Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GMER detected a rootkit


  • This topic is locked This topic is locked
11 replies to this topic

#1 porgandpoiss

porgandpoiss

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 07 September 2016 - 03:00 AM

Hello

 

I suspect my entire home network being infected. Currently having problems with another computer aswell. I ran a GMER scan and Farbar scan on this PC and posted the logs below. GMER picked up rootkit activity. Posted two logs, the GMER log and FRST log.

Grateful for your help.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Priit (administrator) on PRIIDU-SAMSA (07-09-2016 10:48:07)
Running from C:\Users\Priit\Documents\fox
Loaded Profiles: Priit (Available Profiles: Priit & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Akamai Technologies, Inc.) C:\Users\Priit\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Priit\AppData\Local\Akamai\netsession_win.exe
(Flux Software LLC) C:\Users\Priit\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Priit\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Priit\AppData\Roaming\Spotify\Spotify.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Priit\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Spotify Ltd) C:\Users\Priit\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Priit\AppData\Roaming\Spotify\Spotify.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Mobile Broadband\CheckNDISPort_df.exe
() C:\Program Files (x86)\Mobile Broadband\CancelAutoPlay_df.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
() C:\Users\Priit\Documents\foxcademy\gm1o3fsm.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Users\Priit\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priit\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priit\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priit\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priit\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priit\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Priit\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242712 2015-10-06] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [TortoiseHgOverlayIconServer] => C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe [100616 2014-02-04] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
HKLM-x32\...\Run: [CheckNDISPort_df] => C:\Program Files (x86)\Mobile Broadband\CheckNDISPort_df.exe [408392 2012-11-12] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Mobile Broadband\CancelAutoPlay_df.exe [440648 2012-10-16] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [Google Update] => C:\Users\Priit\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-31] (Google Inc.)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-04-23] (Samsung)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844144 2013-04-23] (Samsung)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Priit\AppData\Local\Akamai\netsession_win.exe [4691384 2015-09-10] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [f.lux] => C:\Users\Priit\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [Spotify Web Helper] => C:\Users\Priit\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-24] (Spotify Ltd)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [Spotify] => C:\Users\Priit\AppData\Roaming\Spotify\Spotify.exe [6930544 2016-08-24] (Spotify Ltd)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29494400 2016-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OpenVPN Client.lnk [2014-09-04]
ShortcutTarget: OpenVPN Client.lnk -> C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-4011729869-4120629402-3206314626-1000] => cache.ut.ee:3128
Tcpip\Parameters: [DhcpNameServer] 193.40.56.245 193.40.0.12
Tcpip\..\Interfaces\{1a8944aa-8aeb-4238-9539-fb15f7af2fa9}: [DhcpNameServer] 192.168.32.1
Tcpip\..\Interfaces\{301c2bce-c214-43c4-9033-a1fe1f094608}: [DhcpNameServer] 193.40.56.245 193.40.0.12
Tcpip\..\Interfaces\{7b04ab67-b41c-4d2e-8cd3-0cfd4876e4a9}: [DhcpNameServer] 193.40.5.39
Tcpip\..\Interfaces\{c3bfaaf1-ef9d-4c5e-a0ec-2eb5a42a27d2}: [DhcpNameServer] 192.168.10.1
Tcpip\..\Interfaces\{df23fd59-68ad-47ab-9184-25eec7bef3c4}: [DhcpNameServer] 10.0.0.1 10.0.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://seb.ee/
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?win=140&clid=1969032&text={searchTerms}
SearchScopes: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://yandex.ru/yandsearch?win=140&clid=1969032&text={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-28] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-28] (Oracle Corporation)
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Open-EID\esteid-plugin-ie.dll [2015-12-16] (RIA)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-28] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-28] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Priit\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF DefaultSearchEngine: Yandex
FF SelectedSearchEngine: Yandex
FF Homepage: hxxp://www.yandex.ru/?win=140&clid=1969031
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-28] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll [2010-08-05] (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=12.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\npcdp32.dll [2010-08-05] (CambridgeSoft Corp.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @RIA/esteid-firefox-plugin -> C:\Program Files (x86)\Open-EID\npesteid-firefox-plugin.dll [2016-01-31] (RIA)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-4011729869-4120629402-3206314626-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-4011729869-4120629402-3206314626-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF SearchPlugin: C:\Users\Priit\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-130434.xml [2014-09-06]
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: (Estonian ID Card authentication module) - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2016-02-16]
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://samsung.msn.com/
CHR Plugin: (Shockwave Flash) - C:\Users\Priit\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Priit\AppData\Local\Google\Chrome\Application\52.0.2743.116\gcswf32.dll => No File
CHR Plugin: (Native Client) - C:\Users\Priit\AppData\Local\Google\Chrome\Application\52.0.2743.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Priit\AppData\Local\Google\Chrome\Application\52.0.2743.116\pdf.dll => No File
CHR Plugin: (Norton Confidential) - C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Priit\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Token signing) - C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckjefchnfjhjfedoccjbhjpbncimppeg [2016-05-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-07-11]
CHR Extension: (Eye Dropper) - C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2016-08-23]
CHR Extension: (Skype) - C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Universe) - C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2015-09-08]
CHR Extension: (Chrome Media Router) - C:\Users\Priit\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-04]
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
StartMenuInternet: Google Chrome.ZJ53OMU5PBO4FKX6WPF4KG2MPE - C:\Users\Priit\AppData\Local\Google\Chrome\Application\chrome.exe
 
