-01 14:30 - 2016-07-28 14:24 - 0000000 _____ () C:\Users\Paul\AppData\Local\Temptable.xml

Some zero byte size files/folders:
==========================
C:\Windows\System32\LanguageComponentsInstaller.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 14:34

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Paul (05-09-2016 23:03:51)
Running from C:\Users\Paul\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-10 03:38:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1212818415-2308318455-2339852290-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1212818415-2308318455-2339852290-503 - Limited - Disabled)
Gast (S-1-5-21-1212818415-2308318455-2339852290-1007 - Limited - Enabled) => C:\Users\Gast
Guest (S-1-5-21-1212818415-2308318455-2339852290-501 - Limited - Disabled)
Paul (S-1-5-21-1212818415-2308318455-2339852290-1001 - Administrator - Enabled) => C:\Users\Paul
Sonos (S-1-5-21-1212818415-2308318455-2339852290-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe InDesign CS6 (HKLM-x32\...\{CFB770D7-8D43-1014-922B-CC2715FADE3F}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1 - Adobe Systems Incorporated)
Age of Empires complete version 1.0c (HKLM-x32\...\{F7F0D70E-9027-4DF5-B67F-4B48CE29565A}_is1) (Version: 1.0c - vol1)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.37.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.37.0 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6F085FCD-4B6A-4F63-AF23-B74629C40797}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Aurora 33.0a2 (x86 en-US) (HKLM-x32\...\Aurora 33.0a2 (x86 en-US)) (Version: 33.0a2 - Mozilla)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BDE_ENT (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
CodeSite Express 5.1.1 (HKLM-x32\...\CodeSite Express 5.1.1) (Version: 5.1 - Raize Software, Inc.)
CollabNet Subversion Client 1.7.5 (HKLM-x32\...\CollabNet Subversion Client) (Version: 1.7.5 - CollabNet)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
COMSOL 4.3 (HKLM-x32\...\COMSOL43) (Version: COMSOL Multiphysics 4.3 - COMSOL)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
De Schippers van de Kameleon (HKLM-x32\...\De Schippers van de Kameleon) (Version: - )
DevJET Documentation Insight Express Edition V2.1.8.25 (HKLM-x32\...\{F62B6FC9-BECA-4209-9F8E-09528DC143BE}_is1) (Version: - DevJET)
Embarcadero Delphi and C++Builder XE3 Help System (HKLM-x32\...\Embarcadero Delphi and C++Builder XE3 Help System) (Version: 10.0 - Embarcadero Technologies, Inc.)
Embarcadero Delphi and C++Builder XE3 Help System (x32 Version: 10.0 - Embarcadero Technologies, Inc.) Hidden
Embarcadero InterBase XE3 64 [instance = gds_db] (HKLM-x32\...\Embarcadero InterBase XE3 64 [instance = gds_db]) (Version: Embarcadero InterBase XE3 - Embarcadero Technologies Inc)
Embarcadero RAD Studio XE3 (HKLM-x32\...\Embarcadero RAD Studio XE3) (Version: 10.0 - Embarcadero Technologies)
Embarcadero RAD Studio XE3 (x32 Version: 10.0 - Embarcadero) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
f.lux (HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Flux) (Version: - )
FastReport 4 Embarcadero edition (HKLM-x32\...\{BDC6B3DE-760E-4626-998B-FB8F6D972F87}) (Version: Embarcadero Edition - FastReports)
Fire Chief version 1.0 (HKLM-x32\...\{E9E40B7E-EECE-4B08-992E-95456FFAD5C3}_is1) (Version: 1.0 - DreamCatcher Interactive Inc.)
GanttProject (HKLM-x32\...\GanttProject) (Version: - )
Geeks3D FurMark 1.11.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version: - R.G. Mechanics, ProZorg_tm)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP 3D DriveGuard (HKLM\...\{6C8684DD-B238-4806-9E93-BDD12CD11998}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{A3876D50-4A88-4A34-92E1-5D7BC8F886E1}) (Version: 1.0.1 - Hewlett-Packard Company)
HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.54 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Driver Update Utility 2.6 (x32 Version: 2.6.0.32 - Intel) Hidden
Intel® Network Connections 21.0.504.0 (HKLM\...\PROSetDX) (Version: 21.0.504.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.5.1006 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
iTunes (HKLM\...\{98C7A9A1-5A7B-471D-9D55-0668147BEB7D}) (Version: 12.4.2.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
LG One Click Root (HKLM-x32\...\{5085AFF1-777B-4052-85D1-59140D26DB28}) (Version: 1.3.0.0 - avicohh software)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
MATLAB R2014b (HKLM\...\Matlab R2014b) (Version: 8.4 - The MathWorks, Inc.)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7341.2021 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Zoo Tycoon (HKLM-x32\...\Zoo Tycoon 1.0) (Version: - )
Minecraft1.8.8 (HKLM-x32\...\Minecraft1.8.8) (Version: - )
Moveslink2 (HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\09caaf8ee8bfbd57) (Version: 1.4.1.26 - Suunto)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.0.6092 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version: - )
Nightly 34.0a1 (x86 en-US) (HKLM-x32\...\Nightly 34.0a1 (x86 en-US)) (Version: 34.0a1 - Mozilla)
Nightly 51.0a1 (x64 en-US) (HKLM\...\Nightly 51.0a1 (x64 en-US)) (Version: 51.0a1 - Mozilla)
NVIDIA Graphics Driver 327.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7341.2021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7341.2021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7341.2021 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Portal) (Version: - )
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Railroad Pioneer (HKLM-x32\...\Railroad Pioneer) (Version: 1.0.6.1 - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SmartBear AQtime 7 Standard for Embarcadero RAD Studio (x32 Version: 7.50.1260.861 - SmartBear Software) Hidden
SmartBear AQtime 7 Standard for Embarcadero RAD Studio XE, XE2 and XE3 (HKLM-x32\...\InstallShield_{DC75000A-9FD8-4445-A578-C52209A90522}) (Version: 7.50.1260.861 - SmartBear Software)
SOLIDWORKS 2015 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20150-40400-1100-100) (Version: 23.4.0.56 - SolidWorks Corporation)
SOLIDWORKS 2015 x64 Edition SP04 (Version: 23.140.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2015 x64 Edition SP04 (Version: 15.4.0012 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2015 SP04 x64 Edition (Version: 23.40.57 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.5.90191 - Sonos, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version: - Bethesda Softworks)
Unity Web Player (HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - LG Electronics Inc (ANDModem) Modem (11/30/2010 2.2.0.0) (HKLM\...\3F162CA9EF5A33FF16B97554663A71E35053783E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)
Windows Driver Package - LG Electronics Inc. (Andbus) USB (11/30/2010 2.2.0.0) (HKLM\...\7972D4F247E02C0849331540773B9ABFA384B182) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndDiag) Ports (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndGps) Ports (11/30/2010 2.2.0.0) (HKLM\...\37C6E863D718F6363FBAC33FBAAA927F5DC2A43E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics, Inc. (andnetndis) Net (03/07/2012 3.7.0.0) (HKLM\...\E670C2A33F5DE62100C1BF6291C8DBBCE5457692) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - LG Electronics, Inc. Net (03/07/2012 3.7.0.0) (HKLM\...\1189BFED67524133874A995F6EE63DC76C2083C1) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - LG Electronics, Inc. WPD (03/07/2012 3.7.0.0) (HKLM\...\5A454C002BB9011E261D0C1B7E846CD23A1D1806) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - Motorola (bqusbser) Modem (02/24/2009 1.1.0.0) (HKLM\...\46D28B033482A13C68B1777C399248A0FE510D1A) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows Driver Package - Motorola (bqusbser) Ports (02/24/2009 1.1.0.0) (HKLM\...\3E885DDD8DE7247FEBCE2F5FEF86A3664DF51FEC) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows Driver Package - Motorola (motandroidusb) USB (11/26/2012 1.2.14.0) (HKLM\...\17DC46E7226DD240CE5480A071337C9D15C5991E) (Version: 11/26/2012 1.2.14.0 - Motorola)
Windows Driver Package - Motorola (motccgp) USB (11/26/2012 3.3.1.0) (HKLM\...\F62C352416202B84E7804DE3CE695F30A4FDA328) (Version: 11/26/2012 3.3.1.0 - Motorola)
Windows Driver Package - Motorola (motmodem) Modem (06/08/2012 5.0.0.0) (HKLM\...\EC59CFD8B4CBED0A412E4B22DAB4C565DE2E79D5) (Version: 06/08/2012 5.0.0.0 - Motorola)
Windows Driver Package - Motorola (Motousbnet) Net (06/08/2012 2.6.0.0) (HKLM\...\F0EE2BD961E485B5B5AE20058D7FEC68F3C0DE1D) (Version: 06/08/2012 2.6.0.0 - Motorola)
Windows Driver Package - Motorola (motport) Ports (06/08/2012 5.0.0.0) (HKLM\...\0E7272CE1AFA7996DFC0F8B0B359D995AA4DB9A1) (Version: 06/08/2012 5.0.0.0 - Motorola)
Windows Driver Package - Motorola (motusbdevice) USB (06/08/2012 1.1.3.0) (HKLM\...\1F35118DF730077690CF2BAEBDAC57D2138F7E44) (Version: 06/08/2012 1.1.3.0 - Motorola)
Windows Driver Package - Motorola (usbser) Ports (11/26/2012 1.0.1.0) (HKLM\...\23D2826F79B1BE46FCB42BB6BF83B57975E5A7F8) (Version: 11/26/2012 1.0.1.0 - Motorola)
Windows Driver Package - Motorola Inc (MotDev) MOTUSB (11/08/2011 3.2.12.0) (HKLM\...\F8C33978D5941EC809F57F088EE5517BBBE19FFD) (Version: 11/08/2011 3.2.12.0 - Motorola Inc)
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (03/25/2013 2.9.508.0) (HKLM\...\686FE24C5F44B8399EDAD00FF437C91E8E4C33C6) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssadbus) USB (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssadmdm) Modem (11/30/2012 5.30.14.0) (HKLM\...\7F88F2DFE1ABA293DADBE5DA286367B63BC6803B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssadserd) Ports (11/30/2012 5.30.14.0) (HKLM\...\95CB371FE417AB927308B5EA16B0FFD8902579FC) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaebus) USB (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaemdm) Modem (02/05/2010 5.14.0.0) (HKLM\...\14AE004B19BD3BB393FF6268715C15E1F14216E8) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaend5) Net (02/05/2010 5.14.0.0) (HKLM\...\75005F34035E512FEEBCAE8E47C427F0D5B95E92) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssaeunic) USB (02/05/2010 5.14.0.0) (HKLM\...\0B1DCCBA5BC4F4EEFC1C4D6AC8B27D2393A38E9B) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdbus) USB (11/30/2012 5.30.14.0) (HKLM\...\48D2E7EFFD4BAB26BC0C02AD45ACAAE9F6DCE93B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdmdm) Modem (11/30/2012 5.30.14.0) (HKLM\...\27E187FA129B3851CA36E7EFD57A4B410C363A74) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscdserd) Ports (11/30/2012 5.30.14.0) (HKLM\...\0538728B8C08F691CFD167E4B7C479EF672BDBCB) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscebus) USB (11/30/2012 5.30.14.0) (HKLM\...\DBB8AAF635B8C4AFC784BE729331BD04DBE1002D) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (sscemdm) Modem (11/30/2012 5.30.14.0) (HKLM\...\86E162131DFD10D5894F0B148F3FB8E8562D602B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssceserd) Ports (11/30/2012 5.30.14.0) (HKLM\...\774F03A40D4344CD199548B37D6686E7A3B91FDF) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssuddmgr) Ports (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (03/25/2013 2.9.508.0) (HKLM\...\59448F49ADCE2157A5E72FF82862DAFFBC071F75) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudobex) Ports (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. (ssudserd) Ports (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. Net (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. Net (05/13/2011 5.28.2.1) (HKLM\...\CC16886829EBCBDE3BFDAE395E74FACD43F1386F) (Version: 05/13/2011 5.28.2.1 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd. WPD (03/25/2013 2.9.508.0) (HKLM\...\8657EAB5BD6A536AA497AEA26A00A6E6B25F5CD7) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1212818415-2308318455-2339852290-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00096437-EF99-4CCC-B580-424CADFAA88D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {02CB4CC5-EB8C-40E5-8CD4-BF182E3089B4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-29] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0EFFF6FA-40D2-49E0-A6FF-0FDB1BFB90E8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-03] (Synaptics Incorporated)
Task: {462577AE-CAA6-46FF-A4AB-271A50975191} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-28] (Microsoft Corporation)
Task: {504825E7-A0F3-422F-A479-EB54B45FEB95} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-paulvroeg@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-04-28] (Adobe Systems Incorporated)
Task: {6462FD87-7813-4EA7-8775-2653FDF0E217} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {81DD162A-F0C1-4653-9475-E39DE6C065A8} - System32\Tasks\MATLAB R2014b Startup Accelerator => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe [2014-07-26] ()
Task: {84368676-405B-4E70-89C7-4A1D9AC7852A} - \AutoKMS -> No File <==== ATTENTION
Task: {8D47E662-0026-42E6-9503-37FB43C8C378} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-08-29] (Microsoft Corporation)
Task: {8DA71712-A3D2-491F-92CE-FD54A705B531} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {9481019A-DBBC-4B6B-8794-589B7CD983F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {964820A9-C437-40A1-81EF-61ECD273A9ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {A046D2BA-C40B-4637-A690-54CF1FD706DD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A6D55803-15A9-482A-A790-1B102EF9B845} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-08-29] (Microsoft Corporation)
Task: {AC6AB8D7-67B0-4169-8BBB-CC52C8DA4F76} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-28] (Microsoft Corporation)
Task: {AEC39E52-09A9-499F-B017-7991A1EE8DC9} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Gast\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
