Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

huge Qualcomm atheros client installation program size


  • This topic is locked This topic is locked
6 replies to this topic

#1 joety22

joety22

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 07 November 2016 - 09:02 AM

Hello there Bleeping Computer.

 

While doing some cleanup and maintenance on my laptop found that "Qualcomm atheros client installation program" had a HUGE size of 11,5 GB. Along with a general slowness makes me suspect malware?

 

Have performed searches and checked forums but could not find any further guidance.

 

---

The following are the two FRST64 files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by jotrys (administrator) on ASUS (07-11-2016 14:42:07)
Running from D:\Downloads
Loaded Profiles: jotrys & UpdatusUser (Available Profiles: jotrys & UpdatusUser)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Mythicsoft Ltd) C:\Program Files\Mythicsoft\FileLocator Pro\FileLocatorPro.exe
(TrueCrypt Foundation) C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [6783280 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61648 2016-09-26] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-11-02] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-16] (Stardock Corporation)
HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\Run: [Dropbox Update] => C:\Users\jotrys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-05-09] (Dropbox, Inc.)
HKU\S-1-5-21-3743678174-480702614-3700363307-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177672 2015-11-19] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [157976 2015-11-19] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk [2013-11-26]
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{1c724f9e-a22c-4dbb-bfac-6261b135208d}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{6a0ddb34-5bc4-4035-b7d7-44bce097b1ae}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{fe7ee357-71ee-4a92-98d3-c0cd68adf263}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131192375190224194&GUID=755CDFE2-8D2A-49B6-8FEC-DB4B809BE909
HKU\S-1-5-21-3743678174-480702614-3700363307-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131192375190246046&GUID=755CDFE2-8D2A-49B6-8FEC-DB4B809BE909
SearchScopes: HKLM -> {3E1828C4-2B44-548A-8EAA-4DCDDC09BD9C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3743678174-480702614-3700363307-1000 -> {3E1828C4-2B44-548A-8EAA-4DCDDC09BD9C} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {A796D216-2DE1-4EA8-BABB-FE6E7C959098} hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} 
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF DefaultProfile: sk9fboe5.default
FF ProfilePath: C:\Users\jotrys\AppData\Roaming\Pencil\Profiles\mmz2i0bh.default [2015-06-27]
FF ProfilePath: C:\Users\jotrys\AppData\Roaming\Mozilla\Firefox\Profiles\sk9fboe5.default [2016-11-04]
FF Extension: (Avira Browser Safety) - C:\Users\jotrys\AppData\Roaming\Mozilla\Firefox\Profiles\sk9fboe5.default\Extensions\abs@avira.com.xpi [2016-11-04]
FF Extension: (Web Developer) - C:\Users\jotrys\AppData\Roaming\Mozilla\Firefox\Profiles\sk9fboe5.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-08-29]
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-08-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-09] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3743678174-480702614-3700363307-1000: @citrixonline.com/appdetectorplugin -> C:\Users\jotrys\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-05-16] (Citrix Online)
FF Plugin HKU\S-1-5-21-3743678174-480702614-3700363307-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\jotrys\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3743678174-480702614-3700363307-1000: @talk.google.com/O1DPlugin -> C:\Users\jotrys\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3743678174-480702614-3700363307-1000: @tools.google.com/Google Update;version=3 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3743678174-480702614-3700363307-1000: @tools.google.com/Google Update;version=9 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin HKU\S-1-5-21-3743678174-480702614-3700363307-1000: SkypePlugin -> C:\Users\jotrys\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi.dll [2016-09-22] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-3743678174-480702614-3700363307-1000: SkypePlugin64 -> C:\Users\jotrys\AppData\Local\SkypePlugin\7.26.0.48\npGatewayNpapi-x64.dll [2016-09-22] (Skype Technologies S.A.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-05-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-05-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-05-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-05-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-05-07] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\jotrys\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\jotrys\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://clicky.com/user/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default [2016-02-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]
CHR Extension: (YouTube) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-12]
CHR Extension: (Google Search) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-29]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2014-04-07]
CHR Extension: (MozBar) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2014-08-23]