Opera: 
=======
OPR StartupUrls: "hxxp://www.yandex.ru/?win=140&clid=1969031"
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-03] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593664 2015-06-19] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [131288 2015-10-06] (ELAN Microelectronics Corp.)
R2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [242880 2015-07-02] (Foxit Software Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [193536 2012-02-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223008 2015-07-06] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 OpenVPNAccessClient; C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [24064 2010-08-12] () [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2015-09-14] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2015-12-21] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 atrfiltr; C:\Windows\system32\DRIVERS\atrfiltr.sys [26496 2015-11-16] (Windows ® Win 7 DDK provider)
S3 cxbu0x64; C:\Windows\system32\DRIVERS\cxbu0x64.sys [191224 2014-05-14] (HID Global Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-09-06] (Disc Soft Ltd)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [32328 2015-10-06] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2015-09-11] (REALiX™)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [26504 2012-02-07] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [32168 2015-09-08] (Windows ® Win 7 DDK provider)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek                                            )
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-06-02] ()
S3 S3XXx64; C:\Windows\system32\DRIVERS\S3XXx64.sys [73856 2015-02-17] (Identiv)
R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\system32\drivers\xspltspk.sys [26200 2015-05-26] (SplitmediaLabs Limited)
U3 pfryypow; C:\Users\Priit\AppData\Local\Temp\pfryypow.sys [56584 2016-09-07] (GMER) [File not signed]
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-07 10:47 - 2016-09-07 10:48 - 00000000 ____D C:\FRST
2016-09-07 10:44 - 2016-09-07 10:44 - 00010967 _____ C:\Users\Priit\Desktop\gmer7sept.txt
2016-09-05 02:30 - 2016-09-04 15:50 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-05 02:27 - 2016-09-07 10:33 - 00000000 ____D C:\Windows.old
2016-09-05 02:26 - 2016-09-05 02:26 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-09-05 02:26 - 2016-09-05 02:26 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-09-05 02:26 - 2016-09-05 02:26 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-05 02:26 - 2016-09-05 02:26 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-09-05 02:26 - 2016-09-05 02:26 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-09-05 02:26 - 2016-09-05 02:26 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-05 02:26 - 2016-09-05 02:26 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-09-05 02:26 - 2016-09-05 02:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-09-05 02:26 - 2016-09-05 02:26 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-09-05 02:26 - 2016-09-05 02:26 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-09-05 02:26 - 2016-09-05 02:26 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-09-05 02:25 - 2016-09-05 02:25 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-09-05 02:25 - 2016-09-05 02:25 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-09-05 02:25 - 2016-09-05 02:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-09-05 02:21 - 2016-09-05 02:21 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-09-05 02:21 - 2016-09-05 02:21 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-09-05 02:21 - 2016-07-16 06:29 - 08628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0019.dll
2016-09-05 02:20 - 2016-09-05 02:20 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-09-05 02:18 - 2016-09-05 02:18 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-09-05 02:18 - 2016-09-05 02:18 - 00000000 ____D C:\Program Files\MSBuild
2016-09-05 02:18 - 2016-09-05 02:18 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-09-05 02:18 - 2016-09-05 02:18 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-09-05 02:17 - 2016-09-05 02:17 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-09-05 02:17 - 2016-05-26 01:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-09-05 02:17 - 2016-05-26 01:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-09-05 02:17 - 2016-05-26 01:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-09-05 02:17 - 2016-05-25 22:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-09-05 02:17 - 2016-05-25 22:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-09-05 02:17 - 2016-05-25 22:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-09-05 00:26 - 2016-08-27 07:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-09-05 00:26 - 2016-08-27 07:38 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-09-05 00:26 - 2016-08-27 07:37 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-09-05 00:26 - 2016-08-20 08:29 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-09-05 00:26 - 2016-08-20 08:29 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-09-05 00:26 - 2016-08-20 08:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-09-05 00:26 - 2016-08-20 08:21 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-09-05 00:26 - 2016-08-20 08:15 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-05 00:26 - 2016-08-20 08:13 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-09-05 00:26 - 2016-08-20 08:08 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-05 00:26 - 2016-08-20 08:07 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-09-05 00:26 - 2016-08-20 08:07 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-05 00:26 - 2016-08-20 08:06 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-05 00:26 - 2016-08-20 08:04 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-05 00:26 - 2016-08-20 07:52 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-09-05 00:26 - 2016-08-20 07:51 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-09-05 00:25 - 2016-08-27 08:12 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-09-05 00:25 - 2016-08-27 08:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-09-05 00:25 - 2016-08-27 07:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-09-05 00:25 - 2016-08-27 07:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-09-05 00:25 - 2016-08-27 07:38 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-09-05 00:25 - 2016-08-27 07:25 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-09-05 00:25 - 2016-08-20 09:05 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-05 00:25 - 2016-08-20 08:52 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-05 00:25 - 2016-08-20 08:52 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-05 00:25 - 2016-08-20 08:52 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-09-05 00:25 - 2016-08-20 08:52 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-05 00:25 - 2016-08-20 08:52 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-09-05 00:25 - 2016-08-20 08:52 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-09-05 00:25 - 2016-08-20 08:51 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-09-05 00:25 - 2016-08-20 08:50 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-09-05 00:25 - 2016-08-20 08:50 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-05 00:25 - 2016-08-20 08:50 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-05 00:25 - 2016-08-20 08:50 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-05 00:25 - 2016-08-20 08:50 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-09-05 00:25 - 2016-08-20 08:50 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-09-05 00:25 - 2016-08-20 08:47 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-09-05 00:25 - 2016-08-20 08:47 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-09-05 00:25 - 2016-08-20 08:47 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-09-05 00:25 - 2016-08-20 08:34 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-09-05 00:25 - 2016-08-20 08:34 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-09-05 00:25 - 2016-08-20 08:34 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-09-05 00:25 - 2016-08-20 08:33 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-05 00:25 - 2016-08-20 08:33 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-05 00:25 - 2016-08-20 08:32 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-09-05 00:25 - 2016-08-20 08:32 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-05 00:25 - 2016-08-20 08:22 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-09-05 00:25 - 2016-08-20 08:22 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-09-05 00:25 - 2016-08-20 08:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-09-05 00:25 - 2016-08-20 08:21 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-09-05 00:25 - 2016-08-20 08:21 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-09-05 00:25 - 2016-08-20 08:20 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-09-05 00:25 - 2016-08-20 08:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-09-05 00:25 - 2016-08-20 08:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-09-05 00:25 - 2016-08-20 08:19 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-09-05 00:25 - 2016-08-20 08:19 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-09-05 00:25 - 2016-08-20 08:18 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-09-05 00:25 - 2016-08-20 08:18 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-09-05 00:25 - 2016-08-20 08:17 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-09-05 00:25 - 2016-08-20 08:16 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-09-05 00:25 - 2016-08-20 08:15 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-09-05 00:25 - 2016-08-20 08:15 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-09-05 00:25 - 2016-08-20 08:15 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-09-05 00:25 - 2016-08-20 08:14 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-09-05 00:25 - 2016-08-20 08:14 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-05 00:25 - 2016-08-20 08:14 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-09-05 00:25 - 2016-08-20 08:14 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-09-05 00:25 - 2016-08-20 08:14 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-09-05 00:25 - 2016-08-20 08:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-09-05 00:25 - 2016-08-20 08:13 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-05 00:25 - 2016-08-20 08:12 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-05 00:25 - 2016-08-20 08:12 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-09-05 00:25 - 2016-08-20 08:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-09-05 00:25 - 2016-08-20 08:12 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-05 00:25 - 2016-08-20 08:11 - 00965120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-09-05 00:25 - 2016-08-20 08:11 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-09-05 00:25 - 2016-08-20 08:09 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-09-05 00:25 - 2016-08-20 08:09 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-05 00:25 - 2016-08-20 08:08 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-09-05 00:25 - 2016-08-20 08:08 - 00204288 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-09-05 00:25 - 2016-08-20 08:07 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-05 00:25 - 2016-08-20 08:07 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-09-05 00:25 - 2016-08-20 08:07 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-05 00:25 - 2016-08-20 08:06 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-09-05 00:25 - 2016-08-20 08:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-09-05 00:25 - 2016-08-20 08:04 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-05 00:25 - 2016-08-20 08:04 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-05 00:25 - 2016-08-20 08:04 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-09-05 00:25 - 2016-08-20 08:04 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-09-05 00:25 - 2016-08-20 08:04 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-09-05 00:25 - 2016-08-20 08:03 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-05 00:25 - 2016-08-20 08:02 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-05 00:25 - 2016-08-20 08:01 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-09-05 00:25 - 2016-08-20 08:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-09-05 00:25 - 2016-08-20 08:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-05 00:25 - 2016-08-20 08:00 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-09-05 00:25 - 2016-08-20 08:00 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-09-05 00:25 - 2016-08-20 08:00 - 00141824 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-09-05 00:25 - 2016-08-20 07:59 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-09-05 00:25 - 2016-08-20 07:59 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-05 00:25 - 2016-08-20 07:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-05 00:25 - 2016-08-20 07:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-05 00:25 - 2016-08-20 07:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-09-05 00:25 - 2016-08-20 07:57 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-09-05 00:25 - 2016-08-20 07:57 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-09-05 00:25 - 2016-08-20 07:56 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-05 00:25 - 2016-08-20 07:56 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-09-05 00:25 - 2016-08-20 07:56 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-09-05 00:25 - 2016-08-20 07:56 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-05 00:25 - 2016-08-20 07:56 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-09-05 00:25 - 2016-08-20 07:56 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-09-05 00:25 - 2016-08-20 07:56 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-09-05 00:25 - 2016-08-20 07:55 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-09-05 00:25 - 2016-08-20 07:55 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-05 00:25 - 2016-08-20 07:54 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-09-05 00:25 - 2016-08-20 07:53 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-05 00:25 - 2016-08-20 07:51 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-09-05 00:25 - 2016-08-20 07:51 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-05 00:24 - 2016-08-27 15:45 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-05 00:24 - 2016-08-27 12:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-05 00:24 - 2016-08-27 07:44 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-09-05 00:24 - 2016-08-27 07:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-09-05 00:24 - 2016-08-20 09:26 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-05 00:24 - 2016-08-20 09:13 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-05 00:24 - 2016-08-20 09:06 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-05 00:24 - 2016-08-20 09:06 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-05 00:24 - 2016-08-20 09:06 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-09-05 00:24 - 2016-08-20 09:04 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-05 00:24 - 2016-08-20 09:04 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-05 00:24 - 2016-08-20 09:04 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-05 00:24 - 2016-08-20 09:03 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-09-05 00:24 - 2016-08-20 09:03 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-05 00:24 - 2016-08-20 08:52 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-05 00:24 - 2016-08-20 08:52 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-05 00:24 - 2016-08-20 08:50 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-05 00:24 - 2016-08-20 08:50 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-05 00:24 - 2016-08-20 08:50 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-09-05 00:24 - 2016-08-20 08:46 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-05 00:24 - 2016-08-20 08:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-05 00:24 - 2016-08-20 08:42 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-09-05 00:24 - 2016-08-20 08:29 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-09-05 00:24 - 2016-08-20 08:25 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-05 00:24 - 2016-08-20 08:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-09-05 00:24 - 2016-08-20 08:21 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-05 00:24 - 2016-08-20 08:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-09-05 00:24 - 2016-08-20 08:20 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-09-05 00:24 - 2016-08-20 08:18 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-09-05 00:24 - 2016-08-20 08:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-09-05 00:24 - 2016-08-20 08:17 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-09-05 00:24 - 2016-08-20 08:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-09-05 00:24 - 2016-08-20 08:16 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-09-05 00:24 - 2016-08-20 08:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-09-05 00:24 - 2016-08-20 08:14 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-09-05 00:24 - 2016-08-20 08:14 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-09-05 00:24 - 2016-08-20 08:13 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-05 00:24 - 2016-08-20 08:12 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-05 00:24 - 2016-08-20 08:12 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-09-05 00:24 - 2016-08-20 08:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-09-05 00:24 - 2016-08-20 08:11 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-09-05 00:24 - 2016-08-20 08:11 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-05 00:24 - 2016-08-20 08:11 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-09-05 00:24 - 2016-08-20 08:10 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-09-05 00:24 - 2016-08-20 08:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-09-05 00:24 - 2016-08-20 08:10 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-09-05 00:24 - 2016-08-20 08:09 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-05 00:24 - 2016-08-20 08:09 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-05 00:24 - 2016-08-20 08:08 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-05 00:24 - 2016-08-20 08:08 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-05 00:24 - 2016-08-20 08:08 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-05 00:24 - 2016-08-20 08:07 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-09-05 00:24 - 2016-08-20 08:07 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-05 00:24 - 2016-08-20 08:05 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-05 00:24 - 2016-08-20 08:05 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-05 00:24 - 2016-08-20 08:04 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-09-05 00:24 - 2016-08-20 08:03 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-09-05 00:24 - 2016-08-20 08:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-09-05 00:24 - 2016-08-20 08:03 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-05 00:24 - 2016-08-20 08:00 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-05 00:24 - 2016-08-20 07:59 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-09-05 00:24 - 2016-08-20 07:59 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-09-05 00:24 - 2016-08-20 07:59 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-09-05 00:24 - 2016-08-20 07:59 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-05 00:24 - 2016-08-20 07:57 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-09-05 00:24 - 2016-08-20 07:57 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-05 00:24 - 2016-08-20 07:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-05 00:24 - 2016-08-20 07:53 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-09-05 00:24 - 2016-08-20 07:53 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-09-05 00:24 - 2016-08-20 07:50 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-09-05 00:24 - 2016-08-20 07:49 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-09-05 00:24 - 2016-08-20 07:46 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-09-05 00:24 - 2016-08-19 04:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-09-04 22:07 - 2016-09-04 22:07 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-09-04 22:06 - 2016-09-06 20:44 - 00000000 ____D C:\Users\Priit\AppData\Local\ConnectedDevicesPlatform
2016-09-04 22:06 - 2016-09-04 22:06 - 00000020 ___SH C:\Users\Priit\ntuser.ini
2016-09-04 15:50 - 2016-09-04 15:50 - 00000000 ____D C:\ProgramData\USOShared
2016-09-04 15:49 - 2016-09-04 15:49 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2016-09-04 15:49 - 2016-09-04 15:49 - 00011433 _____ C:\WINDOWS\diagerr.xml
2016-09-04 15:49 - 2016-09-04 15:49 - 00000000 _SHDL C:\Users\Default\My Documents
2016-09-04 15:49 - 2016-09-04 15:49 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-09-04 15:49 - 2016-09-04 15:49 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-09-04 15:49 - 2016-09-04 15:49 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-09-04 15:49 - 2016-09-04 15:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-09-04 15:49 - 2016-09-04 15:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-09-04 15:49 - 2016-09-04 15:49 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-09-04 15:47 - 2016-09-06 19:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-04 15:47 - 2016-09-04 15:47 - 00003662 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4011729869-4120629402-3206314626-1000UA