Task: {B85D41A8-096C-481C-AA7C-F81F1EF19E1A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C104E9F4-500E-49DC-BD90-9689FF944D39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {D8CDE3A3-C814-4710-BDB1-B9EDF9F83F86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {DF758872-7788-4E4E-B5B6-156CCA31266E} - System32\Tasks\{9EA3C5F0-70D1-4B07-98B2-E18D786EE606} => pcalua.exe -a G:\start.exe -d G:\
Task: {E2E64CD9-29E4-4204-A22C-A176BE135F25} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {F202C5F2-B5FE-43C3-AABE-24E402513290} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {FAD9BA8B-22E1-4E34-9AF6-41D00D2B26A5} - \Microsoft\Windows\Setup\gwx\runappraiser -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014b Startup Accelerator.job => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Paul\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-02-26 18:34 - 2013-04-15 12:50 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 05:09 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-10 13:55 - 2015-12-10 13:55 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-19 14:04 - 2016-04-19 14:04 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-06-19 10:14 - 2015-06-19 10:14 - 00268280 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2016-08-02 14:58 - 2016-08-02 14:58 - 00959168 _____ () C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-08-02 14:45 - 2016-09-05 18:04 - 08923840 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2014-12-30 23:48 - 2016-09-05 15:57 - 00492544 _____ () C:\Users\Paul\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.exe
2016-08-02 14:43 - 2016-08-02 14:45 - 02210480 _____ () C:\Program Files\Microsoft Office\Root\Office16\tmpod.dll
2016-08-02 14:43 - 2016-09-05 16:45 - 01402560 _____ () C:\Program Files\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-08-02 14:43 - 2016-09-05 18:54 - 04532416 _____ () C:\Program Files\Microsoft Office\root\Office16\gfx.dll
2016-07-12 14:39 - 2016-07-12 14:39 - 26858688 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll
2015-12-10 13:55 - 2015-12-10 13:55 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-19 13:35 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-19 13:35 - 2015-12-07 06:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 20:24 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 20:24 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 14:05 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 14:05 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-19 14:04 - 2016-04-19 14:04 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 14:04 - 2016-04-19 14:04 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-06-15 17:09 - 2016-06-15 17:09 - 06859808 _____ () C:\Users\Paul\AppData\Local\Apps\2.0\1HX9B33N.933\64790PR0.OHL\move..tion_391e8feca7b0cf78_0001.0004_b812c6590f0f8eec\BLLWrapper.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-07-22 19:09 - 00000960 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\StartupApproved\Run: => "OffCAT"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{2A4430FB-3C42-4B35-B6BD-104AB71D32C7}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe
FirewallRules: [TCP Query User{EBFB018B-9C14-44D4-A76E-8F96664921C8}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe
FirewallRules: [UDP Query User{83E84852-E9D6-462F-AD20-6046BDF485A2}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{03408578-3FC8-4D0D-821E-C4C680B7929D}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [{51E1B0CC-1426-44E3-8671-7918B69F584A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C1C9484-496D-4E28-A2CE-B728D87AFEB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{826765F4-2FD5-4F4A-AD30-8BDDFE47F81A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C62455C-ACA2-4663-977D-898C73F29832}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{94924B8C-7CAF-4868-8DEA-30C3FD540694}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2390E8CE-2CB4-47E7-9398-D6739A898AC7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [TCP Query User{920CD262-18E0-44F4-AB57-A2720F800F53}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{E49168D3-3054-4308-9D02-ADC28CA2ACB2}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{179B0FB7-511F-441D-9405-59DBF1FDC186}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{09652A2B-2244-4A07-BE85-D3A39C6CEC98}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{18085B71-4783-42EF-B063-4F839C973344}] => (Allow) C:\Program Files\Battlefield 4\bf4_x86.exe
FirewallRules: [{74EE9D59-1761-4D3D-89AA-46D18CFDA079}] => (Allow) C:\Program Files\Battlefield 4\bf4_x86.exe
FirewallRules: [{84F5D5B3-73E9-44B5-922A-0595E004E44A}] => (Allow) C:\Program Files\Battlefield 4\bf4.exe
FirewallRules: [{85E0ACBA-19E6-4F90-AB53-F6103C3F76A5}] => (Allow) C:\Program Files\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{C4359E73-2780-4D0D-B390-3A26C2932D7E}C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe] => (Allow) C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe
FirewallRules: [UDP Query User{9BB6562B-1D3A-409D-A4D2-028E917389FF}C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe] => (Allow) C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe
FirewallRules: [TCP Query User{E2A587B9-7676-4C9F-B74E-3017FB759622}C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe] => (Block) C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe
FirewallRules: [UDP Query User{41D3E0B8-E87E-4E57-B730-157C1995BB09}C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe] => (Block) C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe
FirewallRules: [TCP Query User{3970948F-1201-45B8-A997-2CDC79C9EBC8}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{79422BBD-5AEF-4061-9B8A-451D66BF4024}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{06408A4E-BDFC-4744-8784-48A5424D6DF2}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{5A14975B-E639-403F-9307-DC01D7787E38}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{B06521AF-A3CE-46D8-9FA5-78581D452B7A}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{E44AF5D0-8936-4FDA-BBFD-BF4CA102B7E9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{F59A8924-FC4A-4FE6-B69B-D86AEEE19D87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{63D854DF-B002-44E0-AF93-16F834058C47}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{39B6430C-1141-4619-92E3-F32CED4C0068}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5834D628-0B02-4993-B386-F22E23B912C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{A0B6220C-9E14-49FD-A11B-19DE318E2D90}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat] => (Block) C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat
FirewallRules: [UDP Query User{CD91DF99-30CC-4E59-97F1-D04736D974F7}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat] => (Block) C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat
FirewallRules: [{6AE3D74A-8F04-4B7D-9594-1ED775432726}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17BBB931-6181-4FAE-BECD-055D1B77CDD7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{7F2972DD-0C8D-4712-88DC-A216FF6D6D90}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{C31D5A5B-9371-4D6F-BC56-D24BB68874D4}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{0E76238F-0793-4F62-8D55-812EBCBAD7FF}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{7ADB891C-003E-4E4C-8899-587AB34DAE41}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [TCP Query User{26DA42F2-4F0D-4D4A-9900-E505F010E48F}C:\program files\tom clancy\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Block) C:\program files\tom clancy\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [UDP Query User{32D54229-19F8-4087-A00B-D53A52886809}C:\program files\tom clancy\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Block) C:\program files\tom clancy\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [{5BB4B972-1C47-4921-ADEE-29767DD498DB}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{80581EB5-0AB0-4B7B-8622-753C9B8D7B47}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [TCP Query User{96F9BA75-EDA9-4B72-8B62-FC816E920B4F}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [UDP Query User{A81013E3-33BD-4766-AACB-8E5290579079}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [{9D241F44-F68B-4807-B994-5AA131E6D3C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ABC6715E-A7C7-4E32-B8D3-D500145442B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DE695349-D46F-434D-9A30-DE9113BE4FD3}C:\program files (x86)\age of empires complete\empiresx.exe] => (Allow) C:\program files (x86)\age of empires complete\empiresx.exe
FirewallRules: [UDP Query User{246DFA60-07B0-4B79-B903-CFD653AD43D9}C:\program files (x86)\age of empires complete\empiresx.exe] => (Allow) C:\program files (x86)\age of empires complete\empiresx.exe
FirewallRules: [TCP Query User{4BE861E6-C677-4E7B-9FC7-761AB6C84CDD}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{0117C2C9-1AC9-4DFC-8696-B42B3E57CE24}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{CC3803C8-D2FF-4DEA-A155-088AEB0E6C65}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [UDP Query User{86958A41-D51C-4362-AC9B-E2B2B7234234}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [TCP Query User{9A449655-A238-4957-BA2F-00E8E00B91BE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5BEA6352-E4EC-40BF-90A9-A640657D744F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{99F78495-6551-483B-A5B5-4FEC9BDAB227}] => (Allow) C:\Program Files\WebDrive\WebDrive.exe
FirewallRules: [{CFC72CCD-003F-4860-A876-282204CD8834}] => (Allow) C:\Program Files\WebDrive\WebDrive.exe
FirewallRules: [{DF5E8763-E502-46B1-9E04-F70B648CEBAE}] => (Allow) C:\Program Files\WebDrive\wdService.exe
FirewallRules: [{9A629418-062E-48EC-9533-360A7852390F}] => (Allow) C:\Program Files\WebDrive\wdService.exe
FirewallRules: [{C7A659DA-72A0-41DE-81FA-30FA7178BD78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4E33A2C8-2030-4132-9F72-7E064E56CDEA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C0FF273E-5E10-4593-92FF-8CE3733050EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{952360DE-991C-4B5F-BD57-E6797F972308}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{95ED7A05-AF07-4032-BBB2-01739C8E602B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{49A282F3-A95C-421C-8A3F-0121CCC292D1}C:\program files\solidworks corp\solidworks\photoview\photoview360.exe] => (Block) C:\program files\solidworks corp\solidworks\photoview\photoview360.exe
FirewallRules: [UDP Query User{27ED12BA-3191-4B6D-8D28-6DE2CB53A034}C:\program files\solidworks corp\solidworks\photoview\photoview360.exe] => (Block) C:\program files\solidworks corp\solidworks\photoview\photoview360.exe
FirewallRules: [{2ED2F88C-5494-4853-99CB-8DA9675EB317}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{331AABB7-BF37-4676-84B0-4AE0551F035C}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [TCP Query User{9CAAF492-E0AD-4E1F-B39E-E0A3DEDCDC32}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{AB87ED58-826F-4EE0-9153-1749CB48473A}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{C345F6D0-C0BF-4473-BE30-F9693C8C1A01}C:\program files (x86)\r.g. mechanics\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\r.g. mechanics\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{05C00BF7-5345-4A2F-8819-A625DE8C6C05}C:\program files (x86)\r.g. mechanics\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\r.g. mechanics\crysis 2\bin32\crysis2.exe
FirewallRules: [{4DA5E3E0-86CB-4F9A-BC5F-8E3A6C357108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3431F70F-F189-42B6-BCF3-171889909531}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C319663C-33AA-489E-AFC9-BA845B52A3B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4D8BE733-02BC-4672-82C6-DDB4D9EFD420}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0247D487-1B4E-45CF-9B76-B405D0BC28CD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B87665B3-1E4F-4255-8DBD-CC93568D7130}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{67D948BC-820D-4E2B-917A-48AF2D71AEDB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{62878A7B-9088-4D97-8D88-D85B5906035A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A3FEB354-F9F1-40ED-B9E8-57EAD89FAC8B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FA2021AE-ABE9-4F65-83C6-79562CDFE4A0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{352EEC65-313E-4DCF-A93B-85A52152C514}C:\users\paul\desktop\warcraft iii\war3.exe] => (Allow) C:\users\paul\desktop\warcraft iii\war3.exe
FirewallRules: [UDP Query User{23E16A37-E306-4E1A-9074-9B3EF8BCD293}C:\users\paul\desktop\warcraft iii\war3.exe] => (Allow) C:\users\paul\desktop\warcraft iii\war3.exe
FirewallRules: [{1CAE9E80-1C7B-4EFA-95C9-6346E42C4A59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-09-2016 17:09:47 Scheduled Checkpoint
05-09-2016 21:07:28 Microsoft Office Proofing Tools 2013 - Nederlands is verwijderd

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2016 10:32:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAULELITEBOOK)
Description: Activation of app Microsoft.BingSports_8wekyb3d8bbwe!AppexSports failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/05/2016 10:16:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/05/2016 10:16:20 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/05/2016 09:50:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\$Recycle.Bin\S-1-5-21-1212818415-2308318455-2339852290-1001\$RDOIEJE.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (09/05/2016 09:19:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAULELITEBOOK)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/05/2016 09:07:44 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/05/2016 08:48:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PAULELITEBOOK)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/05/2016 07:58:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (09/05/2016 07:58:09 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (09/05/2016 07:54:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.