CHR Extension: (Boards for Trello) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\eknhddnoflchkcccjgdddmnimjggiona [2014-02-28]
CHR Extension: (SiteAdvisor) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-12]
CHR Extension: (avast! Online Security) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-29]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2014-04-01]
CHR Extension: (Wappalyzer) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2014-10-10]
CHR Extension: (feedly) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-09-01]
CHR Extension: (Appspector) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\homgcnaoacgigpkkljjjekpignblkeae [2014-06-04]
CHR Extension: (YSlow) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2014-04-23]
CHR Extension: (Google Wallet) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR Extension: (Gmail) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-11]
CHR Profile: C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default [2016-11-07]
CHR Extension: (SEOquake) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2016-11-03]
CHR Extension: (Discover DevTools Companion) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\angkfkebojeancgemegoedelbnjgcgme [2015-09-03]
CHR Extension: (Web Developer) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-07-25]
CHR Extension: (ColorZilla) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2015-06-26]
CHR Extension: (Bellen via Skype) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-09-29]
CHR Extension: (YouTube) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-24]
CHR Extension: (Adblock Plus) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-27]
CHR Extension: (OneTab) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-08-13]
CHR Extension: (Google Search) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (BuiltWith Technology Profiler) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\dapjbgnjinbpoindlpdmhochffioedbn [2016-07-19]
CHR Extension: (MozBar) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2016-11-03]
CHR Extension: (Page Analytics (by Google)) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnbdnhhicmebfgdgglcdacdapkcihcoh [2016-06-10]
CHR Extension: (Offline Documenten) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (PageSpeed Insights (by Google)) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli [2015-04-30]
CHR Extension: (Wappalyzer) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2016-09-05]
CHR Extension: (Web Developer Checklist) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahamcpedabephpcgkeikbclmaljebjp [2015-04-30]
CHR Extension: (Cookies) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno [2015-10-08]
CHR Extension: (Page Ruler) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2016-05-29]
CHR Extension: (Type Sample) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobccjjaffckfoggljonehppmldgmkmh [2015-05-15]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-09-29]
CHR Extension: (HTTP/2 and SPDY indicator) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbpobfflnpcgagjijhmgnchggcjblin [2016-03-16]
CHR Extension: (YSlow) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\ninejjcohidippngpapiilnmkgllmakh [2015-06-27]
CHR Extension: (The Printliminator) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nklechikgnfoonbfmcalddjcpmcmgapf [2016-07-07]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Print Edit WE) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\olnblpmehglpcallpnbgmikjblmkopia [2016-11-07]
CHR Extension: (Gmail) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-11-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-11-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-11-02] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-11-02] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350584 2016-09-26] (Avira Operations GmbH & Co. KG)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2010-04-29] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [262144 2009-10-01] (Intel Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2314240 2009-10-01] (Intel Corporation) [File not signed]
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [305152 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [151352 2016-11-02] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [153392 2016-09-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [35488 2016-09-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [78208 2016-09-27] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [23640 2016-09-27] (Avira Operations GmbH & Co. KG)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-21] ( )
R3 L1C; C:\WINDOWS\System32\drivers\L1C62x64.sys [129224 2013-07-16] (Qualcomm Atheros Co., Ltd.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 TurboB; C:\WINDOWS\System32\DRIVERS\TurboB.sys [13784 2009-08-06] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U4 aspnet_state; no ImagePath
U0 aswVmm; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-07 14:41 - 2016-11-07 14:42 - 00000000 ____D C:\FRST
2016-11-07 13:12 - 2016-11-07 13:12 - 00000332 _____ C:\Users\jotrys\Desktop\All Programs List.txt
2016-11-07 12:16 - 2016-11-07 12:23 - 00000000 ____D C:\Program Files (x86)\Decrap my Computer
2016-11-07 12:16 - 2016-11-07 12:16 - 00001946 _____ C:\Users\jotrys\Desktop\Decrap my Computer.lnk
2016-11-07 12:16 - 2016-11-07 12:16 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Decrap my Computer