2016-09-04 15:47 - 2016-09-04 15:47 - 00003494 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-09-04 15:47 - 2016-09-04 15:47 - 00003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-09-04 15:47 - 2016-09-04 15:47 - 00003394 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4011729869-4120629402-3206314626-1000Core
2016-09-04 15:47 - 2016-09-04 15:47 - 00003270 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-09-04 15:47 - 2016-09-04 15:47 - 00003044 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2016-09-04 15:47 - 2016-09-04 15:47 - 00002718 _____ C:\WINDOWS\System32\Tasks\Settings
2016-09-04 15:47 - 2016-09-04 15:47 - 00002702 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2016-09-04 15:47 - 2016-09-04 15:47 - 00002672 _____ C:\WINDOWS\System32\Tasks\id updater task
2016-09-04 15:47 - 2016-09-04 15:47 - 00002524 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2016-09-04 15:47 - 2016-09-04 15:47 - 00002490 _____ C:\WINDOWS\System32\Tasks\FFSRConfigurer
2016-09-04 15:47 - 2016-09-04 15:47 - 00002406 _____ C:\WINDOWS\System32\Tasks\EasySupportCenter
2016-09-04 15:47 - 2016-09-04 15:47 - 00002384 _____ C:\WINDOWS\System32\Tasks\SAgent
2016-09-04 15:47 - 2016-09-04 15:47 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-09-04 15:47 - 2016-09-04 15:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2016-09-04 15:47 - 2016-09-04 15:47 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-09-04 15:47 - 2012-09-08 01:03 - 00003348 _____ C:\WINDOWS\System32\Tasks\Intel® Rapid Start Technology Manager
2016-09-04 15:47 - 2012-07-05 03:58 - 00003398 _____ C:\WINDOWS\System32\Tasks\Absolute Reminder
2016-09-04 15:43 - 2016-09-04 15:43 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-04 15:43 - 2016-09-04 15:43 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-09-04 15:43 - 2016-09-04 15:43 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-09-04 15:43 - 2016-09-04 15:43 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-09-04 15:43 - 2016-09-04 15:43 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-09-04 15:38 - 2016-09-04 15:38 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-09-04 15:37 - 2016-09-04 15:44 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-09-04 15:35 - 2016-09-06 19:05 - 00000000 ____D C:\Users\Priit
2016-09-04 15:35 - 2016-09-04 15:45 - 00000000 ____D C:\Users\Administrator
2016-09-04 15:35 - 2016-09-04 15:35 - 00000000 _SHDL C:\Users\Priit\My Documents
2016-09-04 15:35 - 2016-09-04 15:35 - 00000000 _SHDL C:\Users\Priit\Documents\My Videos
2016-09-04 15:35 - 2016-09-04 15:35 - 00000000 _SHDL C:\Users\Priit\Documents\My Pictures
2016-09-04 15:35 - 2016-09-04 15:35 - 00000000 _SHDL C:\Users\Priit\Documents\My Music
2016-09-04 15:35 - 2016-09-04 15:35 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-09-04 15:35 - 2016-09-04 15:35 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-09-04 15:35 - 2016-09-04 15:35 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-09-04 15:35 - 2016-09-04 15:35 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-09-04 15:33 - 2016-09-04 15:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01009.Wdf
2016-09-04 15:33 - 2016-09-04 15:33 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-09-04 15:33 - 2016-09-04 15:33 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-09-04 15:33 - 2016-09-04 15:33 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-09-04 15:33 - 2016-09-04 15:33 - 00000000 ____D C:\Program Files\Realtek
2016-09-04 15:33 - 2016-07-16 14:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-09-04 15:32 - 2016-09-04 15:44 - 00000000 ____D C:\Program Files\Elantech
2016-09-04 15:32 - 2016-09-04 15:38 - 00000000 ____D C:\Program Files\Intel
2016-09-04 15:32 - 2016-05-03 23:30 - 00081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-09-04 15:32 - 2016-05-03 23:30 - 00077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-09-04 15:31 - 2016-09-06 20:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-04 15:31 - 2016-09-06 19:04 - 05000240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-04 15:31 - 2016-09-04 15:31 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-29 12:13 - 2016-08-30 10:32 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Wireshark
2016-08-29 12:10 - 2016-08-29 12:12 - 00000000 ____D C:\Program Files\Wireshark
2016-08-29 10:52 - 2016-08-29 10:52 - 00001921 _____ C:\Users\Public\Desktop\Vuze.lnk
2016-08-24 01:16 - 2016-08-24 01:17 - 00087244 _____ C:\TDSSKiller.3.1.0.11_24.08.2016_01.16.14_log.txt
2016-08-24 01:15 - 2016-08-24 01:23 - 00000000 ____D C:\AdwCleaner
2016-08-13 22:08 - 2016-08-13 22:08 - 00001178 _____ C:\Users\Priit\Desktop\focswatch de.aco
2016-08-12 15:39 - 2016-08-13 23:44 - 00000000 ____D C:\Users\Priit\AppData\Roaming\obs-studio
2016-08-12 15:35 - 2016-09-04 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-08-12 15:35 - 2016-08-12 15:35 - 00001279 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-08-12 15:34 - 2016-08-12 15:35 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-08-12 14:52 - 2016-08-12 14:52 - 00000000 ____D C:\Users\Priit\AppData\Roaming\WTablet
2016-08-12 14:52 - 2016-08-12 14:52 - 00000000 ____D C:\Users\Priit\AppData\Local\Wacom
2016-08-12 14:44 - 2016-09-04 15:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2016-08-12 14:44 - 2016-08-12 14:44 - 00000000 ____D C:\Program Files\TabletPlugins
2016-08-12 14:44 - 2016-08-12 14:44 - 00000000 ____D C:\Program Files\Tablet
2016-08-12 14:44 - 2016-08-12 14:44 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2016-08-12 14:44 - 2015-12-21 21:02 - 02103488 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2016-08-12 14:44 - 2015-12-21 21:02 - 02077888 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2016-08-12 14:44 - 2015-12-21 21:02 - 02071232 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2016-08-12 14:44 - 2015-12-21 21:02 - 01966272 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2016-08-12 14:44 - 2015-12-21 21:02 - 01683648 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2016-08-12 14:44 - 2015-12-21 21:02 - 01681600 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2016-08-12 14:44 - 2015-12-21 21:02 - 01674432 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2016-08-12 14:44 - 2015-12-21 21:02 - 01571520 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-07 10:48 - 2015-11-25 19:46 - 00000000 ____D C:\Users\Priit\Documents\fox
2016-09-07 10:32 - 2016-07-16 14:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-07 10:32 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-07 10:32 - 2015-11-09 08:52 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Spotify
2016-09-07 10:31 - 2016-07-16 14:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-07 10:29 - 2012-09-22 16:17 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Skype
2016-09-06 20:45 - 2016-07-16 14:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-06 20:45 - 2016-01-15 00:55 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-06 20:45 - 2015-11-09 08:52 - 00000000 ____D C:\Users\Priit\AppData\Local\Spotify
2016-09-06 20:44 - 2015-09-08 18:44 - 00000000 __SHD C:\Users\Priit\IntelGraphicsProfiles
2016-09-06 20:44 - 2015-09-08 18:37 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-06 20:44 - 2014-02-21 14:04 - 00000000 ____D C:\Users\Priit\AppData\Roaming\TortoiseHg
2016-09-06 19:08 - 2015-09-08 18:29 - 00918536 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-06 19:03 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-06 19:03 - 2016-07-16 09:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-09-05 11:04 - 2014-09-13 20:55 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Azureus
2016-09-05 10:58 - 2014-11-19 21:18 - 00000132 _____ C:\Users\Priit\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-05 09:44 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-09-05 02:30 - 2016-07-16 14:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-09-05 02:27 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-05 02:21 - 2016-07-16 17:15 - 00000000 ____D C:\WINDOWS\OCR
2016-09-05 02:03 - 2015-12-14 23:11 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2016-09-05 01:37 - 2012-09-19 21:06 - 00000000 ____D C:\Users\Priit\AppData\Roaming\SoftGrid Client
2016-09-04 23:20 - 2012-07-05 04:08 - 00000000 ____D C:\ProgramData\Temp
2016-09-04 22:41 - 2015-09-08 18:37 - 00000000 ____D C:\Users\Priit\AppData\Local\Packages
2016-09-04 22:09 - 2015-09-08 18:39 - 00002409 _____ C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-09-04 22:09 - 2015-09-08 18:39 - 00000000 ___RD C:\Users\Priit\OneDrive
2016-09-04 22:06 - 2015-09-10 23:15 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-09-04 15:50 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-04 15:50 - 2016-07-16 14:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-09-04 15:49 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\Registration
2016-09-04 15:49 - 2016-07-16 09:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-04 15:48 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-09-04 15:48 - 2015-10-30 10:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-09-04 15:47 - 2015-09-08 18:26 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-09-04 15:46 - 2016-07-16 14:47 - 00000000 __RSD C:\WINDOWS\Media
2016-09-04 15:46 - 2016-07-16 14:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-09-04 15:44 - 2016-07-29 10:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FontForge
2016-09-04 15:44 - 2016-07-16 17:14 - 00000000 ____D C:\WINDOWS\system32\0409
2016-09-04 15:44 - 2016-07-16 14:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-04 15:44 - 2016-07-15 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GeoGebra 5
2016-09-04 15:44 - 2016-06-09 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ID-kaart
2016-09-04 15:44 - 2016-04-25 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-09-04 15:44 - 2016-04-12 19:09 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MiKTeX 2.9
2016-09-04 15:44 - 2016-04-12 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio
2016-09-04 15:44 - 2016-03-03 02:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-04 15:44 - 2016-01-15 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-09-04 15:44 - 2015-11-26 21:22 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2016-09-04 15:44 - 2015-11-22 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auto Clicker by Shocker
2016-09-04 15:44 - 2015-11-04 01:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2016-09-04 15:44 - 2015-11-04 01:22 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\SkipSoft Android Toolkit
2016-09-04 15:44 - 2015-10-22 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grinding Gear Games
2016-09-04 15:44 - 2015-09-14 21:37 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wolfenstein - Enemy Territory
2016-09-04 15:44 - 2015-09-11 13:07 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2016-09-04 15:44 - 2015-09-11 13:06 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-09-04 15:44 - 2015-09-11 02:15 - 00000000 ____D C:\WINDOWS\system32\temp
2016-09-04 15:44 - 2015-09-11 02:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnInTest
2016-09-04 15:44 - 2015-09-11 02:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2016-09-04 15:44 - 2015-09-10 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-09-04 15:44 - 2015-09-07 20:28 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2016-09-04 15:44 - 2015-08-10 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HydraIRC
2016-09-04 15:44 - 2015-08-10 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quassel
2016-09-04 15:44 - 2015-05-19 01:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-09-04 15:44 - 2015-02-23 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-09-04 15:44 - 2015-02-10 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-09-04 15:44 - 2015-02-08 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2016-09-04 15:44 - 2014-11-19 19:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-09-04 15:44 - 2014-11-08 17:22 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2016-09-04 15:44 - 2014-11-03 04:05 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-09-04 15:44 - 2014-09-18 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChemBioOffice 2010
2016-09-04 15:44 - 2014-09-16 00:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-04 15:44 - 2014-09-14 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-09-04 15:44 - 2014-09-13 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-09-04 15:44 - 2014-09-06 21:15 - 00000000 ____D C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-04 15:44 - 2014-09-06 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-09-04 15:44 - 2014-09-06 12:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-09-04 15:44 - 2014-09-04 16:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2016-09-04 15:44 - 2014-09-04 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Client
2016-09-04 15:44 - 2014-08-30 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-09-04 15:44 - 2014-08-30 01:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-09-04 15:44 - 2014-08-12 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-09-04 15:44 - 2014-05-06 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCAD 0.13
2016-09-04 15:44 - 2014-02-21 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseHg
2016-09-04 15:44 - 2014-01-22 00:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
2016-09-04 15:44 - 2013-10-27 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-09-04 15:44 - 2013-03-14 00:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Broadband
2016-09-04 15:44 - 2012-11-08 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-09-04 15:44 - 2012-10-23 09:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2016-09-04 15:44 - 2012-10-15 08:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fisp
2016-09-04 15:44 - 2012-07-05 04:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
2016-09-04 15:44 - 2012-07-05 04:06 - 00000000 ____D C:\WINDOWS\tr
2016-09-04 15:44 - 2012-07-05 04:06 - 00000000 ____D C:\WINDOWS\th
2016-09-04 15:44 - 2012-07-05 04:06 - 00000000 ____D C:\WINDOWS\sv
2016-09-04 15:44 - 2012-07-05 04:06 - 00000000 ____D C:\WINDOWS\sl
2016-09-04 15:44 - 2012-07-05 04:06 - 00000000 ____D C:\WINDOWS\sk
2016-09-04 15:44 - 2012-07-05 04:06 - 00000000 ____D C:\WINDOWS\ru
2016-09-04 15:44 - 2012-07-05 04:06 - 00000000 ____D C:\WINDOWS\ro
2016-09-04 15:44 - 2012-07-05 04:06 - 00000000 ____D C:\WINDOWS\pl
2016-09-04 15:44 - 2012-07-05 04:04 - 00000000 ____D C:\WINDOWS\en
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\no
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\nl
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\lv
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\lt
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\ko
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\it
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\hu
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\hr
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\he
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\fr
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\fi
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\es
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\el
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\de
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\da
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\cs
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\bg
2016-09-04 15:44 - 2012-07-05 04:03 - 00000000 ____D C:\WINDOWS\ar
2016-09-04 15:44 - 2012-07-05 03:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Absolute Software
2016-09-04 15:44 - 2012-07-05 03:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2016-09-04 15:44 - 2012-07-05 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games
2016-09-04 15:44 - 2012-07-05 03:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\2C0A
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0C0A
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0C04
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0816
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0804
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0424
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\041F
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\041E
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\041D
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\041B
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0419
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0416
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0415
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0414
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0413
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0412
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0411
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0410
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\040E
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\040D
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\040C
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\040B
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\040A
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0408
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0407
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0406
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0405
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0404
2016-09-04 15:44 - 2012-07-05 03:27 - 00000000 ____D C:\WINDOWS\system32\0401
2016-09-04 15:44 - 2012-07-05 03:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-09-04 15:44 - 2009-07-14 08:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-04 15:44 - 2009-07-14 06:20 - 00000000 ____D C:\WINDOWS\system32\Catroot2.old
2016-09-04 15:43 - 2015-10-30 09:28 - 00000000 ____D C:\Users\Default.migrated
2016-09-04 15:39 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-09-04 15:39 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-09-04 15:39 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-04 15:39 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-04 15:39 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\system32\IME
2016-09-04 15:39 - 2014-08-30 17:12 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2016-09-04 15:39 - 2013-03-14 00:41 - 00000000 ____D C:\WINDOWS\SysWOW64\SupportAppPBMobile Broadband
2016-09-04 15:39 - 2012-07-05 03:58 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-09-04 15:38 - 2016-07-16 14:47 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-09-04 15:38 - 2016-07-16 14:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-09-04 15:38 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\schemas
2016-09-04 15:38 - 2016-07-16 14:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-09-04 15:38 - 2016-01-14 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-09-04 15:38 - 2014-03-18 01:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2016-09-04 15:38 - 2012-11-21 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-09-04 15:38 - 2012-09-25 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCS Electronics
2016-09-04 15:38 - 2012-07-05 22:11 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-09-04 15:38 - 2012-07-05 03:23 - 00000000 ____D C:\Program Files (x86)\Intel
2016-09-04 15:38 - 2009-07-14 08:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-09-04 15:36 - 2015-11-10 19:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-09-04 15:35 - 2016-07-16 09:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-09-04 15:33 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-09-04 15:33 - 2016-07-16 14:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-09-04 15:32 - 2016-07-16 14:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-09-04 14:36 - 2012-09-19 15:07 - 00000984 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4011729869-4120629402-3206314626-1000UA.job
2016-09-04 14:05 - 2014-07-30 23:14 - 00000982 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-04 13:33 - 2012-07-05 03:24 - 00000830 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-09-03 18:59 - 2013-10-27 09:24 - 00000000 ____D C:\Users\Priit\AppData\Roaming\vlc
2016-09-03 16:26 - 2014-09-13 20:55 - 00000000 ____D C:\Users\Priit\Documents\Vuze Downloads
2016-09-02 10:36 - 2012-09-19 15:07 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4011729869-4120629402-3206314626-1000Core.job
2016-08-29 12:10 - 2016-06-09 01:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-29 10:52 - 2014-09-13 20:56 - 00001921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-08-29 10:52 - 2014-09-13 20:55 - 00000000 ____D C:\Program Files (x86)\Vuze
2016-08-29 10:05 - 2014-07-30 23:14 - 00000978 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-24 01:30 - 2016-03-03 02:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-24 01:24 - 2012-07-05 03:24 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-08-12 14:53 - 2014-08-01 11:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-08-12 14:53 - 2012-07-05 03:28 - 00000000 ____D C:\ProgramData\Skype
2016-08-12 14:52 - 2015-02-23 16:17 - 00000000 ____D C:\Users\Priit\.android
2016-08-10 15:13 - 2015-09-10 03:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 15:04 - 2012-11-19 10:17 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 00:00 - 2015-10-30 12:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-08 22:41 - 2012-09-19 15:08 - 00002499 _____ C:\Users\Priit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
==================== Files in the root of some directories =======
 