System errors:
=============
Error: (09/05/2016 10:32:13 PM) (Source: DCOM) (EventID: 10010) (User: PAULELITEBOOK)
Description: The server AppexSports did not register with DCOM within the required timeout.

Error: (09/05/2016 10:15:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/05/2016 10:13:01 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/05/2016 10:08:47 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/05/2016 10:02:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/05/2016 09:32:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office Click-to-Run Service service terminated unexpectedly. It has done this 3 time(s).

Error: (09/05/2016 09:19:15 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/05/2016 09:19:10 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/05/2016 09:19:08 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (09/05/2016 09:19:04 PM) (Source: DCOM) (EventID: 10001) (User: PAULELITEBOOK)
Description: Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error:
"31"
Happened while starting this command:
"C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider


CodeIntegrity:
===================================
Date: 2016-09-05 19:02:34.137
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-29 16:41:34.828
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-27 20:24:11.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-24 12:17:04.012
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-23 18:34:07.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-21 10:44:55.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-14 14:00:25.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-10 22:01:35.764
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-09 12:52:18.529
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-05 10:30:20.399
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 8125.5 MB
Available physical RAM: 3854.25 MB
Total Virtual: 10301.5 MB
Available Virtual: 5787.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.57 GB) (Free:108.86 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 10 September 2016 - 03:04 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:37 AM

Posted 10 September 2016 - 09:29 AM

Greetings Salmiakbal and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:37 AM

Posted 10 September 2016 - 03:19 PM

Greetings,

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall all Adobe and Microsoft products for which you do not have a valid product key and any other like programs. If you are willing to do that please rerun a FRST scan with Addition.txt checked and post both logs. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Salmiakbal

Salmiakbal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 11 September 2016 - 04:24 AM

Hi Gary,

 

Thank you for helping me with my problem. If you would like you can call me Paul.

 

I have done as you requested, deleting Adobe Illustrator, Indesign and Lightroom. I'm however not sure which Microsoft software you mean, as far as I'm aware I only have legitimate Microsoft software on my computer at the moment. I used to have illegal office, but since it was free to download office 365 through my university's website (since about a month ago) I uninstalled the old office and used the legitimate one. Please let me know if you notice anything that I have missed.

 

Regards,

 

Paul

 

Here is the log information:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\comsol\comsol43\doc\plugins\com.comsol.help.models.sme.single_edge_crack.jar
c:\program files\comsol\comsol43\models\structural_mechanics_module\verification_models\single_edge_crack.mph
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files\matlab\r2014b\resources\pde\en\crackg.xml
c:\program files\matlab\r2014b\toolbox\pde\crackb.m
c:\program files\matlab\r2014b\toolbox\pde\crackg.m
c:\program files\matlab\r2014b\toolbox\pde\ja\crackb.m
c:\program files\matlab\r2014b\toolbox\pde\ja\crackg.m
c:\program files (x86)\fire chief\!crack.nfo
c:\program files (x86)\fire chief\cracknocd4ims.exe
c:\users\paul\desktop\warcraft iii\1.04_bnet_crack.zip
c:\users\paul\desktop\warcraft iii\warcraft3_no_cd_crack_105.zip
c:\users\paul\documents\documents\downloads\age of mythology complete\ageofmythologythetitansv1.03nocdcrack.rar
c:\users\paul\music\mastodon\crack the skye\desktop.ini
hosts 127.0.0.1 lmlicenses.wip4.adobe.com
hosts 127.0.0.1 lm.licenses.adobe.com
hosts 127.0.0.1 na1r.services.adobe.com
hosts 127.0.0.1 hlrcv.stage.adobe.com
scanner sequence 3.KG.11.LUAAH0
 ----- EOF -----
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Paul (administrator) on PAULELITEBOOK (11-09-2016 11:16:42)
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & Gast)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Nightly\firefox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.424_none_767fbf7a263fc7d3\TiWorker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Flux Software LLC) C:\Users\Paul\AppData\Local\FluxSoftware\Flux\flux.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
(Mozilla Corporation) C:\Program Files\Nightly\firefox.exe
() C:\Users\Paul\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Suunto) C:\Users\Paul\AppData\Local\Apps\2.0\1HX9B33N.933\64790PR0.OHL\move..tion_391e8feca7b0cf78_0001.0004_6a44d207d5656cac\Moveslink2.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
() C:\Program Files\Transmission\dbus-daemon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Farbar) C:\Users\Paul\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-09-18] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-11-12] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-03] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-07-05] (Apple Inc.)
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Run: [f.lux] => C:\Users\Paul\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Run: [Moveslink2] => C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8894680 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1332224 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2015 Fast Start.lnk [2015-12-28]
ShortcutTarget: SOLIDWORKS 2015 Fast Start.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2015-12-10]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SOLIDWORKS Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{cf516187-cd30-48bc-9cbd-d7cf36b27fe4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{dc91a518-954c-440a-993b-4e07eb5c6a5d}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2016-09-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default
FF Homepage: hxxps://www.facebook.com/
hxxps://www.youtube.com/feed/subscriptions
FF Session Restore: -> is enabled.
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2016-09-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-09-23] (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll [2012-04-05] (Dassault Systèmes)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1212818415-2308318455-2339852290-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-15] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1212818415-2308318455-2339852290-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2012-10-17] (Ubisoft)
FF Extension: (Tab Auto Reload) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\extensions\TabAutoReload@schuzak.jp.xpi [2015-07-24]
FF Extension: (Ghostery) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\firefox@ghostery.com.xpi [2016-08-12]
FF Extension: (Woordenboek Nederlands) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2015-05-11] [not signed]
FF Extension: (Tab Groups) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\tabgroups@quicksaver.xpi [2016-06-02]
FF Extension: (YouTube High Definition) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-09-11]
FF Extension: (Adblock Plus) - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\zk838e79.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-07]
CHR Extension: (Google Documenten) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-07]
CHR Extension: (Google Drive) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-07]
CHR Extension: (YouTube) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-07]
CHR Extension: (Google Spreadsheets) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-07]
CHR Extension: (Offline Documenten) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-25]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-16]
CHR Extension: (Gmail) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2286848 2015-10-14] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3248320 2016-08-28] (Microsoft Corporation)
S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company) [File not signed]
S2 IBG_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibguard.exe [630272 2012-08-08] (Embarcadero Technologies, Inc.) [File not signed]
S3 IBS_gds_db; C:\Program Files (x86)\Embarcadero\RAD Studio\10.0\InterBaseXE3\bin\ibserver.exe [4868608 2012-08-08] (Embarcadero Technologies, Inc.) [File not signed]
R2 NVWMI; C:\WINDOWS\system32\nvwmi64.exe [1290016 2013-09-18] (NVIDIA Corporation)
S2 RemoteSolverDispatcher; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Flow Simulation\binCFW\remotesolverdispatcherservice.exe [238848 2015-06-18] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-12-10] (SolidWorks) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2012-11-12] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-03] (Synaptics Incorporated)
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [35328 2013-10-11] (Validity Sensors, Inc.) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
U5 androidusb; C:\Windows\System32\Drivers\androidusb.sys [31744 2009-05-14] (Google Inc)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [208176 2015-10-14] (Broadcom Corporation.)
S3 e1cexpress; C:\Windows\system32\DRIVERS\e1c65x64.sys [472016 2016-03-29] (Intel Corporation)
R3 johci; C:\Windows\System32\drivers\johci.sys [26208 2012-07-16] (JMicron Technology Corp.)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R3 SaiK0CCC; C:\Windows\system32\DRIVERS\SaiK0CCC.sys [171016 2010-04-29] (Saitek)
R3 SaiU0CCC; C:\Windows\System32\drivers\SaiU0CCC.sys [41096 2010-04-29] (Saitek)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-03] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [700128 2015-12-08] (Sunplus)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-05] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\Users\Paul\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.sys [14544 2016-09-05] (OpenLibSys.org)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-11 11:16 - 2016-09-11 11:17 - 00020349 _____ C:\Users\Paul\Desktop\FRST.txt
2016-09-11 11:14 - 2016-09-11 11:14 - 00001225 _____ C:\Users\Paul\Desktop\ckfiles.txt
2016-09-11 11:03 - 2016-09-11 11:03 - 00468480 _____ () C:\Users\Paul\Desktop\CKScanner.exe
2016-09-05 22:56 - 2016-09-05 23:02 - 02397696 _____ (Farbar) C:\Users\Paul\Desktop\FRST64(1).exe
2016-09-05 22:26 - 2016-09-05 22:27 - 01381850 _____ C:\Users\Paul\Desktop\bookmarks.html
2016-09-05 19:05 - 2016-09-05 19:05 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-09-05 17:07 - 2016-09-05 17:07 - 00000000 ____D C:\Program Files (x86)\ESET
2016-09-05 17:05 - 2016-09-11 11:16 - 00000000 ____D C:\FRST
2016-09-05 17:05 - 2016-09-05 17:05 - 02397696 _____ (Farbar) C:\Users\Paul\Downloads\FRST64.exe
2016-09-05 16:54 - 2016-09-05 16:55 - 33087944 _____ (Adlice Software ) C:\Users\Paul\Downloads\setup(3).exe
2016-09-05 16:53 - 2016-09-05 16:53 - 10451640 _____ (SurfRight B.V.) C:\Users\Paul\Downloads\HitmanPro.exe
2016-09-05 16:52 - 2016-09-05 16:52 - 00046960 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-09-05 16:51 - 2016-09-05 16:51 - 11438608 _____ (SurfRight B.V.) C:\Users\Paul\Downloads\hitmanpro_x64(1).exe
2016-09-05 16:44 - 2016-09-05 16:44 - 11438608 _____ (SurfRight B.V.) C:\Users\Paul\Downloads\HitmanPro_x64.exe
2016-09-05 16:43 - 2016-09-05 16:43 - 03826240 _____ C:\Users\Paul\Downloads\AdwCleaner.exe
2016-09-05 15:57 - 2016-09-06 14:40 - 00000000 ____D C:\Users\Paul\Desktop\OpenHardwareMonitor
2016-09-05 15:56 - 2016-09-05 15:56 - 00511764 _____ C:\Users\Paul\Downloads\openhardwaremonitor-v0.7.1-beta(1).zip
2016-09-05 15:55 - 2016-09-05 15:55 - 00002560 _____ C:\WINDOWS\_MSRSTRT.EXE
2016-09-05 15:54 - 2016-09-05 15:55 - 00511764 _____ C:\Users\Paul\Downloads\openhardwaremonitor-v0.7.1-beta.zip
2016-09-05 15:53 - 2016-09-05 15:53 - 00002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-09-05 15:53 - 2016-09-05 15:53 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-05 15:53 - 2016-09-05 15:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-05 15:53 - 2016-09-05 15:53 - 00000000 ____D C:\Program Files\CCleaner
2016-09-05 15:52 - 2016-09-05 15:53 - 08227032 _____ (Piriform Ltd) C:\Users\Paul\Downloads\ccsetup521.exe
2016-09-05 15:46 - 2016-09-05 15:55 - 00000000 ____D C:\Program Files (x86)\Eusing Free Registry Cleaner
2016-09-05 15:46 - 2016-09-05 15:46 - 00000000 ____D C:\Users\Paul\AppData\Roaming\Eusing
2016-09-05 15:45 - 2016-09-05 15:46 - 00984554 _____ C:\Users\Paul\Downloads\EFRCSetup.exe
2016-09-05 15:42 - 2016-09-05 15:51 - 00000000 ____D C:\Users\Paul\AppData\Roaming\GlarySoft
2016-09-05 15:41 - 2016-09-05 15:51 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-09-05 15:40 - 2016-09-05 15:41 - 05090248 _____ C:\Users\Paul\Downloads\rrsetup.exe
2016-09-05 15:14 - 2016-09-05 21:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-05 15:14 - 2016-09-05 15:14 - 22851472 _____ (Malwarebytes ) C:\Users\Paul\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-05 15:11 - 2016-09-05 15:11 - 00604960 _____ (Reimage) C:\Users\Paul\Downloads\ReimageRepair.exe
2016-09-04 18:33 - 2016-09-04 18:33 - 05201280 _____ (Piriform Ltd) C:\Users\Paul\Downloads\spsetup129.exe
2016-09-04 18:33 - 2016-09-04 18:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-09-04 18:33 - 2016-09-04 18:33 - 00000000 ____D C:\Program Files\Speccy
2016-08-28 17:16 - 2016-09-06 14:25 - 00000000 ____D C:\Program Files\Nightly
2016-08-28 14:20 - 2016-08-28 14:20 - 00394496 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2016-08-28 14:20 - 2016-08-28 14:20 - 00271104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2016-08-28 14:20 - 2016-08-28 14:20 - 00089328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00639728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00443632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00334616 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00244504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2016-08-28 14:19 - 2016-08-28 14:19 - 00085744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2016-08-27 20:36 - 2016-08-27 20:38 - 527736272 _____ C:\Users\Paul\Downloads\maandag%20nacht.zip
2016-08-23 17:05 - 2016-08-23 17:05 - 00000000 ____D C:\Users\Gast\AppData\Local\MicrosoftEdge
2016-08-23 07:52 - 2016-08-23 07:52 - 00209753 _____ C:\Users\Paul\Downloads\WhatsApp Image 2016-08-22 at 22.59.00.jpeg
2016-08-21 22:56 - 2016-08-21 22:56 - 00466168 _____ C:\Users\Paul\Downloads\WhatsApp Image 2016-08-21 at 17.19.20.jpeg
2016-08-18 08:59 - 2016-08-18 08:59 - 00003334 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-18 08:58 - 2016-08-18 08:58 - 00000000 ____D C:\Users\Gast\AppData\Roaming\Skype
2016-08-15 15:09 - 2016-08-15 15:09 - 00010938 _____ C:\Users\Paul\AppData\Local\recently-used.xbel