2016-11-07 12:07 - 2016-11-07 12:07 - 00001081 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-11-07 12:07 - 2016-11-07 12:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-11-07 12:07 - 2016-11-07 12:07 - 00000000 ____D C:\Program Files\VS Revo Group
2016-11-02 23:02 - 2016-11-02 23:02 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor
2016-11-02 13:36 - 2016-11-02 13:36 - 00000000 ____D C:\Users\jotrys\AppData\Local\Chromium
2016-11-01 19:06 - 2016-11-01 19:06 - 00001039 _____ C:\Users\jotrys\Desktop\style.css - Shortcut.lnk
2016-10-31 13:46 - 2016-10-31 13:46 - 00371222 _____ C:\Users\jotrys\Desktop\Untitled.pdf
2016-10-28 16:40 - 2016-10-28 16:40 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-28 10:51 - 2016-10-15 05:48 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-10-28 10:51 - 2016-10-15 05:26 - 04129928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-28 10:51 - 2016-10-15 05:26 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-10-28 10:51 - 2016-10-15 05:26 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-10-28 10:51 - 2016-10-15 05:26 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-10-28 10:51 - 2016-10-15 05:15 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-10-28 10:51 - 2016-10-15 04:41 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-28 10:51 - 2016-10-15 04:36 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-10-28 10:50 - 2016-10-15 06:11 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-28 10:50 - 2016-10-15 05:51 - 00894088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-28 10:50 - 2016-10-15 05:51 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-28 10:50 - 2016-10-15 05:51 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-28 10:50 - 2016-10-15 05:48 - 07817568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-28 10:50 - 2016-10-15 05:48 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-28 10:50 - 2016-10-15 05:48 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-28 10:50 - 2016-10-15 05:48 - 00773712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-10-28 10:50 - 2016-10-15 05:47 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-10-28 10:50 - 2016-10-15 05:43 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-10-28 10:50 - 2016-10-15 05:41 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-10-28 10:50 - 2016-10-15 05:38 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-10-28 10:50 - 2016-10-15 05:37 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-10-28 10:50 - 2016-10-15 05:33 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-10-28 10:50 - 2016-10-15 05:32 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-10-28 10:50 - 2016-10-15 05:30 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-28 10:50 - 2016-10-15 05:30 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-10-28 10:50 - 2016-10-15 05:30 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-10-28 10:50 - 2016-10-15 05:30 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-10-28 10:50 - 2016-10-15 05:29 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-28 10:50 - 2016-10-15 05:29 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-10-28 10:50 - 2016-10-15 05:26 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-28 10:50 - 2016-10-15 05:26 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-10-28 10:50 - 2016-10-15 05:26 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-10-28 10:50 - 2016-10-15 05:26 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-10-28 10:50 - 2016-10-15 05:26 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-10-28 10:50 - 2016-10-15 05:26 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-10-28 10:50 - 2016-10-15 05:25 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-10-28 10:50 - 2016-10-15 05:25 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-10-28 10:50 - 2016-10-15 05:22 - 01608896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-10-28 10:50 - 2016-10-15 05:22 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-10-28 10:50 - 2016-10-15 05:22 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-10-28 10:50 - 2016-10-15 05:22 - 00628040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-28 10:50 - 2016-10-15 05:21 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-28 10:50 - 2016-10-15 05:18 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-28 10:50 - 2016-10-15 05:18 - 00576400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-28 10:50 - 2016-10-15 05:18 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-10-28 10:50 - 2016-10-15 05:15 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-28 10:50 - 2016-10-15 05:11 - 01424488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-10-28 10:50 - 2016-10-15 05:11 - 01263848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-10-28 10:50 - 2016-10-15 05:10 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-28 10:50 - 2016-10-15 05:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-10-28 10:50 - 2016-10-15 05:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-10-28 10:50 - 2016-10-15 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-10-28 10:50 - 2016-10-15 05:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-10-28 10:50 - 2016-10-15 04:59 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-10-28 10:50 - 2016-10-15 04:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-10-28 10:50 - 2016-10-15 04:59 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-10-28 10:50 - 