2014-11-19 20:35 - 2014-11-19 20:35 - 0000132 _____ () C:\Users\Priit\AppData\Roaming\Adobe BMP Format CS6 Prefs
2014-11-20 16:46 - 2014-11-20 16:46 - 0000132 _____ () C:\Users\Priit\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-11-19 21:18 - 2016-09-05 10:58 - 0000132 _____ () C:\Users\Priit\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-11-19 20:42 - 2016-04-15 15:56 - 0001456 _____ () C:\Users\Priit\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-03-21 17:50 - 2014-03-21 17:50 - 0007629 _____ () C:\Users\Priit\AppData\Local\Resmon.ResmonCfg
2016-09-04 15:33 - 2016-09-04 15:33 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Priit\934E4D2C83D72B183DDDCC8774454C53.dat
 
 
Some files in TEMP:
====================
C:\Users\Priit\AppData\Local\Temp\i4jdel0.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-04 15:31
 
==================== End of FRST.txt ============================
 
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-09-07 10:43:25
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SanDisk_ rev.10.5 119,24GB
Running: gm1o3fsm.exe; Driver: C:\Users\Priit\AppData\Local\Temp\pfryypow.sys
 
 
---- Threads - GMER 2.2 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [656:4608]                                                                                                                                   ffffbdc14a936c20
Thread   C:\WINDOWS\system32\csrss.exe [656:4656]                                                                                                                                   ffffbdc14a936c20
Thread   C:\WINDOWS\system32\csrss.exe [656:10124]                                                                                                                                  ffffbdc14a936c20
Thread   C:\WINDOWS\system32\csrss.exe [656:10128]                                                                                                                                  ffffbdc14a936c20
 
---- Services - GMER 2.2 ----
 
Service  C:\WINDOWS\System32\qmgr.dll (*** hidden *** )                                                                                                                             [MANUAL] BITS                            <-- ROOTKIT !!!
 
---- Registry - GMER 2.2 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SEC05004294967295_00_07D2_16+BNQ7F32W1F03839SL0_03_07DF_6E^CEB1F9C6BEA28AF7647C88C1B40B9FF6@Timestamp  0x03 0x38 0x27 0x4E ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SEC05004294967295_00_07D2_16^3CF6392C1F3F0B1A97E138007F9F45E4@Timestamp                                0x3E 0x35 0xE0 0x64 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed                                                                                          -1196481316
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime                                                                                                       2847
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime                                                                                                87154595
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp                                                                               87153214
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp                                                                                      87153214
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState                                                                                   87153491
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime                                                                                               190
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp                                                                                        0xCE 0xCB 0xF2 0x0A ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start                                                                                                                          3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BITS                                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\c48508c5f63d                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{54b0493e-2140-450c-8757-2c0d46aa723b}@LastProbeTime                                                      1473068622
Reg      HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog                                                                                       0x5A 0x7C 0x4A 0x70 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                            899
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                           44
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{301c2bce-c214-43c4-9033-a1fe1f094608}@DhcpIPAddress                                                    10.176.0.76
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{301c2bce-c214-43c4-9033-a1fe1f094608}@LeaseObtainedTime                                                1473176781
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{301c2bce-c214-43c4-9033-a1fe1f094608}@T1                                                               1473198381
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{301c2bce-c214-43c4-9033-a1fe1f094608}@T2                                                               1473214581
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{301c2bce-c214-43c4-9033-a1fe1f094608}@LeaseTerminatesTime                                              1473219981
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{156620ab-5697-42f9-95d1-b96a19924b3b}@Dhcpv6State                                                     1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated                                                                                        0xF2 0xA1 0x40 0x9E ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh                                                                                             0xF2 0x09 0x05 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow                                                                                              0xF2 0x39 0x7C 0x3C ...
Reg      HKLM\SYSTEM\Maps@LastMapUpdateCheck                                                                                                                                        0x3F 0x74 0x73 0x7D ...
Reg      HKLM\SYSTEM\Setup@UninstallActive                                                                                                                                          1
Reg      HKLM\SYSTEM\Setup@UninstallGUID                                                                                                                                            {CBD971BF-B7B8-4885-951A-FA03044F5D71}
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\4@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\5@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\6@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\7@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\7@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\8@Rw                                                                                                                         0x64 0x62 0x03 0x00 ...
Reg      HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\8@RwMask                                                                                                                     0x64 0x62 0x03 0x00 ...
 
---- Disk sectors - GMER 2.2 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                                                                      unknown MBR code
 
---- EOF - GMER 2.2 ----
 


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:11 PM

Posted 07 September 2016 - 03:54 AM

Welcome to Bleeping Computer's Malware Removal Logs area. My name is Sintharius. I will assist you with your problem.

Please allow me some time to review your logs with my instructor and I will be back with instructions.

Can you describe exactly what problems you are having with your computers? Additional details would be greatly appreciated.

Also please post the Addition.txt that comes with FRST.txt the first time FRST is run.

Edited by Sintharius, 07 September 2016 - 03:55 AM.


#3 porgandpoiss

porgandpoiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 07 September 2016 - 12:38 PM

Hello Sintharius and thank you for helping me.