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-11 11:12 - 2013-11-13 23:21 - 00000000 ____D C:\Users\Paul\AppData\Roaming\transmission
2016-09-11 11:11 - 2014-03-16 11:41 - 00000000 ____D C:\Program Files (x86)\Fire Chief
2016-09-11 11:03 - 2014-06-17 13:16 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B89AD4B7-B869-4EC6-BA0C-FB0E8E803236}
2016-09-11 10:52 - 2015-07-21 13:58 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-09-11 10:52 - 2013-11-14 14:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-11 10:52 - 2013-11-14 14:47 - 00000000 ____D C:\ProgramData\Adobe
2016-09-11 10:41 - 2016-01-07 19:20 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-11 10:41 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-11 10:39 - 2015-10-19 21:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-11 10:39 - 2013-11-13 19:16 - 00000000 ____D C:\Program Files\Microsoft Office
2016-09-11 10:32 - 2014-08-21 14:10 - 00000000 ____D C:\Users\Paul\AppData\Local\Adobe
2016-09-11 10:31 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-11 10:28 - 2016-01-29 17:11 - 00000000 ____D C:\Users\Paul\AppData\Local\Deployment
2016-09-10 13:11 - 2014-12-16 16:02 - 00000572 _____ C:\WINDOWS\Tasks\MATLAB R2014b Startup Accelerator.job
2016-09-10 12:41 - 2016-01-07 19:20 - 00001088 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-09 23:06 - 2013-11-13 19:02 - 00000000 ____D C:\Users\Paul\AppData\Local\Packages
2016-09-05 23:22 - 2015-08-03 23:59 - 00005842 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-05 21:24 - 2015-12-10 15:09 - 00007599 _____ C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2016-09-05 21:05 - 2015-10-30 11:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-09-05 21:05 - 2015-03-09 18:40 - 00000000 ____D C:\Program Files (x86)\Bulk Image Downloader
2016-09-05 20:54 - 2015-12-20 13:09 - 00000000 ____D C:\WINDOWS\Minidump
2016-09-05 20:49 - 2016-04-26 10:54 - 00000000 ____D C:\Users\Paul\AppData\LocalLow\Mozilla
2016-09-05 20:46 - 2015-12-10 05:14 - 00000000 ____D C:\Users\Paul
2016-09-05 20:12 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-05 19:52 - 2013-11-18 18:39 - 00000000 ____D C:\ProgramData\Embarcadero
2016-09-05 19:51 - 2015-12-10 05:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-05 19:37 - 2015-05-10 10:11 - 00000000 ____D C:\Users\Paul\AppData\Local\CrashDumps
2016-09-05 19:05 - 2015-10-30 09:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-05 19:05 - 2015-10-30 09:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-05 17:50 - 2016-05-24 18:39 - 00000000 ____D C:\Users\Gast
2016-09-05 16:56 - 2015-05-03 12:28 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-09-05 16:46 - 2015-10-30 08:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-05 16:46 - 2014-11-27 12:02 - 00000000 ____D C:\AdwCleaner
2016-09-05 16:34 - 2015-01-02 18:29 - 00000000 ____D C:\Users\Paul\AppData\Roaming\MPC-HC
2016-09-05 16:34 - 2014-07-07 20:46 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-05 16:32 - 2015-12-10 14:01 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-05 16:18 - 2014-07-31 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-05 15:41 - 2013-11-28 21:35 - 00000000 ____D C:\Program Files (x86)\Assassins Creed IV Black Flag
2016-09-05 15:10 - 2016-08-10 15:41 - 00000000 ____D C:\temp
2016-09-03 12:45 - 2015-04-19 00:09 - 00000000 ____D C:\Users\Paul\AppData\Local\ElevatedDiagnostics
2016-08-22 19:05 - 2015-12-10 05:03 - 05013960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-21 12:15 - 2014-09-20 01:07 - 00000000 ____D C:\Users\Paul\Documents\Proteus-Eretes
2016-08-18 12:48 - 2013-11-14 14:39 - 00000000 ____D C:\Users\Paul\Documents\TU Delft
2016-08-18 11:45 - 2015-12-11 00:36 - 00000000 ____D C:\Users\Paul\AppData\Local\TempSWBackupDirectory
2016-08-18 08:59 - 2016-05-24 18:44 - 00002407 _____ C:\Users\Gast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-18 08:59 - 2016-05-24 18:44 - 00000000 ___RD C:\Users\Gast\OneDrive
2016-08-15 15:09 - 2014-09-19 16:39 - 00000000 ____D C:\Users\Paul\AppData\Local\gtk-2.0
2016-08-15 15:09 - 2014-09-19 16:38 - 00000000 ____D C:\Users\Paul\.gimp-2.8
2016-08-15 14:59 - 2016-05-29 16:07 - 00000034 _____ C:\Users\Paul\AppData\Roaming\AdobeWLCMCache.dat
2016-08-14 13:45 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-12 21:26 - 2016-08-05 19:51 - 00000000 ____D C:\Users\Paul\Desktop\Warcraft III

==================== Files in the root of some directories =======

2016-05-29 16:07 - 2016-08-15 14:59 - 0000034 _____ () C:\Users\Paul\AppData\Roaming\AdobeWLCMCache.dat
2016-08-15 15:09 - 2016-08-15 15:09 - 0010938 _____ () C:\Users\Paul\AppData\Local\recently-used.xbel
2015-12-10 15:09 - 2016-09-05 21:24 - 0007599 _____ () C:\Users\Paul\AppData\Local\Resmon.ResmonCfg
2016-07-01 14:30 - 2016-07-28 14:24 - 0000000 _____ () C:\Users\Paul\AppData\Local\Temptable.xml

Some zero byte size files/folders:
==========================
C:\Windows\System32\LanguageComponentsInstaller.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-05 14:34