2016-10-15 04:58 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-10-28 10:50 - 2016-10-15 04:58 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-10-28 10:50 - 2016-10-15 04:57 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-28 10:50 - 2016-10-15 04:57 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-28 10:50 - 2016-10-15 04:57 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-28 10:50 - 2016-10-15 04:56 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-10-28 10:50 - 2016-10-15 04:56 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-10-28 10:50 - 2016-10-15 04:56 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-10-28 10:50 - 2016-10-15 04:56 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-10-28 10:50 - 2016-10-15 04:56 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-10-28 10:50 - 2016-10-15 04:55 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-10-28 10:50 - 2016-10-15 04:55 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-10-28 10:50 - 2016-10-15 04:55 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-10-28 10:50 - 2016-10-15 04:55 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-28 10:50 - 2016-10-15 04:54 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-10-28 10:50 - 2016-10-15 04:54 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-10-28 10:50 - 2016-10-15 04:54 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-10-28 10:50 - 2016-10-15 04:54 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-10-28 10:50 - 2016-10-15 04:54 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-10-28 10:50 - 2016-10-15 04:54 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-28 10:50 - 2016-10-15 04:54 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-10-28 10:50 - 2016-10-15 04:53 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-10-28 10:50 - 2016-10-15 04:53 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-10-28 10:50 - 2016-10-15 04:53 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-10-28 10:50 - 2016-10-15 04:53 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-10-28 10:50 - 2016-10-15 04:53 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-10-28 10:50 - 2016-10-15 04:53 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-10-28 10:50 - 2016-10-15 04:52 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-28 10:50 - 2016-10-15 04:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-10-28 10:50 - 2016-10-15 04:52 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-10-28 10:50 - 2016-10-15 04:52 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-10-28 10:50 - 2016-10-15 04:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-10-28 10:50 - 2016-10-15 04:51 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-10-28 10:50 - 2016-10-15 04:51 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-10-28 10:50 - 2016-10-15 04:50 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-10-28 10:50 - 2016-10-15 04:50 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-10-28 10:50 - 2016-10-15 04:50 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-10-28 10:50 - 2016-10-15 04:50 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-10-28 10:50 - 2016-10-15 04:50 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-10-28 10:50 - 2016-10-15 04:49 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-28 10:50 - 2016-10-15 04:49 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-10-28 10:50 - 2016-10-15 04:49 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-10-28 10:50 - 2016-10-15 04:49 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-10-28 10:50 - 2016-10-15 04:49 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-10-28 10:50 - 2016-10-15 04:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-10-28 10:50 - 2016-10-15 04:48 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-10-28 10:50 - 2016-10-15 04:48 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-10-28 10:50 - 2016-10-15 04:48 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-10-28 10:50 - 2016-10-15 04:48 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-10-28 10:50 - 2016-10-15 04:47 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-10-28 10:50 - 2016-10-15 04:47 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-10-28 10:50 - 2016-10-15 04:46 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-10-28 10:50 - 2016-10-15 04:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 10:50 - 2016-10-15 04:46 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-10-28 10:50 - 2016-10-15 04:45 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-28 10:50 - 2016-10-15 04:44 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-10-28 10:50 - 2016-10-15 04:44 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 10:50 - 2016-10-15 04:44 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-10-28 10:50 - 2016-10-15 04:44 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-10-28 10:50 - 2016-10-15 04:43 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-10-28 10:50 - 2016-10-15 04:43 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-28 10:50 - 2016-10-15 04:43 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-10-28 10:50 - 2016-10-15 04:43 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-28 10:50 - 2016-10-15 04:42 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-28 10:50 - 2016-10-15 04:42 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-28 10:50 - 2016-10-15 04:42 