 

I sometimes notice screen flicering and graphic lag in one computer which has a reasonably powerful graphics card with up to date drivers. The router requires routine restarts because of internet connectivity loss, although everything works when connected straight to the modem. I also notice strange errors and restarts in event viewer throughtout different computers. Below is the addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Priit (07-09-2016 10:49:09)
Running from C:\Users\Priit\Documents\foxcademy
Windows 10 Home Version 1607 (X64) (2016-09-04 12:50:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4011729869-4120629402-3206314626-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-4011729869-4120629402-3206314626-503 - Limited - Disabled)
Guest (S-1-5-21-4011729869-4120629402-3206314626-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4011729869-4120629402-3206314626-1002 - Limited - Enabled)
Priit (S-1-5-21-4011729869-4120629402-3206314626-1000 - Administrator - Enabled) => C:\Users\Priit
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.0.0.21 - Absolute Software)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{48DB5914-8772-472D-B8DF-E2092BE598F6}) (Version: 10.3.181.34 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Any Video Converter 5.5.7 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Auto Clicker by Shocker (HKLM-x32\...\Auto Clicker by Shocker_is1) (Version: V3.0.1 - shockingsoft.com)
BASCOM-AVR (HKLM-x32\...\{47F94730-ABD2-47F6-920E-EA8CDB6DD0C6}_is1) (Version: 2.0.3.0 - MCS Electronics)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
BurnInTest v8.1 Standard (HKLM\...\BurnInTest_is1) (Version: 8.1.1009.0 - Passmark Software)
CambridgeSoft Activation Client (HKLM-x32\...\{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}) (Version: 12.0 - CambridgeSoft Corporation)
CambridgeSoft ChemDraw Ultra 12.0 (HKLM-x32\...\{48DEAAF2-8276-4BBD-B7B6-91E454938476}) (Version: 12.0 - CambridgeSoft Corporation)
Chrome Token Signing (x32 Version: 1.0.3.413 - RIA) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Core Temp 1.0 RC6 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5016 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DigiDoc3 Client (x32 Version: 3.12.1.1450 - RIA) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy Migration (HKLM-x32\...\{EDE7A262-DB20-4432-A630-2ACEE186C416}) (Version: 1.0 - Samsung Electronics CO., LTD.)
Easy Support Center (HKLM\...\{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}) (Version: 1.2.22 - Samsung Electronics CO., LTD.)
eDrawings 2014 x64 (HKLM\...\{A163A070-8261-4D6E-9844-C5387278A99C}) (Version: 14.1.116 - Dassault Systèmes SolidWorks Corp)
eID software (HKLM-x32\...\{fd8dd6c5-769e-4183-a3ad-e222b2ad0cea}) (Version: 3.12.3.1658 - RIA)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EstEID Minidriver (Version: 3.11.0.1175 - RIA) Hidden
EstEID Shell Extension (Version: 3.12.0.1448 - RIA) Hidden
ETDWare X64 15.7.0.1_WHQL (HKLM\...\Elantech) (Version: 15.7.0.1 - ELAN Microelectronic Corp.)
f.lux (HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Flux) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fast Flash Sleep Resume (x32 Version: 1.0.19 - Samsung) Hidden
Firefox PKCS11 Loader (Version: 3.11.0.1064 - RIA) Hidden
Firefox Token Signing Plugin (x32 Version: 3.12.0.1143 - RIA) Hidden
Fisp 3.2.5.16 (HKLM-x32\...\{517E5B11-6174-4FD4-82E3-D6082EAC8A98}_is1) (Version:  - 4D Electronics Limited)
FISP USB Programmer (Driver Removal) (HKLM-x32\...\SIUSBXP&10C4&8176) (Version:  - 4D Electronics)
FontForge version 07-04-2016 (HKLM-x32\...\{56748B9C-19AE-4689-B8C5-5A45AE0A993A}_is1) (Version: 07-04-2016 - FontForgeBuilds)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
FreeCAD 0.13 (HKLM-x32\...\{2B2B5D2B-0F01-410B-843B-8F437FD75FBF}) (Version: 0.13.1828 - Juergen Riegel (FreeCAD@juergen-riegel.net))
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.258.0 - International GeoGebra Institute)
Google Chrome (HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
HWiNFO64 Version 5.04 (HKLM\...\HWiNFO64_is1) (Version: 5.04 - Martin Malķk - REALiX)
HydraIRC (HKLM-x32\...\HydraIRC) (Version: 0.3.165 - Hydra Productions)
ID-card utility (x32 Version: 3.12.2.1206 - RIA) Hidden
IE Token Signing Plugin (Version: 3.12.0.980 - RIA) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1156 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{520C4DD4-2BC7-409B-BA48-E1A4F832662D}) (Version: 2.1.0.0140 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1021 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{93F34C5C-ACAA-48F3-9B26-70359A117F12}) (Version: 3.0.12.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
IntelliJ IDEA Community Edition 14.0.3 (HKLM-x32\...\IntelliJ IDEA Community Edition 14.0.3) (Version: 139.1117.1 - JetBrains s.r.o.)
Interactive Guide (HKLM-x32\...\{3C4E0F33-0D0E-43D5-A36D-A4F96D73BA2D}) (Version: 1.5 - Samsung Electronics CO., LTD.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 31 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180310}) (Version: 8.0.310.13 - Oracle Corporation)
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.6741.2056 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Word 2010 (HKLM-x32\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
MiKTeX 2.9 (HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
mIRC (HKLM-x32\...\mIRC) (Version: 7.36 - mIRC Co. Ltd.)
Mobile Broadband (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
MovieClip (HKLM-x32\...\{AB777781-AC85-4CE5-B4B8-0F3C68C3974F}) (Version: 1.0.0 - Samsung)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{AE5A15A2-21CD-42F3-BA90-E576063BCFD2}) (Version: 1.5 - Samsung Electronics CO., LTD.)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8 - Notepad++ Team)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.15.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6701.1034 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Open-EID Metapackage (x32 Version: 3.12.3.1658 - RIA) Hidden
Open-EID Uninstaller (x32 Version: 3.12.3.1658 - RIA) Hidden
Open-EID Updater (x32 Version: 3.12.0.1007 - RIA) Hidden
OpenVPN Client (HKLM-x32\...\{072A5217-8165-4AB7-8366-36CB3245DB60}) (Version: 1.5.6 - OpenVPN Technologies)
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 2.0.4.47408 - Grinding Gear Games)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Popcorn Time (HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Popcorn Time) (Version:  - Popcorn Official) <==== ATTENTION
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 3.4.1 (64-bit) (HKLM\...\{d54842cb-f761-30ba-881f-1ff821dc44df}) (Version: 3.4.1150 - Python Software Foundation)
Quassel (remove only) (HKLM-x32\...\Quassel) (Version: 0.12.2-1 - KDE)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.8.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.8.0 - Renesas Electronics Corporation) Hidden
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
S Agent (Version: 1.1.58 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
Samsung SCX-3200 Series (HKLM-x32\...\Samsung SCX-3200 Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{0BC4AC38-E7C5-4394-A6BD-32CDCE2C8B9D}) (Version: 2.2.36 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.23.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Software Launcher (HKLM-x32\...\{B750B5C2-CC17-4967-905B-29F4EB986131}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Spotify (HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.2900 - DTS, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
TeXstudio 2.10.8 (HKLM-x32\...\TeXstudio_is1) (Version: 2.10.8 - Benito van der Zander)
TortoiseHg 2.11.0 (x64) (HKLM\...\{9E28969E-F04A-48C0-98ED-DCDD73C686BE}) (Version: 2.11.0 - Steve Borho and others)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.9 - Samsung Electronics CO., LTD.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.15-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wireshark 2.0.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.5 - The Wireshark developer community, hxxps://www.wireshark.org)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Wolfenstein - Enemy Territory (HKLM-x32\...\Wolfenstein - Enemy Territory) (Version: 2.60b - ACTIVISION)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Priit\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4011729869-4120629402-3206314626-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Priit\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0334D1FF-207C-42DC-8E90-A944CA619600} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0C47068A-BD59-4D8D-8EC7-49E4CE04AAD9} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {109948A1-33FE-4833-8A10-C48133309231} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {15840878-B5E3-4AB3-AEB0-B6F93755411B} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {1943197A-9507-4046-9BB1-FFFF2FEF573F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {2649869B-42D6-4E73-B778-0E6E14001C30} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {298E7E59-9F25-4572-B404-D396A7B233B2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {2B72C6E5-D15C-4F65-8CF5-82934EAF45D1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-19] (Microsoft Corporation)
Task: {39A6C110-057A-458D-BE4C-1AEFB5F5FBCD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {3AEF124D-99F3-4972-92A1-4E25FAB3A0D8} - System32\Tasks\Intel® Rapid Start Technology Manager => C:\Program Files (x86)\Intel\irstrt\RapidStartConfig.exe [2012-02-06] (Intel)
Task: {3C4D6FE0-439A-499A-BBB5-EFCE781EFFD0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {3C9AB353-2238-4429-B459-D55320D5803C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {3EB035AF-C622-44FF-8FA5-887CC7BDDE6E} - System32\Tasks\Absolute Reminder => C:\Program Files (x86)\Absolute Software\Absolute Reminder\AbsoluteReminder.exe [2012-05-09] (Absolute Software)
Task: {47AF8754-1B50-4699-A84D-2DBCA5AE6A3A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {48A3DDF4-D710-450A-8E83-6376115190EC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {4EF9426A-89DD-418E-869A-AFDD4D783A39} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-18] (Realtek Semiconductor)
Task: {520834E4-8392-4E21-A670-F8A1F9AA6BFA} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {5496CB22-5C46-428C-B0D9-5BD2613F5886} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4011729869-4120629402-3206314626-1000Core => C:\Users\Priit\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5794F40A-CE88-48E7-9D29-E0DAA2AFCD52} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5C771A2F-1E4E-4DDE-B138-670E2B4C1883} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4011729869-4120629402-3206314626-1000UA => C:\Users\Priit\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {693FCE15-3AA8-4850-931C-3F24EA976FC4} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe [2016-01-31] (RIA)
Task: {7698034E-8FC8-401C-AB30-9D33FC678B1B} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-16] (CyberLink)
Task: {76DF6B4F-C5B7-4998-AD9F-72E768D1628A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {7A113511-E49D-402C-B556-1055A41526F7} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {7D70EBD5-84E8-4F24-A9B5-0285ED122F1B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {8015A874-EB72-4561-B2D2-7320C10EFF58} - System32\Tasks\EasySupportCenter => C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe [2012-04-06] (Samsung Electronics CO., LTD.)
Task: {9270BEA9-9376-4B18-A48E-4C9A966792F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-19] (Microsoft Corporation)
Task: {95FFFE09-5DB1-495E-B047-178B815BDC89} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-03] (Microsoft Corporation)
Task: {96C179DD-C9EC-40DA-A492-BC08A5CDCF83} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {9E8FEA6F-6AF4-49A5-A85E-700597F1306F} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {A1512341-9178-4C1D-8402-5C01C25435E5} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A39C7165-2153-405B-9115-027979BF570D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A3A0E190-1488-4AB6-B8CF-327FDDF4CA5B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A54212DD-8406-4039-BD7F-996F5C05DCDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {ABEFC81F-4570-499E-B8B5-20F51630A8FF} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2016-02-24] (Samsung Electronics Co., Ltd.)
Task: {AD745C9A-26F6-4208-BAD8-8B89CD0AEFF4} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B2EFC9F1-67F5-4333-A791-BF46C954A8D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B7CEBDC5-E2A8-4DAF-A599-BE46A29E7850} - System32\Tasks\FFSRConfigurer => C:\Program Files (x86)\Samsung\Fast Flash Sleep Resume\FFSRConfigurer.exe [2012-03-29] (Samsung)
Task: {C89C9D36-C7F8-4095-B07D-19CB0C294898} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {D3CD4F10-3079-4614-B822-6B750057BFBA} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D690E159-09D3-4AA3-B79F-DF33B540E075} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-07-19] (Microsoft Corporation)