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Paul (11-09-2016 11:18:21)
Running from C:\Users\Paul\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-10 03:38:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1212818415-2308318455-2339852290-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1212818415-2308318455-2339852290-503 - Limited - Disabled)
Gast (S-1-5-21-1212818415-2308318455-2339852290-1007 - Limited - Enabled) => C:\Users\Gast
Guest (S-1-5-21-1212818415-2308318455-2339852290-501 - Limited - Disabled)
Paul (S-1-5-21-1212818415-2308318455-2339852290-1001 - Administrator - Enabled) => C:\Users\Paul
Sonos (S-1-5-21-1212818415-2308318455-2339852290-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3DVIA player 5.0.0.20 (HKLM-x32\...\{F06365EC-061E-48C3-B761-E1816658D618}) (Version: 5.0.20 - 3DVIA)
Adobe Acrobat Reader DC - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Age of Empires complete version 1.0c (HKLM-x32\...\{F7F0D70E-9027-4DF5-B67F-4B48CE29565A}_is1) (Version: 1.0c - vol1)
Alcor Micro Smart Card Reader Driver (HKLM-x32\...\SZCCID) (Version: 1.7.37.0 - Alcor Micro Corp.)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.37.0 - Alcor Micro Corp.) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6F085FCD-4B6A-4F63-AF23-B74629C40797}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Assassins Creed IV Black Flag (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRJVkJsYWNrRmxhZw==_is1) (Version: 1 - )
Aurora 33.0a2 (x86 en-US) (HKLM-x32\...\Aurora 33.0a2 (x86 en-US)) (Version: 33.0a2 - Mozilla)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BDE_ENT (x32 Version: 5.1.1 - Borland Software Corp.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
CodeSite Express 5.1.1 (HKLM-x32\...\CodeSite Express 5.1.1) (Version: 5.1 - Raize Software, Inc.)
CollabNet Subversion Client 1.7.5 (HKLM-x32\...\CollabNet Subversion Client) (Version: 1.7.5 - CollabNet)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
COMSOL 4.3 (HKLM-x32\...\COMSOL43) (Version: COMSOL Multiphysics 4.3 - COMSOL)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
De Schippers van de Kameleon (HKLM-x32\...\De Schippers van de Kameleon) (Version:  - )
DevJET Documentation Insight Express Edition V2.1.8.25 (HKLM-x32\...\{F62B6FC9-BECA-4209-9F8E-09528DC143BE}_is1) (Version:  - DevJET)
Embarcadero Delphi and C++Builder XE3 Help System (HKLM-x32\...\Embarcadero Delphi and C++Builder XE3 Help System) (Version: 10.0 - Embarcadero Technologies, Inc.)
Embarcadero Delphi and C++Builder XE3 Help System (x32 Version: 10.0 - Embarcadero Technologies, Inc.) Hidden
Embarcadero InterBase XE3 64 [instance = gds_db] (HKLM-x32\...\Embarcadero InterBase XE3 64 [instance = gds_db]) (Version: Embarcadero InterBase XE3 - Embarcadero Technologies Inc)
Embarcadero RAD Studio XE3 (HKLM-x32\...\Embarcadero RAD Studio XE3) (Version: 10.0 - Embarcadero Technologies)
Embarcadero RAD Studio XE3 (x32 Version: 10.0 - Embarcadero) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
f.lux (HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\Flux) (Version:  - )
FastReport 4 Embarcadero edition (HKLM-x32\...\{BDC6B3DE-760E-4626-998B-FB8F6D972F87}) (Version: Embarcadero Edition - FastReports)
GanttProject (HKLM-x32\...\GanttProject) (Version:  - )
Geeks3D FurMark 1.11.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.15) (Version: 9.15 - Artifex Software Inc.)
Grand Theft Auto V (HKLM-x32\...\Grand Theft Auto V_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, ProZorg_tm)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
HP 3D DriveGuard (HKLM\...\{6C8684DD-B238-4806-9E93-BDD12CD11998}) (Version: 5.1.12.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 8.1 (HKLM-x32\...\{A3876D50-4A88-4A34-92E1-5D7BC8F886E1}) (Version: 1.0.1 - Hewlett-Packard Company)
HP HD Webcam [Fixed] (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.8.54 - SunplusIT)
HP Hotkey Support (HKLM-x32\...\{C807BEFB-0F17-41AC-B307-D7B5E1553040}) (Version: 5.0.20.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6435.0 - IDT)
Intel® Driver Update Utility 2.6 (x32 Version: 2.6.0.32 - Intel) Hidden
Intel® Network Connections 21.0.504.0 (HKLM\...\PROSetDX) (Version: 21.0.504.0 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.5.1006 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{3e714701-b89c-4cf2-bf3b-41b2c105ffdc}) (Version: 2.6.0.32 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{89a03d4c-5e14-4180-984e-6932893138fc}) (Version: 17.14.0 - Intel Corporation)
iTunes (HKLM\...\{98C7A9A1-5A7B-471D-9D55-0668147BEB7D}) (Version: 12.4.2.4 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
LG One Click Root (HKLM-x32\...\{5085AFF1-777B-4052-85D1-59140D26DB28}) (Version: 1.3.0.0 - avicohh software)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.13.2.0 - LG Electronics)
MATLAB R2014b (HKLM\...\Matlab R2014b) (Version: 8.4 - The MathWorks, Inc.)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version:  - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7341.2021 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft1.8.8 (HKLM-x32\...\Minecraft1.8.8) (Version:  - )
Moveslink2 (HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\09caaf8ee8bfbd57) (Version: 1.4.3.115 - Suunto)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.0.6092 - Mozilla)
MPC-HC 1.7.7 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.7 - MPC-HC Team)
Need for Speed Underground 2 (HKLM-x32\...\Need for Speed Underground 2) (Version:  - )
Nightly 34.0a1 (x86 en-US) (HKLM-x32\...\Nightly 34.0a1 (x86 en-US)) (Version: 34.0a1 - Mozilla)
Nightly 51.0a1 (x64 en-US) (HKLM\...\Nightly 51.0a1 (x64 en-US)) (Version: 51.0a1 - Mozilla)
NVIDIA Graphics Driver 327.31 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.31 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA WMI 2.14.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.14.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7341.2021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7341.2021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7341.2021 - Microsoft Corporation) Hidden
Portal (HKLM-x32\...\Portal) (Version:  - )
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Railroad Pioneer (HKLM-x32\...\Railroad Pioneer) (Version: 1.0.6.1 - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SmartBear AQtime 7 Standard for Embarcadero RAD Studio (x32 Version: 7.50.1260.861 - SmartBear Software) Hidden
SmartBear AQtime 7 Standard for Embarcadero RAD Studio XE, XE2 and XE3 (HKLM-x32\...\InstallShield_{DC75000A-9FD8-4445-A578-C52209A90522}) (Version: 7.50.1260.861 - SmartBear Software)
SOLIDWORKS 2015 x64 Edition SP04 (HKLM-x32\...\SolidWorks Installation Manager 20150-40400-1100-100) (Version: 23.4.0.56 - SolidWorks Corporation)
SOLIDWORKS 2015 x64 Edition SP04 (Version: 23.140.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Composer 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS eDrawings 2015 x64 Edition SP04 (Version: 15.4.0012 - Dassault Systèmes SolidWorks Corp) Hidden
SOLIDWORKS Explorer 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Flow Simulation 2015 SP04 x64 Edition  (Version: 23.40.57 - Dassault Systemes SolidWorks Corp) Hidden
SOLIDWORKS Plastics 2015 SP04 x64 Edition (Version: 23.40.56 - Dassault Systemes SolidWorks Corp) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 29.5.90191 - Sonos, Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.0 - Synaptics Incorporated)
The Elder Scrolls V Skyrim (HKLM-x32\...\{4FEF52F2-3C2C-4B80-9443-3D6A654328D0}_is1) (Version:  - Bethesda Softworks)
Unity Web Player (HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vector Magic (HKLM-x32\...\Vector Magic) (Version: 1.15 - Vector Magic, Inc.)
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - LG Electronics Inc (ANDModem) Modem  (11/30/2010 2.2.0.0) (HKLM\...\3F162CA9EF5A33FF16B97554663A71E35053783E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc)
Windows Driver Package - LG Electronics Inc. (Andbus) USB  (11/30/2010 2.2.0.0) (HKLM\...\7972D4F247E02C0849331540773B9ABFA384B182) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndDiag) Ports  (11/30/2010 2.2.0.0) (HKLM\...\A3F0461CF2623C40BC42C38D4C0E7319E5C458CA) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics Inc. (AndGps) Ports  (11/30/2010 2.2.0.0) (HKLM\...\37C6E863D718F6363FBAC33FBAAA927F5DC2A43E) (Version: 11/30/2010 2.2.0.0 - LG Electronics Inc.)
Windows Driver Package - LG Electronics, Inc. (andnetndis) Net  (03/07/2012 3.7.0.0) (HKLM\...\E670C2A33F5DE62100C1BF6291C8DBBCE5457692) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - LG Electronics, Inc. Net  (03/07/2012 3.7.0.0) (HKLM\...\1189BFED67524133874A995F6EE63DC76C2083C1) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - LG Electronics, Inc. WPD  (03/07/2012 3.7.0.0) (HKLM\...\5A454C002BB9011E261D0C1B7E846CD23A1D1806) (Version: 03/07/2012 3.7.0.0 - LG Electronics, Inc.)
Windows Driver Package - Motorola (bqusbser) Modem  (02/24/2009 1.1.0.0) (HKLM\...\46D28B033482A13C68B1777C399248A0FE510D1A) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows Driver Package - Motorola (bqusbser) Ports  (02/24/2009 1.1.0.0) (HKLM\...\3E885DDD8DE7247FEBCE2F5FEF86A3664DF51FEC) (Version: 02/24/2009 1.1.0.0 - Motorola)
Windows Driver Package - Motorola (motandroidusb) USB  (11/26/2012 1.2.14.0) (HKLM\...\17DC46E7226DD240CE5480A071337C9D15C5991E) (Version: 11/26/2012 1.2.14.0 - Motorola)
Windows Driver Package - Motorola (motccgp) USB  (11/26/2012 3.3.1.0) (HKLM\...\F62C352416202B84E7804DE3CE695F30A4FDA328) (Version: 11/26/2012 3.3.1.0 - Motorola)
Windows Driver Package - Motorola (motmodem) Modem  (06/08/2012 5.0.0.0) (HKLM\...\EC59CFD8B4CBED0A412E4B22DAB4C565DE2E79D5) (Version: 06/08/2012 5.0.0.0 - Motorola)
Windows Driver Package - Motorola (Motousbnet) Net  (06/08/2012 2.6.0.0) (HKLM\...\F0EE2BD961E485B5B5AE20058D7FEC68F3C0DE1D) (Version: 06/08/2012 2.6.0.0 - Motorola)
Windows Driver Package - Motorola (motport) Ports  (06/08/2012 5.0.0.0) (HKLM\...\0E7272CE1AFA7996DFC0F8B0B359D995AA4DB9A1) (Version: 06/08/2012 5.0.0.0 - Motorola)
Windows Driver Package - Motorola (motusbdevice) USB  (06/08/2012 1.1.3.0) (HKLM\...\1F35118DF730077690CF2BAEBDAC57D2138F7E44) (Version: 06/08/2012 1.1.3.0 - Motorola)
Windows Driver Package - Motorola (usbser) Ports  (11/26/2012 1.0.1.0) (HKLM\...\23D2826F79B1BE46FCB42BB6BF83B57975E5A7F8) (Version: 11/26/2012 1.0.1.0 - Motorola)
Windows Driver Package - Motorola Inc (MotDev) MOTUSB  (11/08/2011 3.2.12.0) (HKLM\...\F8C33978D5941EC809F57F088EE5517BBBE19FFD) (Version: 11/08/2011 3.2.12.0 - Motorola Inc)
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (dg_ssudbus) USB  (03/25/2013 2.9.508.0) (HKLM\...\686FE24C5F44B8399EDAD00FF437C91E8E4C33C6) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\C9AEC81E4D365534AF50161EDA7C9CC56B205507) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadmdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\7F88F2DFE1ABA293DADBE5DA286367B63BC6803B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssadserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\95CB371FE417AB927308B5EA16B0FFD8902579FC) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaebus) USB  (02/05/2010 5.14.0.0) (HKLM\...\8CDE6EEFC346A059EC210060FC7B7DAA8279D584) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaemdm) Modem  (02/05/2010 5.14.0.0) (HKLM\...\14AE004B19BD3BB393FF6268715C15E1F14216E8) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaend5) Net  (02/05/2010 5.14.0.0) (HKLM\...\75005F34035E512FEEBCAE8E47C427F0D5B95E92) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssaeunic) USB  (02/05/2010 5.14.0.0) (HKLM\...\0B1DCCBA5BC4F4EEFC1C4D6AC8B27D2393A38E9B) (Version: 02/05/2010 5.14.0.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdbus) USB  (11/30/2012 5.30.14.0) (HKLM\...\48D2E7EFFD4BAB26BC0C02AD45ACAAE9F6DCE93B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdmdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\27E187FA129B3851CA36E7EFD57A4B410C363A74) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscdserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\0538728B8C08F691CFD167E4B7C479EF672BDBCB) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscebus) USB  (11/30/2012 5.30.14.0) (HKLM\...\DBB8AAF635B8C4AFC784BE729331BD04DBE1002D) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (sscemdm) Modem  (11/30/2012 5.30.14.0) (HKLM\...\86E162131DFD10D5894F0B148F3FB8E8562D602B) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssceserd) Ports  (11/30/2012 5.30.14.0) (HKLM\...\774F03A40D4344CD199548B37D6686E7A3B91FDF) (Version: 11/30/2012 5.30.14.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssuddmgr) Ports  (03/25/2013 2.9.508.0) (HKLM\...\79BE6E72F3FB459964ECB14CA5E9499EB84CED24) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudmdm) Modem  (03/25/2013 2.9.508.0) (HKLM\...\59448F49ADCE2157A5E72FF82862DAFFBC071F75) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudobex) Ports  (03/25/2013 2.9.508.0) (HKLM\...\3889AC3DC15E870F7212E360BD6BD1FA71261AAC) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  (ssudserd) Ports  (03/25/2013 2.9.508.0) (HKLM\...\139FA893FBE6105A30D47E0FAB2B465546E1605D) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (03/25/2013 2.9.508.0) (HKLM\...\A8ACA907A00D578D644681DCA06EC0E1608C03A2) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  Net  (05/13/2011 5.28.2.1) (HKLM\...\CC16886829EBCBDE3BFDAE395E74FACD43F1386F) (Version: 05/13/2011 5.28.2.1 - SAMSUNG Electronics Co., Ltd. )
Windows Driver Package - SAMSUNG Electronics Co., Ltd.  WPD  (03/25/2013 2.9.508.0) (HKLM\...\8657EAB5BD6A536AA497AEA26A00A6E6B25F5CD7) (Version: 03/25/2013 2.9.508.0 - SAMSUNG Electronics Co., Ltd. )
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1212818415-2308318455-2339852290-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00096437-EF99-4CCC-B580-424CADFAA88D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {02CB4CC5-EB8C-40E5-8CD4-BF182E3089B4} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-29] (Microsoft Corporation)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0EFFF6FA-40D2-49E0-A6FF-0FDB1BFB90E8} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-03] (Synaptics Incorporated)
Task: {18BC528A-F1EE-4ED8-AF97-7C7FB229C61F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-08-29] (Microsoft Corporation)
Task: {6462FD87-7813-4EA7-8775-2653FDF0E217} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {7342658C-1079-40B1-B5A0-FA7151A368E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-28] (Microsoft Corporation)
Task: {81DD162A-F0C1-4653-9475-E39DE6C065A8} - System32\Tasks\MATLAB R2014b Startup Accelerator => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe [2014-07-26] ()
Task: {84368676-405B-4E70-89C7-4A1D9AC7852A} - \AutoKMS -> No File <==== ATTENTION
Task: {87C7BE4B-4C30-4B0C-862B-CF43E3958AD7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-08-28] (Microsoft Corporation)