Task: {E0FB6F83-1706-4303-89F8-F991EA013845} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {E6C014BE-DAD4-40E5-A0CB-73B79148F025} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {EA5C73FB-A912-4F8A-9D0F-1499B2681E68} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {EBB21E40-FAB3-4FDE-BA95-C9CD5BF98DB1} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2015-06-19] (Samsung Electronics CO., LTD.)
Task: {EF6A26E5-F345-40A3-88A9-081676E06C1F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {F1355764-7523-4F64-8548-23F5425EB4FD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {F7CA037B-CC2A-4CA4-B2BC-2A237FA79FB2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4011729869-4120629402-3206314626-1000Core.job => C:\Users\Priit\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4011729869-4120629402-3206314626-1000UA.job => C:\Users\Priit\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 14:42 - 2016-07-16 14:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 14:42 - 2016-07-16 14:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2013-04-23 10:47 - 2011-04-11 08:26 - 00034304 _____ () C:\WINDOWS\System32\spe__l.dll
2011-04-14 02:41 - 2011-04-14 02:41 - 00034304 _____ () C:\WINDOWS\System32\ssb3ml6.dll
2016-02-15 21:01 - 2016-02-15 21:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-04-25 04:51 - 2016-07-03 07:04 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2014-09-06 17:50 - 2015-09-14 21:50 - 00075136 _____ () C:\WINDOWS\SysWoW64\PnkBstrA.exe
2010-08-12 17:45 - 2010-08-12 17:45 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
2015-06-19 14:55 - 2015-06-19 14:55 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2016-07-16 14:42 - 2016-07-16 14:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-04 22:09 - 2016-09-04 22:09 - 00959168 _____ () C:\Users\Priit\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-05-19 14:35 - 2016-07-03 17:14 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-04-15 23:13 - 2015-04-15 23:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-08-12 14:44 - 2015-12-21 21:02 - 01349824 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-07-16 14:42 - 2016-07-16 14:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 14:43 - 2016-07-16 14:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 14:43 - 2016-07-16 17:27 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-05 00:24 - 2016-08-20 07:54 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 14:43 - 2016-07-16 17:27 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-09-05 00:24 - 2016-08-20 07:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-05 00:25 - 2016-08-20 07:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-02-04 14:06 - 2014-02-04 14:06 - 00100616 _____ () C:\Program Files\TortoiseHg\TortoiseHgOverlayServer.exe
2012-10-27 09:28 - 2012-10-27 09:28 - 00128512 _____ () C:\Program Files\TortoiseHg\win32api.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00137728 _____ () C:\Program Files\TortoiseHg\pywintypes27.dll
2012-10-27 09:28 - 2012-10-27 09:28 - 00223232 _____ () C:\Program Files\TortoiseHg\win32gui.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00027648 _____ () C:\Program Files\TortoiseHg\win32pipe.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00023040 _____ () C:\Program Files\TortoiseHg\win32event.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00149504 _____ () C:\Program Files\TortoiseHg\win32file.pyd
2012-10-27 09:28 - 2012-10-27 09:28 - 00136192 _____ () C:\Program Files\TortoiseHg\win32security.pyd
2013-11-10 20:24 - 2013-11-10 20:24 - 00111616 _____ () C:\Program Files\TortoiseHg\_ctypes.pyd
2014-02-04 14:04 - 2014-02-04 14:04 - 00010752 _____ () C:\Program Files\TortoiseHg\mercurial.osutil.pyd
2012-10-27 09:27 - 2012-10-27 09:27 - 00044032 _____ () C:\Program Files\TortoiseHg\win32process.pyd
2012-10-27 09:29 - 2012-10-27 09:29 - 00503808 _____ () C:\Program Files\TortoiseHg\pythoncom27.dll
2012-10-27 09:31 - 2012-10-27 09:31 - 00438784 _____ () C:\Program Files\TortoiseHg\win32com.shell.shell.pyd
2013-03-14 00:41 - 2012-11-12 11:30 - 00408392 _____ () C:\Program Files (x86)\Mobile Broadband\CheckNDISPort_df.exe
2013-03-14 00:41 - 2012-10-16 13:05 - 00440648 _____ () C:\Program Files (x86)\Mobile Broadband\CancelAutoPlay_df.exe
2016-09-07 10:32 - 2016-09-07 10:32 - 00380928 _____ () C:\Users\Priit\Documents\foxcademy\gm1o3fsm.exe
2009-07-05 06:35 - 2009-07-05 06:35 - 00028160 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\servicemanager.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pywintypes26.dll
2009-07-05 06:35 - 2009-07-05 06:35 - 00041472 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32service.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00096256 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32api.pyd
2009-10-26 09:27 - 2009-10-26 09:27 - 00153088 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\pyexpat.pyd
2009-10-26 09:25 - 2009-10-26 09:25 - 00040448 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_socket.pyd
2009-10-26 09:25 - 2009-10-26 09:25 - 00645120 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ssl.pyd
2010-03-16 13:05 - 2010-03-16 13:05 - 00020480 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\zope.interface._zope_interface_coptimizations.pyd
2009-10-26 09:27 - 2009-10-26 09:27 - 00311808 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_hashlib.pyd
2009-10-26 09:25 - 2009-10-26 09:25 - 00073728 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\_ctypes.pyd
2009-10-26 09:27 - 2009-10-26 09:27 - 00011776 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\select.pyd
2010-05-05 13:44 - 2010-05-05 13:44 - 00010752 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.rand.pyd
2010-05-05 13:44 - 2010-05-05 13:44 - 00051200 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.crypto.pyd
2010-05-05 13:44 - 2010-05-05 13:44 - 00039936 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\OpenSSL.SSL.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00036352 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32process.pyd
2010-05-05 13:43 - 2010-05-05 13:43 - 00008192 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\twisted.protocols._c_urlarg.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00110592 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32security.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00017920 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32event.pyd
2009-07-06 04:16 - 2009-07-06 04:16 - 00111104 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32file.pyd
2009-07-05 06:35 - 2009-07-05 06:35 - 00024064 _____ () C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\win32pipe.pyd
2015-06-19 14:55 - 2015-06-19 14:55 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 01272128 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2011-08-15 14:12 - 2011-08-15 14:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2011-11-25 07:29 - 2011-11-25 07:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-15 14:12 - 2011-08-15 14:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 14:15 - 2011-08-15 14:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 10:48 - 2011-08-17 10:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 10:41 - 2011-08-17 10:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 10:48 - 2011-08-17 10:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 13:23 - 2011-08-15 13:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 07:28 - 2011-11-25 07:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 07:42 - 2011-11-25 07:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 07:26 - 2011-11-25 07:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00111936 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2015-06-19 14:55 - 2015-06-19 14:55 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2016-09-04 22:08 - 2016-09-04 22:08 - 00679624 _____ () C:\Users\Priit\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2015-11-09 08:52 - 2016-08-24 01:25 - 51330160 _____ () C:\Users\Priit\AppData\Roaming\Spotify\libcef.dll
2015-11-09 08:52 - 2016-08-24 01:25 - 01763952 _____ () C:\Users\Priit\AppData\Roaming\Spotify\libglesv2.dll
2015-11-09 08:52 - 2016-08-24 01:25 - 00088176 _____ () C:\Users\Priit\AppData\Roaming\Spotify\libegl.dll
2016-01-15 01:02 - 2016-03-11 03:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-15 01:02 - 2015-07-03 19:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-15 01:02 - 2016-03-31 23:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-15 01:01 - 2016-02-09 02:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-15 01:01 - 2016-02-09 02:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-15 01:01 - 2016-02-09 02:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-15 01:01 - 2016-02-09 02:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-15 01:01 - 2016-02-09 02:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-15 01:02 - 2015-07-03 19:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-15 01:02 - 2015-07-03 19:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-15 01:01 - 2016-03-31 23:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-01-15 01:01 - 2016-02-09 04:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-05-19 14:34 - 2016-07-03 16:42 - 08919232 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-08-08 22:41 - 2016-08-03 03:24 - 01771336 _____ () C:\Users\Priit\AppData\Local\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 22:41 - 2016-08-03 03:23 - 00094024 _____ () C:\Users\Priit\AppData\Local\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-08 22:40 - 2016-08-03 02:54 - 17602240 _____ () C:\Users\Priit\AppData\Local\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 05:34 - 2009-06-11 00:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Priit\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{0b2f7f65-e293-4c44-ba53-a1ea7c167ba3}.jpg
DNS Servers: 193.40.56.245 - 193.40.0.12
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "Samsung PanelMgr"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-4011729869-4120629402-3206314626-1000\...\StartupApproved\Run: => ""
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E5B5DD34-6910-4C7C-A050-15126B05DB42}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{8F7AC7BC-9F82-4109-8BC7-172BC01E8DE7}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{CD58FB80-FE35-4C57-9A19-B6D71855E2D6}C:\users\priit\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\priit\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{39807F87-F162-4A6A-892C-7EA6622FFB99}C:\users\priit\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\priit\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B6F29645-7B34-470F-8507-1EBAB821C023}C:\users\priit\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\priit\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{22B126F4-3F87-4E47-9160-B36FA3393D21}C:\users\priit\appdata\local\google\chrome\application\chrome.exe] => (Block) C:\users\priit\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{46FA2448-FAD6-4773-8B99-1F662F07B090}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Block) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe
FirewallRules: [TCP Query User{28327653-C06A-4D6C-BBE6-C58029B82C55}C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe] => (Block) C:\program files (x86)\fontforgebuilds\bin\vcxsrv\vcxsrv.exe
FirewallRules: [{8033D222-4F2D-435D-9127-702B71D62E52}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0D2F4D35-C731-4324-9DF1-3EC0260B7F98}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6FAA610E-9419-4EED-A6A4-C01496C66626}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{EFE7CFD6-0ADB-4167-B5A8-13B584DF8EC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2BC42C4F-4117-473E-8627-619CA09C64CD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{1D47D506-518E-4D32-A290-8195578D7A45}C:\program files (x86)\hydrairc\hydrairc.exe] => (Allow) C:\program files (x86)\hydrairc\hydrairc.exe
FirewallRules: [TCP Query User{30ED37DC-C897-4E7D-ADE9-98D3A9DFCE30}C:\program files (x86)\hydrairc\hydrairc.exe] => (Allow) C:\program files (x86)\hydrairc\hydrairc.exe
FirewallRules: [UDP Query User{B289D20A-949E-4EEE-9BC2-F0101E31DC7E}C:\users\priit\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\priit\appdata\local\popcorn time\nw.exe
FirewallRules: [TCP Query User{69250868-1DD0-4C36-A0B5-2E2291ADE053}C:\users\priit\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\priit\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{138A01E4-B24C-43BC-B573-66E9E2CDD7AF}C:\users\priit\downloads\eclipse-java-luna-sr1a-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\users\priit\downloads\eclipse-java-luna-sr1a-win32-x86_64\eclipse\eclipse.exe