Task: {8DA71712-A3D2-491F-92CE-FD54A705B531} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {9481019A-DBBC-4B6B-8794-589B7CD983F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {964820A9-C437-40A1-81EF-61ECD273A9ED} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {A046D2BA-C40B-4637-A690-54CF1FD706DD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AEC39E52-09A9-499F-B017-7991A1EE8DC9} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Gast\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
Task: {B85D41A8-096C-481C-AA7C-F81F1EF19E1A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BBD4C38E-781E-4CD9-9950-58EE41C2226F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2016-08-29] (Microsoft Corporation)
Task: {C104E9F4-500E-49DC-BD90-9689FF944D39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {D8CDE3A3-C814-4710-BDB1-B9EDF9F83F86} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-05] (Piriform Ltd)
Task: {DF758872-7788-4E4E-B5B6-156CCA31266E} - System32\Tasks\{9EA3C5F0-70D1-4B07-98B2-E18D786EE606} => pcalua.exe -a G:\start.exe -d G:\
Task: {E2E64CD9-29E4-4204-A22C-A176BE135F25} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {F202C5F2-B5FE-43C3-AABE-24E402513290} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {FAD9BA8B-22E1-4E34-9AF6-41D00D2B26A5} - \Microsoft\Windows\Setup\gwx\runappraiser -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014b Startup Accelerator.job => C:\Program Files\MATLAB\R2014b\bin\win64\MATLABStartupAccelerator.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft Debugger.lnk -> C:\Users\Paul\AppData\Roaming\.minecraft\minecraft launcher\Debug.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-02-26 18:34 - 2013-04-15 12:50 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-10 05:09 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-10 13:55 - 2015-12-10 13:55 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-06-19 10:14 - 2015-06-19 10:14 - 00268280 _____ () C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldBodyDiffu.dll
2016-08-02 14:58 - 2016-08-02 14:58 - 00959168 _____ () C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-08-02 14:45 - 2016-09-05 18:04 - 08923840 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2014-12-30 23:48 - 2016-09-05 15:57 - 00492544 _____ () C:\Users\Paul\Desktop\OpenHardwareMonitor\OpenHardwareMonitor.exe
2013-11-13 22:37 - 2013-09-18 23:11 - 00518432 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2015-12-10 13:55 - 2015-12-10 13:55 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-19 13:35 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-19 13:35 - 2015-12-07 06:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-19 14:04 - 2016-04-19 14:04 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-02 14:43 - 2016-08-02 14:45 - 02210480 _____ () C:\Program Files\Microsoft Office\Root\Office16\tmpod.dll
2016-08-02 14:43 - 2016-09-05 16:45 - 01402560 _____ () C:\Program Files\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2016-08-02 14:43 - 2016-09-05 18:54 - 04532416 _____ () C:\Program Files\Microsoft Office\root\Office16\gfx.dll
2013-11-13 19:24 - 2013-06-26 16:56 - 01011072 _____ () C:\Program Files\Transmission\dbus-daemon.exe
2016-01-12 20:24 - 2016-01-05 03:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 20:24 - 2016-01-05 03:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 14:05 - 2016-01-16 07:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 14:05 - 2016-01-16 07:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-22 01:08 - 2016-04-22 01:08 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01041208 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-19 14:04 - 2016-04-19 14:04 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 14:04 - 2016-04-19 14:04 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-09-08 14:23 - 2016-09-08 14:23 - 06870048 _____ () C:\Users\Paul\AppData\Local\Apps\2.0\1HX9B33N.933\64790PR0.OHL\move..tion_391e8feca7b0cf78_0001.0004_6a44d207d5656cac\BLLWrapper.DLL
2016-07-05 15:23 - 2016-07-05 15:23 - 00244536 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-08-02 14:58 - 2016-08-02 14:58 - 00679624 _____ () C:\Users\Paul\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2016-08-02 14:48 - 2016-09-05 18:25 - 08923840 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-07-22 19:09 - 00000960 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1212818415-2308318455-2339852290-1001\...\StartupApproved\Run: => "OffCAT"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{2A4430FB-3C42-4B35-B6BD-104AB71D32C7}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe
FirewallRules: [TCP Query User{EBFB018B-9C14-44D4-A76E-8F96664921C8}C:\program files (x86)\call of duty black ops 2\t6sp.exe] => (Block) C:\program files (x86)\call of duty black ops 2\t6sp.exe
FirewallRules: [UDP Query User{83E84852-E9D6-462F-AD20-6046BDF485A2}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [TCP Query User{03408578-3FC8-4D0D-821E-C4C680B7929D}C:\program files (x86)\activision\call of duty - black ops\blackops.exe] => (Block) C:\program files (x86)\activision\call of duty - black ops\blackops.exe
FirewallRules: [{51E1B0CC-1426-44E3-8671-7918B69F584A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8C1C9484-496D-4E28-A2CE-B728D87AFEB8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{826765F4-2FD5-4F4A-AD30-8BDDFE47F81A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5C62455C-ACA2-4663-977D-898C73F29832}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{94924B8C-7CAF-4868-8DEA-30C3FD540694}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2390E8CE-2CB4-47E7-9398-D6739A898AC7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [TCP Query User{920CD262-18E0-44F4-AB57-A2720F800F53}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{E49168D3-3054-4308-9D02-ADC28CA2ACB2}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{179B0FB7-511F-441D-9405-59DBF1FDC186}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{09652A2B-2244-4A07-BE85-D3A39C6CEC98}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{18085B71-4783-42EF-B063-4F839C973344}] => (Allow) C:\Program Files\Battlefield 4\bf4_x86.exe
FirewallRules: [{74EE9D59-1761-4D3D-89AA-46D18CFDA079}] => (Allow) C:\Program Files\Battlefield 4\bf4_x86.exe
FirewallRules: [{84F5D5B3-73E9-44B5-922A-0595E004E44A}] => (Allow) C:\Program Files\Battlefield 4\bf4.exe
FirewallRules: [{85E0ACBA-19E6-4F90-AB53-F6103C3F76A5}] => (Allow) C:\Program Files\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{C4359E73-2780-4D0D-B390-3A26C2932D7E}C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe] => (Allow) C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe
FirewallRules: [UDP Query User{9BB6562B-1D3A-409D-A4D2-028E917389FF}C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe] => (Allow) C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe
FirewallRules: [TCP Query User{E2A587B9-7676-4C9F-B74E-3017FB759622}C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe] => (Block) C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe
FirewallRules: [UDP Query User{41D3E0B8-E87E-4E57-B730-157C1995BB09}C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe] => (Block) C:\program files (x86)\embarcadero\rad studio\10.0\bin\bds.exe
FirewallRules: [TCP Query User{3970948F-1201-45B8-A997-2CDC79C9EBC8}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [UDP Query User{79422BBD-5AEF-4061-9B8A-451D66BF4024}C:\program files (x86)\valve\portal 2\portal2.exe] => (Allow) C:\program files (x86)\valve\portal 2\portal2.exe
FirewallRules: [TCP Query User{06408A4E-BDFC-4744-8784-48A5424D6DF2}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [UDP Query User{5A14975B-E639-403F-9307-DC01D7787E38}C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe] => (Allow) C:\program files (x86)\goat simulator\binaries\win32\goatgame-win32-shipping.exe
FirewallRules: [TCP Query User{B06521AF-A3CE-46D8-9FA5-78581D452B7A}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{E44AF5D0-8936-4FDA-BBFD-BF4CA102B7E9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{F59A8924-FC4A-4FE6-B69B-D86AEEE19D87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{63D854DF-B002-44E0-AF93-16F834058C47}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{39B6430C-1141-4619-92E3-F32CED4C0068}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{5834D628-0B02-4993-B386-F22E23B912C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{A0B6220C-9E14-49FD-A11B-19DE318E2D90}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat] => (Block) C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat
FirewallRules: [UDP Query User{CD91DF99-30CC-4E59-97F1-D04736D974F7}C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat] => (Block) C:\program files (x86)\ea games\command & conquer generals zero hour\game.dat
FirewallRules: [{6AE3D74A-8F04-4B7D-9594-1ED775432726}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17BBB931-6181-4FAE-BECD-055D1B77CDD7}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{7F2972DD-0C8D-4712-88DC-A216FF6D6D90}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [UDP Query User{C31D5A5B-9371-4D6F-BC56-D24BB68874D4}C:\program files (x86)\far cry 4\bin\farcry4.exe] => (Block) C:\program files (x86)\far cry 4\bin\farcry4.exe
FirewallRules: [TCP Query User{0E76238F-0793-4F62-8D55-812EBCBAD7FF}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [UDP Query User{7ADB891C-003E-4E4C-8899-587AB34DAE41}C:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) C:\program files\matlab\r2014b\bin\win64\matlab.exe
FirewallRules: [TCP Query User{26DA42F2-4F0D-4D4A-9900-E505F010E48F}C:\program files\tom clancy\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Block) C:\program files\tom clancy\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [UDP Query User{32D54229-19F8-4087-A00B-D53A52886809}C:\program files\tom clancy\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe] => (Block) C:\program files\tom clancy\tom clancy's rainbow six vegas 2\binaries\r6vegas2_game.exe
FirewallRules: [{5BB4B972-1C47-4921-ADEE-29767DD498DB}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [{80581EB5-0AB0-4B7B-8622-753C9B8D7B47}] => (Allow) C:\Program Files\Nightly\firefox.exe
FirewallRules: [TCP Query User{96F9BA75-EDA9-4B72-8B62-FC816E920B4F}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [UDP Query User{A81013E3-33BD-4766-AACB-8E5290579079}C:\program files\nightly\firefox.exe] => (Allow) C:\program files\nightly\firefox.exe
FirewallRules: [{9D241F44-F68B-4807-B994-5AA131E6D3C2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ABC6715E-A7C7-4E32-B8D3-D500145442B7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{DE695349-D46F-434D-9A30-DE9113BE4FD3}C:\program files (x86)\age of empires complete\empiresx.exe] => (Allow) C:\program files (x86)\age of empires complete\empiresx.exe
FirewallRules: [UDP Query User{246DFA60-07B0-4B79-B903-CFD653AD43D9}C:\program files (x86)\age of empires complete\empiresx.exe] => (Allow) C:\program files (x86)\age of empires complete\empiresx.exe
FirewallRules: [TCP Query User{4BE861E6-C677-4E7B-9FC7-761AB6C84CDD}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{0117C2C9-1AC9-4DFC-8696-B42B3E57CE24}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{CC3803C8-D2FF-4DEA-A155-088AEB0E6C65}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [UDP Query User{86958A41-D51C-4362-AC9B-E2B2B7234234}C:\program files (x86)\sonos\sonos.exe] => (Allow) C:\program files (x86)\sonos\sonos.exe
FirewallRules: [TCP Query User{9A449655-A238-4957-BA2F-00E8E00B91BE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5BEA6352-E4EC-40BF-90A9-A640657D744F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{99F78495-6551-483B-A5B5-4FEC9BDAB227}] => (Allow) C:\Program Files\WebDrive\WebDrive.exe
FirewallRules: [{CFC72CCD-003F-4860-A876-282204CD8834}] => (Allow) C:\Program Files\WebDrive\WebDrive.exe
FirewallRules: [{DF5E8763-E502-46B1-9E04-F70B648CEBAE}] => (Allow) C:\Program Files\WebDrive\wdService.exe
FirewallRules: [{9A629418-062E-48EC-9533-360A7852390F}] => (Allow) C:\Program Files\WebDrive\wdService.exe
FirewallRules: [{C7A659DA-72A0-41DE-81FA-30FA7178BD78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4E33A2C8-2030-4132-9F72-7E064E56CDEA}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C0FF273E-5E10-4593-92FF-8CE3733050EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{952360DE-991C-4B5F-BD57-E6797F972308}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{95ED7A05-AF07-4032-BBB2-01739C8E602B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{49A282F3-A95C-421C-8A3F-0121CCC292D1}C:\program files\solidworks corp\solidworks\photoview\photoview360.exe] => (Block) C:\program files\solidworks corp\solidworks\photoview\photoview360.exe
FirewallRules: [UDP Query User{27ED12BA-3191-4B6D-8D28-6DE2CB53A034}C:\program files\solidworks corp\solidworks\photoview\photoview360.exe] => (Block) C:\program files\solidworks corp\solidworks\photoview\photoview360.exe
FirewallRules: [{2ED2F88C-5494-4853-99CB-8DA9675EB317}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [{331AABB7-BF37-4676-84B0-4AE0551F035C}] => (Allow) C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
FirewallRules: [TCP Query User{9CAAF492-E0AD-4E1F-B39E-E0A3DEDCDC32}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{AB87ED58-826F-4EE0-9153-1749CB48473A}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{C345F6D0-C0BF-4473-BE30-F9693C8C1A01}C:\program files (x86)\r.g. mechanics\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\r.g. mechanics\crysis 2\bin32\crysis2.exe
FirewallRules: [UDP Query User{05C00BF7-5345-4A2F-8819-A625DE8C6C05}C:\program files (x86)\r.g. mechanics\crysis 2\bin32\crysis2.exe] => (Allow) C:\program files (x86)\r.g. mechanics\crysis 2\bin32\crysis2.exe
FirewallRules: [{4DA5E3E0-86CB-4F9A-BC5F-8E3A6C357108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3431F70F-F189-42B6-BCF3-171889909531}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C319663C-33AA-489E-AFC9-BA845B52A3B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4D8BE733-02BC-4672-82C6-DDB4D9EFD420}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0247D487-1B4E-45CF-9B76-B405D0BC28CD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{B87665B3-1E4F-4255-8DBD-CC93568D7130}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{67D948BC-820D-4E2B-917A-48AF2D71AEDB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{62878A7B-9088-4D97-8D88-D85B5906035A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A3FEB354-F9F1-40ED-B9E8-57EAD89FAC8B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FA2021AE-ABE9-4F65-83C6-79562CDFE4A0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{352EEC65-313E-4DCF-A93B-85A52152C514}C:\users\paul\desktop\warcraft iii\war3.exe] => (Allow) C:\users\paul\desktop\warcraft iii\war3.exe
FirewallRules: [UDP Query User{23E16A37-E306-4E1A-9074-9B3EF8BCD293}C:\users\paul\desktop\warcraft iii\war3.exe] => (Allow) C:\users\paul\desktop\warcraft iii\war3.exe
FirewallRules: [{1CAE9E80-1C7B-4EFA-95C9-6346E42C4A59}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-09-2016 17:09:47 Scheduled Checkpoint
05-09-2016 21:07:28 Microsoft Office Proofing Tools 2013 - Nederlands is verwijderd
11-09-2016 11:01:17 Removed Microsoft Office 2003 Web Components

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2016 11:01:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary WebDrive File System Driver.

System Error:
The system cannot find the file specified.
.

Error: (09/11/2016 11:01:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/11/2016 10:41:30 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Failed to determine if the store is in the crawl scope (error=0x80070005).

Error: (09/11/2016 10:41:30 AM) (Source: Outlook) (EventID: 34) (User: )
Description: Failed to get the Crawl Scope Manager with error=0x80070005.

Error: (09/11/2016 10:39:40 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: PAULELITEBOOK)
Description: Application or service 'Microsoft Windows Search Protocol Host' could not be shut down.

Error: (09/11/2016 10:28:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74594438

Error: (09/11/2016 10:28:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74594438

Error: (09/11/2016 10:28:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/10/2016 01:45:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 19313

Error: (09/10/2016 01:45:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 19313


System errors:
=============
Error: (09/10/2016 01:44:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 11:20:49 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/09/2016 12:11:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/08/2016 05:36:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 10:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 04:19:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/07/2016 12:34:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2016 05:31:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2016 02:23:55 PM) (Source: DCOM) (EventID: 10016) (User: PAULELITEBOOK)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user PaulElitebook\Paul SID (S-1-5-21-1212818415-2308318455-2339852290-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/06/2016 02:23:55 PM) (Source: DCOM) (EventID: 10016) (User: PAULELITEBOOK)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user PaulElitebook\Paul SID (S-1-5-21-1212818415-2308318455-2339852290-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2016-09-11 10:41:17.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-05 19:02:34.137
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-29 16:41:34.828
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-27 20:24:11.621
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-24 12:17:04.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-23 18:34:07.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-21 10:44:55.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-14 14:00:25.798
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 22:01:35.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-09 12:52:18.529
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 80%
Total physical RAM: 8125.5 MB
Available physical RAM: 1560.56 MB
Total Virtual: 10301.5 MB
Available Virtual: 2248.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.57 GB) (Free:114.56 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:37 AM

Posted 11 September 2016 - 09:14 AM

Hi Paul and thank you for your reply and information.
 

I used to have illegal office.

There is a remnant of this on your computer so we will remove it.

-----

If these are not legal copies I would appreciate it if you removed them. Downloads from untrusted sites, especially those providing cracked software, are primary means by which malware is introduced into a computer.

comsol
matlab
warcraft iii
age of mythology complete


-----

Do you know what this is?

c:\program files (x86)\fire chief

-----

There is a set of entries causing me some concern about the state of your hard drive. I tend to be overcautious in this area because of the potential loss of data if in fact your hard drive is bad. I would request you immediately back up any data you want to save, i.e. documents, photos, music, etc., before we do anything else. I am not saying the loss of data is imminent, just possible based on these entries:
 

Error: (09/05/2016 10:15:20 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Once you have backed up your data run the below for me please.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Double click gsmartcontrol.exe and follow the prompts to install the program all the way through the Finish button
  • Hit the Windows Key + E at the same time
  • Navigate to and double click C:\Program Files (86)\gsmartcontrol (select the application and not the Icon)
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • GSmart report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Salmiakbal

Salmiakbal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 11 September 2016 - 09:54 AM

Hi Gary

 

Thank you for your fast reply. I have deleted said folders/applications. I'm pretty sure fire chief is some old game that I've had on this laptop for ages. Do you want me to delete it?

I already made a backup out of precaution about a week ago, but thanks for the heads up! I ran the scan and posted the report below.

 

Thank you,

 

Paul

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Model Family:     Seagate Momentus 7200.4
Device Model:     ST9500420AS
Serial Number:    5VJCD7RH
LU WWN Device Id: 5 000c50 038bd1c7f
Firmware Version: 0002SDM1
User Capacity:    500.107.862.016 bytes [500 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 4
Local Time is:    Sun Sep 11 16:54:12 2016 WEDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00)    Offline data collection activity
                    was never started.
                    Auto Offline Data Collection: Disabled.
Self-test execution status:      ( 121)    The previous self-test completed having
                    the read element of the test failed.
Total time to complete Offline
data collection:         (    0) seconds.
Offline data collection
capabilities:              (0x73) SMART execute Offline immediate.
                    Auto Offline data collection on/off support.
                    Suspend Offline collection upon new
                    command.
                    No Offline surface scan supported.
                    Self-test supported.
                    Conveyance Self-test supported.
                    Selective Self-test supported.
SMART capabilities:            (0x0003)    Saves SMART data before entering
                    power-saving mode.
                    Supports SMART auto save timer.
Error logging capability:        (0x01)    Error logging supported.
                    General Purpose Logging supported.
Short self-test routine
recommended polling time:      (   2) minutes.
Extended self-test routine
recommended polling time:      ( 110) minutes.
Conveyance self-test routine
recommended polling time:      (   3) minutes.
SCT capabilities:            (0x103f)    SCT Status supported.
                    SCT Error Recovery Control supported.
                    SCT Feature Control supported.
                    SCT Data Table supported.

SMART Attributes Data Structure revision number: 10
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   116   091   006    Pre-fail  Always       -       109791648
  3 Spin_Up_Time            0x0003   097   096   085    Pre-fail  Always       -       0
  4 Start_Stop_Count        0x0032   099   099   020    Old_age   Always       -       2031
  5 Reallocated_Sector_Ct   0x0033   100   100   036    Pre-fail  Always       -       11
  7 Seek_Error_Rate         0x000f   065   060   030    Pre-fail  Always       -       313744352911
  9 Power_On_Hours          0x0032   090   090   000    Old_age   Always       -       9260
 10 Spin_Retry_Count        0x0013   100   100   097    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   099   099   020    Old_age   Always       -       1997
184 End-to-End_Error        0x0032   100   100   099    Old_age   Always       -       0
187 Reported_Uncorrect      0x0032   001   001   000    Old_age   Always       -       6594
188 Command_Timeout         0x0032   100   097   000    Old_age   Always       -       12885098521
189 High_Fly_Writes         0x003a   100   100   000    Old_age   Always       -       0
190 Airflow_Temperature_Cel 0x0022   064   048   045    Old_age   Always       -       36 (Min/Max 21/36)
191 G-Sense_Error_Rate      0x0032   100   100   000    Old_age   Always       -       323
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       139
193 Load_Cycle_Count        0x0032   001   001   000    Old_age   Always       -       207984
194 Temperature_Celsius     0x0022   036   052   000    Old_age   Always       -       36 (0 6 0 0 0)
195 Hardware_ECC_Recovered  0x001a   048   041   000    Old_age   Always       -       109791648
197 Current_Pending_Sector  0x0012   100   100   000    Old_age   Always       -       2
198 Offline_Uncorrectable   0x0010   100   100   000    Old_age   Offline      -       2
199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       -       0
240 Head_Flying_Hours       0x0000   100   253   000    Old_age   Offline      -       274594439111370
241 Total_LBAs_Written      0x0000   100   253   000    Old_age   Offline      -       1288685424
242 Total_LBAs_Read         0x0000   100   253   000    Old_age   Offline      -       3104312903
254 Free_Fall_Sensor        0x0032   100   100   000    Old_age   Always       -       0

SMART Error Log Version: 1
ATA Error Count: 6577 (device log contains only the most recent five errors)
    CR = Command Register [HEX]
    FR = Features Register [HEX]
    SC = Sector Count Register [HEX]
    SN = Sector Number Register [HEX]
    CL = Cylinder Low Register [HEX]
    CH = Cylinder High Register [HEX]
    DH = Device/Head Register [HEX]
    DC = Device Command Register [HEX]
    ER = Error register [HEX]
    ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.