FirewallRules: [TCP Query User{3D0D9525-F244-44F8-BF8E-D2EF56196FEA}C:\users\priit\downloads\eclipse-java-luna-sr1a-win32-x86_64\eclipse\eclipse.exe] => (Allow) C:\users\priit\downloads\eclipse-java-luna-sr1a-win32-x86_64\eclipse\eclipse.exe
FirewallRules: [{C8685540-A93A-4B7B-AA51-CE320E3C3BFE}] => (Block) C:\program files (x86)\jetbrains\intellij idea community edition 14.0.3\bin\idea.exe
FirewallRules: [{0A3BBE21-4674-4C28-B96D-5886288E47F3}] => (Block) C:\program files (x86)\jetbrains\intellij idea community edition 14.0.3\bin\idea.exe
FirewallRules: [UDP Query User{A35DB307-343B-4B8C-B740-182D5EDFF373}C:\program files (x86)\jetbrains\intellij idea community edition 14.0.3\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.0.3\bin\idea.exe
FirewallRules: [TCP Query User{32E0D739-02D0-4AD9-B097-6ABD14057797}C:\program files (x86)\jetbrains\intellij idea community edition 14.0.3\bin\idea.exe] => (Allow) C:\program files (x86)\jetbrains\intellij idea community edition 14.0.3\bin\idea.exe
FirewallRules: [UDP Query User{11ECEA6D-68EA-4AC9-8585-B0F35B26EE35}C:\program files\java\jdk1.8.0_31\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_31\bin\jmc.exe
FirewallRules: [TCP Query User{A0D213EB-4086-4A78-AECD-1460EEE88CA2}C:\program files\java\jdk1.8.0_31\bin\jmc.exe] => (Allow) C:\program files\java\jdk1.8.0_31\bin\jmc.exe
FirewallRules: [{509B4CAB-6135-4E2B-9F7E-C9419E821F49}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{BCFAB2D8-31D3-44A4-B9B3-FCF92BC1E4B2}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{D6165E09-D375-4A32-B19E-8A31BC4A75B4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{5FEBF9AA-161A-460E-8B5A-3865668BC3CC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{1A7C90EC-D1EA-4E9E-B7E9-F84D04D255ED}] => (Block) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [{F9FDBD47-34B0-4F8D-9302-37526FEB3F9B}] => (Block) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [UDP Query User{FB5F5FC8-2931-4782-A4B2-21DD6B14E361}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [TCP Query User{9A22B9C8-D752-4079-A917-CA9A06BE472B}C:\programdata\battle.net\agent\agent.3688\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3688\agent.exe
FirewallRules: [{9CC5BA7C-B09E-4B45-AEFC-25186A6DAA1F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{B761A4D8-9FF0-4981-9417-E80A83DBDCAD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{FD796671-4FC5-4167-9FBA-621EF2F6CF8B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E9A47BD0-AFF1-44AC-9C58-8E28B49CB93C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{A1399994-E5A4-49B0-9B9F-D99188364C9D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{70E788F7-B30F-4845-9BA7-378A09C11C6D}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{C2B03C90-F489-4663-B68A-5D949B759A6E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{D9663AC7-6983-4A9F-9515-7617DBE9FAA8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{0E0B2861-5674-4ACB-AAAC-18C758382A72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{9F0B0CE7-7D69-477E-B827-434AAB0A899A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{D726C0F7-7A5A-49B7-97AB-CC20421BE139}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{519386DE-200D-42AB-AD55-A6B7A3AB2FCC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C7A151CD-97A4-48F5-9244-E362DA589659}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EDBDA2FE-FFBD-42E5-93A8-EAF72F60621D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3268C667-907F-4406-B097-8EB70B488A22}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{7B272555-238D-43EA-9994-3A3E2A72665A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{51A24A95-AC13-4FF2-BA94-B35D6E73FF5E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{142A3C56-3A64-489D-9F7F-7644811AF3F4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [UDP Query User{9A67180B-E5FB-41DD-8296-004E5D70303A}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [TCP Query User{9E186F24-6FF9-4120-A538-BE99719A3CA0}C:\programdata\battle.net\agent\agent.3507\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3507\agent.exe
FirewallRules: [{DAB978E4-6B7E-42F2-AA7A-8CE410FF7323}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{9077E888-F93E-44C8-95F6-E1EF0D1DF66B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{7CD5516D-CF97-49D0-8071-549AE5E4904F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{57403324-020D-4588-96CD-7B84927FBBE4}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.exe
FirewallRules: [{917A4919-C673-4113-B463-17242957A2CA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{A35ABEA0-192F-4D6B-A031-28EDAB48D939}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3454\Agent.exe
FirewallRules: [{E105CE14-D96A-4863-8546-5B5764CE1E96}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [{7457452F-DA05-4BF2-B8E0-589990FFEFAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3427\Agent.exe
FirewallRules: [UDP Query User{F9F2A219-AD09-46AF-A115-AA713AC6934A}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [TCP Query User{A25AC115-7485-4940-89B3-A9F8F436C95A}C:\programdata\battle.net\agent\agent.3372\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3372\agent.exe
FirewallRules: [UDP Query User{D8E0A325-A938-4DCD-9862-9F2D5A152D18}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{97D6CF43-12C7-4C10-AA62-3C1A63296B3B}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{C6CB19C5-9564-428E-90FD-CD0B9E4014F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{D5644E53-DDFE-4B83-8FFC-3A4B31472BA7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3372\Agent.exe
FirewallRules: [{1187ED72-2271-4944-AD13-318320BEF364}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{7E9881B1-1993-4354-93E3-A5991ACFB9BA}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{14137C40-17F0-4F3C-8769-9BE7C297C8C0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{3876B3AC-8AF0-449C-809A-305B43E07F6A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [UDP Query User{F7B051A6-1998-4322-B280-3A54AE6B722F}C:\programdata\battle.net\agent\agent.3334\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3334\agent.exe
FirewallRules: [TCP Query User{E1DE29E7-8D49-4B72-8F23-B275AE8C81ED}C:\programdata\battle.net\agent\agent.3334\agent.exe] => (Block) C:\programdata\battle.net\agent\agent.3334\agent.exe
FirewallRules: [{772BB136-E91F-4655-96D5-F25699E579C9}] => (Block) C:\programdata\battle.net\agent\agent.3332\agent.exe
FirewallRules: [{F4FF8F09-6FFD-4CD9-8DE4-C412F593EBB6}] => (Block) C:\programdata\battle.net\agent\agent.3332\agent.exe
FirewallRules: [UDP Query User{52F9F0AC-D5F9-4275-A6FA-083F239F4C2D}C:\programdata\battle.net\agent\agent.3332\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3332\agent.exe
FirewallRules: [TCP Query User{7F0EAC17-623A-4779-8730-4399F7D6AADE}C:\programdata\battle.net\agent\agent.3332\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3332\agent.exe
FirewallRules: [{911AFE40-562D-4A49-B169-56CCE576B22D}] => (Block) C:\programdata\battle.net\agent\agent.3323\agent.exe
FirewallRules: [{B135F83F-433E-4BB6-B25F-D1586E066EE6}] => (Block) C:\programdata\battle.net\agent\agent.3323\agent.exe
FirewallRules: [UDP Query User{3B339E8A-65E1-4C86-9BB3-DC853857ED50}C:\programdata\battle.net\agent\agent.3323\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3323\agent.exe
FirewallRules: [TCP Query User{78166A58-4AB6-4FDC-80EE-59B71FB3FDF8}C:\programdata\battle.net\agent\agent.3323\agent.exe] => (Allow) C:\programdata\battle.net\agent\agent.3323\agent.exe
FirewallRules: [UDP Query User{2D4B316D-140F-4253-A96D-B794B44B8ED0}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [TCP Query User{66E067D3-4F6F-43E0-917F-DF65E5FF2802}C:\program files (x86)\mirc\mirc.exe] => (Allow) C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{AC19C6DD-9F9E-4905-81A5-81868398B05A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{38C3B013-EC11-466A-9B9B-19A5FA0B9D68}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3322\Agent.exe
FirewallRules: [{FBC1244D-1641-453B-BF90-3F2F609381C6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{8F40BF0E-9D99-48E2-92A6-CF4DBAE1F047}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [UDP Query User{9074381A-65ED-41E9-95A6-27211AD6CBDB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{154E0EE6-1F56-4256-83B1-2EEB1D395824}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{D8E333C2-6C50-488B-888D-C5129530B5B1}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{EAF8CB3F-F484-41F0-806A-F47AB941BA65}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{03523DDA-CA75-4A50-8384-77343610F0AB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{3EDDAC60-1DFB-4B8B-A537-9C61D87A5CA4}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{64F8EB3B-67AD-4384-9DC7-A535EF460F01}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{061E316C-E04E-4429-ACE1-CBDCAD3B9B0E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [UDP Query User{AD1271CD-5F55-40A1-91B6-6502DBE12F72}C:\users\priit\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\priit\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{3EFDFAE7-01C0-44B2-A3B1-CB60FF898BEF}C:\users\priit\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\priit\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{91052094-5633-4988-A4FE-27B5A997078C}C:\users\priit\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\priit\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{22B99D83-A87D-4F5D-9BE4-5B2F88554BD0}C:\users\priit\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\priit\appdata\local\akamai\netsession_win.exe
FirewallRules: [{F0CC9CE5-5566-4E65-BD8E-EB713DC3CEBD}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{95304422-B8FC-4FE6-A639-5D79790C5FEB}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{ED98246D-F934-4A40-9261-682C6F84CA1B}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{9A87B33E-B43A-4429-AE87-155E85CD2312}] => (Allow) LPort=1900
FirewallRules: [{290F27F0-4201-42D4-8E2E-78B406EF92F0}] => (Allow) LPort=2869
FirewallRules: [{9E99B000-5530-4461-8B13-6FFE16D08868}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B759D05D-2054-46A6-A13E-BD6A16B59FF5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{07F86122-A2E3-49FB-98A1-66FAB7BD7329}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8DA43044-472A-482C-A34C-FA96C5DC0EB9}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{87E1A528-A40C-43ED-97AF-4F8E28E445AE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D7142788-2517-42E6-8166-1F734C634B73}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7510D0AD-F6ED-4B57-8C54-643F17C0F857}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FE2F6B78-8676-4AF3-AB72-DD9193EB6527}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{40FAD8B2-D208-429E-B738-A1215ED74629}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [UDP Query User{AAC068E3-74DF-46D7-A78F-731102EA9C9C}C:\program files (x86)\wolfenstein - enemy territory\et.exe] => (Allow) C:\program files (x86)\wolfenstein - enemy territory\et.exe
FirewallRules: [TCP Query User{76B95F05-8F22-4A67-9C14-D890F046B4B6}C:\users\priit\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\priit\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{28E2897D-643E-43BB-9843-4E226F4CA818}C:\users\priit\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\priit\appdata\roaming\spotify\spotify.exe
FirewallRules: [{511A3CDC-1C9E-4567-9077-EE472A4396FF}] => (Block) C:\users\priit\appdata\roaming\spotify\spotify.exe
FirewallRules: [{B7BAE677-F10C-4643-BCB8-23F6C96E47F3}] => (Block) C:\users\priit\appdata\roaming\spotify\spotify.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/07/2016 10:33:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gm1o3fsm.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Faulting module name: gm1o3fsm.exe, version: 2.2.19882.0, time stamp: 0x56e2cdca
Exception code: 0xc0000005
Fault offset: 0x0008de57
Faulting process id: 0x2924
Faulting application start time: 0x01d208da0d6ee1dc
Faulting application path: C:\Users\Priit\Documents\foxcademy\gm1o3fsm.exe
Faulting module path: C:\Users\Priit\Documents\foxcademy\gm1o3fsm.exe
Report Id: 342cb281-bdf0-4a0d-8593-83ec5cba834a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/07/2016 10:31:11 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (09/07/2016 10:27:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Bootstrap.exe, version: 1.8.0.34787, time stamp: 0x4ecfc3f7
Faulting module name: DispatcherProxy.dll, version: 1.8.0.34787, time stamp: 0x4ecfc1e0
Exception code: 0x40000015
Fault offset: 0x000071ed
Faulting process id: 0x524
Faulting application start time: 0x01d20866576f0545
Faulting application path: C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Faulting module path: C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DispatcherProxy.dll
Report Id: 318e84c9-9225-41f4-ba47-127811c98099
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/06/2016 08:45:07 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
Error: (09/06/2016 08:45:07 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
 