Error 6577 occurred at disk power-on lifetime: 9234 hours (384 days + 18 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 70 1e 06 01  Error: UNC at LBA = 0x01061e70 = 17178224

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 00 38 1d 06 41 00      01:27:53.451  READ FPDMA QUEUED
  60 00 00 38 1c 06 41 00      01:27:53.439  READ FPDMA QUEUED
  61 00 08 a0 78 9a 4a 00      01:27:53.439  WRITE FPDMA QUEUED
  60 00 08 e0 04 79 41 00      01:27:53.438  READ FPDMA QUEUED
  61 00 20 ff ff ff 4f 00      01:27:53.437  WRITE FPDMA QUEUED

Error 6576 occurred at disk power-on lifetime: 9234 hours (384 days + 18 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 70 1e 06 01  Error: UNC at LBA = 0x01061e70 = 17178224

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 00 38 1d 06 41 00      01:25:34.771  READ FPDMA QUEUED
  60 00 00 38 1c 06 41 00      01:25:34.759  READ FPDMA QUEUED
  61 00 08 e0 b7 da 49 00      01:25:34.758  WRITE FPDMA QUEUED
  60 00 08 e0 04 79 41 00      01:25:34.758  READ FPDMA QUEUED
  61 00 20 ff ff ff 4f 00      01:25:34.757  WRITE FPDMA QUEUED

Error 6575 occurred at disk power-on lifetime: 9234 hours (384 days + 18 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 70 1e 06 01  Error: UNC at LBA = 0x01061e70 = 17178224

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 00 38 1d 06 41 00      01:21:21.081  READ FPDMA QUEUED
  60 00 00 38 1c 06 41 00      01:21:21.072  READ FPDMA QUEUED
  61 00 08 a0 1a d4 49 00      01:21:21.071  WRITE FPDMA QUEUED
  60 00 08 e0 04 79 41 00      01:21:21.071  READ FPDMA QUEUED
  61 00 20 ff ff ff 4f 00      01:21:21.070  WRITE FPDMA QUEUED

Error 6574 occurred at disk power-on lifetime: 9234 hours (384 days + 18 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 70 1e 06 01  Error: UNC at LBA = 0x01061e70 = 17178224

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 00 38 1d 06 41 00      01:14:57.055  READ FPDMA QUEUED
  60 00 00 38 1c 06 41 00      01:14:57.047  READ FPDMA QUEUED
  61 00 08 e0 04 79 41 00      01:14:57.047  WRITE FPDMA QUEUED
  60 00 08 a0 0b 4c 40 00      01:14:57.046  READ FPDMA QUEUED
  61 00 20 ff ff ff 4f 00      01:14:57.045  WRITE FPDMA QUEUED

Error 6573 occurred at disk power-on lifetime: 9234 hours (384 days + 18 hours)
  When the command that caused the error occurred, the device was active or idle.

  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 00 70 1e 06 01  Error: UNC at LBA = 0x01061e70 = 17178224

  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 00 00 38 1e 06 41 00      00:31:48.140  READ FPDMA QUEUED
  61 00 80 c0 fe 26 40 00      00:31:48.084  WRITE FPDMA QUEUED
  60 00 00 38 1d 06 41 00      00:31:48.083  READ FPDMA QUEUED
  60 00 00 38 1c 06 41 00      00:31:48.080  READ FPDMA QUEUED
  60 00 10 48 eb 0d 40 00      00:31:48.026  READ FPDMA QUEUED

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed: read failure       90%      9260         17178224
# 2  Short offline       Aborted by host               90%      9260         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:37 AM

Posted 11 September 2016 - 10:00 AM

Thanks for your quick reply as well. Nice decision on the backup.

Up to you on Fire Chief. As long as you recognize it and know it is not malicious.

The hard drive test I had you run is a preliminary look at the drive. There is some cause for concern but I would like to run a vendor specific test. Please do this.

===================================================

Seatools for Windows Hard Drive Test

--------------------
  • Please download and install Microsoft .NET Framework 4
  • Download Seatools for Windows (click Accept) and save it to your desktop
  • Double click the icon, select Run, then select Next
  • Click I accept the terms of this License Agreement, click Next twice then click Install
  • When completed select Finish
  • Double click the SeaTools for Windows icon which was created on your desktop during installation
  • Place a check mark next to your Seagate hard drive
  • Place your cursor over Basic Tests and from the drop down list select Long Generic. Note: This test may take a long time to complete
  • Report the results of the test in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Seagate results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Salmiakbal

Salmiakbal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 11 September 2016 - 02:35 PM

Hi Gary,

 

I tried to install the NET framework 4, but it said it couldn't install because it's already part of the operating system and that the same or a higher version has already been installed on this computer.

The Seagate test has been running for about 3 or 4 hours now but the ''test status'' is still at 1%. I'll let it run overnight and let you know

 

Thank you,

 

Paul



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:37 AM

Posted 11 September 2016 - 02:51 PM

OK thanks Paul. I would suggest stopping then restarting the program.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Salmiakbal

Salmiakbal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 12 September 2016 - 04:47 AM

Hi Gary

Before I went to sleep I stopped the test, restarted the appliction and started a new test. After about 2 minutes it came with the following warning: https://drive.google.com/file/d/0BzNAtNJ15OBoWlg4ZlQ3WDU5RVE/view?usp=drivesdk

After this message, I restarted the Seagate application again and started the test over, letting it run overnight. When I woke up 9 hours later it was again stuck at 1%, so it doesn't seem the test is working. Any ideas?

Regards,
Paul

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:37 AM

Posted 12 September 2016 - 08:36 AM

Hi Paul,

I think that is our answer, your hard drive is failing.

There are a couple ways to deal with this. You can immediately replace the drive and start fresh, or we can clean your computer and you can continue to run it until it becomes too unstable. My guess is your current CPU issues is not caused by the state of the drive but time will tell. Either way, we should do this.

I will be away from my computer for a few hours.

Do you recognize this?

C:\Users\Paul\Downloads\maandag%20nacht.zip

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
2016-09-05 15:11 - 2016-09-05 15:11 - 00604960 _____ (Reimage) C:\Users\Paul\Downloads\ReimageRepair.exe
C:\Windows\System32\LanguageComponentsInstaller.dll
Task: {84368676-405B-4E70-89C7-4A1D9AC7852A} - \AutoKMS -> No File <==== ATTENTION
Task: {9481019A-DBBC-4B6B-8794-589B7CD983F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A046D2BA-C40B-4637-A690-54CF1FD706DD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B85D41A8-096C-481C-AA7C-F81F1EF19E1A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF758872-7788-4E4E-B5B6-156CCA31266E} - System32\Tasks\{9EA3C5F0-70D1-4B07-98B2-E18D786EE606} => pcalua.exe -a G:\start.exe -d G:\
Task: {FAD9BA8B-22E1-4E34-9AF6-41D00D2B26A5} - \Microsoft\Windows\Setup\gwx\runappraiser -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Do you recognize file?
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Salmiakbal

Salmiakbal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 12 September 2016 - 03:06 PM

Hi Gary

 

Sad news about my hard drive. I think the best option for me is to keep regular backups and ride this hard drive until it dies, since I have no budget for these problems.

I recognize the file, it's a bunch of photos taken at a party. Nothing suspicious.

After the FRST fix, the Task Manager shows no decrease in CPU usage from explorer.exe. It's still hovering between 18 and 21%

 

Do you think that, if the explorer.exe problem gets resolved, I could try the Seagate for DOS utility like mentioned by Seagate in the error message? Or do you think it will have little effect?

 

Greetings,

Paul

 

Here's the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by Paul (12-09-2016 21:40:09) Run:1
Running from C:\Users\Paul\Desktop
Loaded Profiles: Paul (Available Profiles: Paul & Gast)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
2016-09-05 15:11 - 2016-09-05 15:11 - 00604960 _____ (Reimage) C:\Users\Paul\Downloads\ReimageRepair.exe
C:\Windows\System32\LanguageComponentsInstaller.dll
Task: {84368676-405B-4E70-89C7-4A1D9AC7852A} - \AutoKMS -> No File <==== ATTENTION
Task: {9481019A-DBBC-4B6B-8794-589B7CD983F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A046D2BA-C40B-4637-A690-54CF1FD706DD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B85D41A8-096C-481C-AA7C-F81F1EF19E1A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF758872-7788-4E4E-B5B6-156CCA31266E} - System32\Tasks\{9EA3C5F0-70D1-4B07-98B2-E18D786EE606} => pcalua.exe -a G:\start.exe -d G:\
Task: {FAD9BA8B-22E1-4E34-9AF6-41D00D2B26A5} - \Microsoft\Windows\Setup\gwx\runappraiser -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Paul\Downloads\ReimageRepair.exe => moved successfully
Could not move "C:\Windows\System32\LanguageComponentsInstaller.dll" => Scheduled to move on reboot.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{84368676-405B-4E70-89C7-4A1D9AC7852A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84368676-405B-4E70-89C7-4A1D9AC7852A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9481019A-DBBC-4B6B-8794-589B7CD983F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9481019A-DBBC-4B6B-8794-589B7CD983F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A046D2BA-C40B-4637-A690-54CF1FD706DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A046D2BA-C40B-4637-A690-54CF1FD706DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B85D41A8-096C-481C-AA7C-F81F1EF19E1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B85D41A8-096C-481C-AA7C-F81F1EF19E1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF758872-7788-4E4E-B5B6-156CCA31266E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF758872-7788-4E4E-B5B6-156CCA31266E}" => key removed successfully
C:\WINDOWS\System32\Tasks\{9EA3C5F0-70D1-4B07-98B2-E18D786EE606} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9EA3C5F0-70D1-4B07-98B2-E18D786EE606}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FAD9BA8B-22E1-4E34-9AF6-41D00D2B26A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAD9BA8B-22E1-4E34-9AF6-41D00D2B26A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\runappraiser" => key removed successfully
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33161978 B
Java, Flash, Steam htmlcache => 32066415 B
Windows/system/drivers => 3524970 B
Edge => 1211 B
Chrome => 176128 B
Firefox => 442896056 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 3725754 B
Paul => 75493515 B
Gast => 30348569 B

RecycleBin => 1950 B
EmptyTemp: => 592.6 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-09-2016 21:45:21)

"C:\Windows\System32\LanguageComponentsInstaller.dll" => Could not move

==== End of Fixlog 21:45:22 ====



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:37 AM

Posted 12 September 2016 - 03:58 PM

Greetings Paul,

Yes, as long as you data is safe we can try the DOS version. I have instructions for that I can give you once we try to get to the bottom of the explorer.exe issue.

Please do this.

===================================================

Monitoring CPU Usage Using Process Explorer

--------------------
  • Please download Process Explorer.zip and save it to your Desktop
  • Right click the .zip folder and select Extract All...
  • If the default file location is not your Desktop click the Browse... button and select your Desktop
  • Click Extract
  • Extract the folder onto your Desktop
  • Double click the Process Explorer folder (it may open by default)
  • Double click the precexp icon
  • In the Process column expand explorer.exe, if necessary
  • Identify the processes using the most CPU resources
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Salmiakbal

Salmiakbal
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 12 September 2016 - 04:08 PM

Hi Gary,

 

It's hard to read in the application because it's constantly shifting every second. It seems that explorer.exe uses about 12.5% CPU, of which firefox.exe uses between 1 and 3%. The rest is under 0.3% usage and constantly appearing and disappearing. Is this the information you wanted?

 

Regards,

Paul



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:37 AM

Posted 12 September 2016 - 05:46 PM

Hi Paul,

Thanks for the information. Please do this to continue looking for signs of infection.

===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop
  • Right-click on TDSSKiller.exe and select Run As Administrator
  • Click Accept on the End User License Agreement
  • Click Accept on the KSN Statement
  • Click Change parameters
  • Place a check mark in the following boxes

Detect TDLFS file system
Verify file digital signatures

  • Click OK
  • Click Start Scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects
  • If an infected file is detected, the default action will be Cure...do not change it
  • Click Continue > Reboot now to finish the cleaning process.<- Important!!
  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now
  • Hit the Windows Key + E at the same time
  • Double click your Local Disk C: drive
  • Locate the file similar to TDSSKiller_version_date_time_log.txt
  • Copy and paste the contents of that file in your reply
===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. For additional help see here and here
  • Double click the aswMBR.exe file to run it. If requested, allow Avast to update the antivirus engine definitions
  • Leave the default settings then click Scan
  • When done, you will see Scan finished successfully. Click on Save log and save the file to your desktop
  • Copy and paste the contents of the log in your reply
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Roguekiller log
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users