Error: (09/06/2016 08:45:07 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
 
Error: (09/06/2016 08:45:07 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=23, authorId=8086, vendorId=0, vendorType=0
 
Error: (09/06/2016 08:45:07 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=21, authorId=8086, vendorId=0, vendorType=0
 
Error: (09/06/2016 08:45:07 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=18, authorId=8086, vendorId=0, vendorType=0
 
Error: (09/06/2016 08:45:07 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
 
 
System errors:
=============
Error: (09/07/2016 10:45:11 AM) (Source: DCOM) (EventID: 10010) (User: Priidu-SAMSA)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (09/06/2016 08:44:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/06/2016 07:02:05 PM) (Source: DCOM) (EventID: 10010) (User: Priidu-SAMSA)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (09/06/2016 07:02:05 PM) (Source: DCOM) (EventID: 10010) (User: Priidu-SAMSA)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (09/06/2016 07:01:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/05/2016 01:37:38 AM) (Source: DCOM) (EventID: 10010) (User: Priidu-SAMSA)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (09/05/2016 12:40:54 AM) (Source: DCOM) (EventID: 10010) (User: Priidu-SAMSA)
Description: The server {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C} did not register with DCOM within the required timeout.
 
Error: (09/04/2016 11:51:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/04/2016 11:51:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/04/2016 11:51:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-07 10:48:57.893
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-07 10:48:57.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-07 10:48:57.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-07 10:33:54.784
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-07 10:33:54.780
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-07 10:33:54.773
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-06 17:38:59.341
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-06 17:38:59.337
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-06 17:38:59.330
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-06 17:38:58.602
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3317U CPU @ 1.70GHz
Percentage of memory in use: 69%
Total physical RAM: 3797.53 MB
Available physical RAM: 1158.2 MB
Total Virtual: 7637.53 MB
Available Virtual: 4468.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:94.45 GB) (Free:13.65 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 83953FFC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=94.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=4.3 GB) - (Type=84)
Partition 4: (Not Active) - (Size=20.4 GB) - (Type=27)
 
==================== End of Addition.txt ============================


#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:11 PM

Posted 08 September 2016 - 03:30 PM

Hi there,

I have reviewed your log, and I will return with instructions in several hours as it is late night here.

#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:11 PM

Posted 10 September 2016 - 07:28 AM

Hello porgandpoiss,

Please take note of the instructions below.

:step1: FRST is running from C:\Users\Priit\Documents\foxcademy. Please move FRST to the Desktop.

===

:step2: Do you recognize this file?

 
() C:\Users\Priit\Documents\foxcademy\gm1o3fsm.exe
===

:step3: Did you set this proxy?
ProxyServer: [S-1-5-21-4011729869-4120629402-3206314626-1000] => cache.ut.ee:3128
===

:step4: VirusTotal file analysis
  • Go to VirusTotal.
  • Click Choose File and navigate to the following file:
    C:\Users\Priit\AppData\Local\Temp\i4jdel0.exe
  • Press Scan it! and wait for VirusTotal to complete scanning.
  • When VirusTotal finished scanning, copy and paste the link to the result list into your next reply. You can see the image below as an example of what to copy.
    THmd0qR.png
  • Repeat the steps above with the following files:
    C:\Users\Priit\934E4D2C83D72B183DDDCC8774454C53.dat
    C:\Users\Priit\Documents\foxcademy\gm1o3fsm.exe
    C:\WINDOWS\System32\qmgr.dll
===

:step5: Uninstalling Programs

Click the Start orb on the taskbar, and then click the Control Panel button.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting Remove:

Popcorn Time

Additional instructions can be found here if needed.

===

:step6: Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
Please post back when you have completed all steps - if there were any issues, please let me know.

Attached Files


Edited by Sintharius, 10 September 2016 - 07:29 AM.


#6 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:11 PM

Posted 12 September 2016 - 06:42 PM

Are you still with me? It has been three days since my last post.

#7 porgandpoiss

porgandpoiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 13 September 2016 - 03:56 AM

Hi Sintharius. Sorry for the late reply. Below are three scanned files. gm1o3fsm.exe is a renamed GMER. I cant find qmgr,dll with the upload tool, but windows explorer still shows it. I tried uploading the file by dragging it to upload window from windows explorer, but then it shows the file having a size of 0 bytes. When uninstalling popcorn time, it told me the program had already been uninstalled and prompted me to remove it from the list of installed programs. I did not run the farbar recovery yet because I couldnt upload qmgr.dll, should I?

 

https://www.virustotal.com/en/file/9090e674834008f3bfad5d19cc9b1b44702700d337ac26628d2c9076ada09e60/analysis/1473755584/

https://www.virustotal.com/en/file/a8100ae6aa1940d0b663bb31cd466142ebbdbd5187131b92d93818987832eb89/analysis/1473755478/

https://www.virustotal.com/en/file/e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173/analysis/1473756881/

 

edit:\\ Yes, I set the cache.ut.ee proxy.


Edited by porgandpoiss, 13 September 2016 - 03:59 AM.


#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:11 PM

Posted 13 September 2016 - 04:21 PM

Hello porgandpoiss,

Please run the fixlist with FRST as instructed and post the result here :)

#9 porgandpoiss

porgandpoiss
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:11 AM

Posted 17 September 2016 - 08:04 AM

Hello Sintharius

 

The fixlist is posted below.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2016
Ran by Priit (17-09-2016 15:55:38) Run:1
Running from C:\Users\Priit\Desktop
Loaded Profiles: Priit (Available Profiles: Priit & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
file: C:\Users\Priit\Documents\foxcademy\gm1o3fsm.exe
file: C:\Users\Priit\934E4D2C83D72B183DDDCC8774454C53.dat
file: C:\Users\Priit\AppData\Local\Temp\i4jdel0.exe
file: C:\WINDOWS\System32\qmgr.dll
*****************
 
 
========================= file: C:\Users\Priit\Documents\foxcademy\gm1o3fsm.exe ========================
 
File not signed
MD5: E9DC058440D321AA17D0600B3CA0AB04
Creation and modification date: 2016-09-07 10:32 - 2016-09-07 10:32
Size: 0380928
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 2, 2, 19882
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= file: C:\Users\Priit\934E4D2C83D72B183DDDCC8774454C53.dat ========================
 
File not signed
MD5: 00594FD4F42BA43FC1CA0427A0576295
Creation and modification date: 2015-11-22 16:50 - 2015-11-23 08:33
Size: 0000001
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= file: C:\Users\Priit\AppData\Local\Temp\i4jdel0.exe ========================
 
File is digitally signed
MD5: DE395ADB369470A953A11B8C300697E2
Creation and modification date: 2016-09-05 11:04 - 2016-09-15 18:57
Size: 0035680
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
====== End of File: ======
 
 
========================= file: C:\WINDOWS\System32\qmgr.dll ========================
 
File is digitally signed
MD5: BC27BF1FCD63540A194E549FB80C9C8D
Creation and modification date: 2016-09-05 02:25 - 2016-09-05 02:25
Size: 1052672
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: qmgr.dll
Original Name: qmgr.dll
Product: Microsoft® Windows® Operating System
Description: Background Intelligent Transfer Service
File Version: 7.8.14393.82 (rs1_release.160805-1735)
Product Version: 7.8.14393.82
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End of File: ======
 
 
==== End of Fixlog 15:55:39 ====


#10 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:11 PM

Posted 20 September 2016 - 03:32 AM

Hello porgandpoiss,

The qmgr.dll file appears to be clean - I would say it was a false alarm from GMER.

Please run one last scanner just to be sure.

Malwarebytes Anti-Rootkit

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double click on downloaded file. OK self extracting prompt.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
If there are any problems or concerns left, just let me know.

#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:11:11 PM

Posted 23 September 2016 - 04:37 PM

Hi there,

Are you still with me? It has been three days since my last post.

#12 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:11 PM

Posted 27 September 2016 - 08:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users