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-10-28 10:50 - 2016-10-15 04:42 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 10:50 - 2016-10-15 04:42 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-10-28 10:50 - 2016-10-15 04:42 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-10-28 10:50 - 2016-10-15 04:42 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-10-28 10:50 - 2016-10-15 04:41 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-10-28 10:50 - 2016-10-15 04:41 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-10-28 10:50 - 2016-10-15 04:41 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-10-28 10:50 - 2016-10-15 04:41 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-10-28 10:50 - 2016-10-15 04:41 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-28 10:50 - 2016-10-15 04:40 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-28 10:50 - 2016-10-15 04:39 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-28 10:50 - 2016-10-15 04:39 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-10-28 10:50 - 2016-10-15 04:39 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-10-28 10:50 - 2016-10-15 04:39 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-28 10:50 - 2016-10-15 04:39 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-10-28 10:50 - 2016-10-15 04:39 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-10-28 10:50 - 2016-10-15 04:39 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-10-28 10:50 - 2016-10-15 04:39 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-10-28 10:50 - 2016-10-15 04:38 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-28 10:50 - 2016-10-15 04:38 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-10-28 10:50 - 2016-10-15 04:38 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-28 10:50 - 2016-10-15 04:38 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-28 10:50 - 2016-10-15 04:38 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-10-28 10:50 - 2016-10-15 04:38 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-28 10:50 - 2016-10-15 04:37 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-28 10:50 - 2016-10-15 04:37 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-10-28 10:50 - 2016-10-15 04:37 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-28 10:50 - 2016-10-15 04:37 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-10-28 10:50 - 2016-10-15 04:37 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-10-28 10:50 - 2016-10-15 04:37 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-10-28 10:50 - 2016-10-15 04:36 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-28 10:50 - 2016-10-15 04:36 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-10-28 10:50 - 2016-10-15 04:36 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-28 10:50 - 2016-10-15 04:36 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-10-28 10:50 - 2016-10-15 04:36 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-10-28 10:50 - 2016-10-15 04:36 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-10-28 10:50 - 2016-10-15 04:36 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-28 10:50 - 2016-10-15 04:36 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-10-28 10:50 - 2016-10-15 04:36 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-10-28 10:50 - 2016-10-15 04:36 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 02999808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-10-28 10:50 - 2016-10-15 04:35 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-10-28 10:50 - 2016-10-15 04:35 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-10-28 10:50 - 2016-10-15 04:34 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-10-28 10:50 - 2016-10-15 04:34 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-10-28 10:50 - 2016-10-15 04:31 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-10-28 10:50 - 2016-09-10 14:21 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-10-28 10:50 - 2016-08-27 06:12 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-28 10:49 - 2016-10-15 05:51 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-10-28 10:49 - 2016-10-15 05:51 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-28 10:49 - 2016-10-15 05:38 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-10-28 10:49 - 2016-10-15 05:34 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-10-28 10:49 - 2016-10-15 05:32 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-10-28 10:49 - 2016-10-15 05:31 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-10-28 10:49 - 2016-10-15 05:31 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-28 10:49 - 2016-10-15 05:31 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-28 10:49 - 2016-10-15 05:31 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-28 10:49 - 2016-10-15 05:31 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-28 10:49 - 2016-10-15 05:30 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-10-28 10:49 - 2016-10-15 05:30 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-10-28 10:49 - 2016-10-15 05:29 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-10-28 10:49 - 2016-10-15 05:29 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-10-28 10:49 - 2016-10-15 05:29 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-10-28 10:49 - 2016-10-15 05:26 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-10-28 10:49 - 2016-10-15 05:26 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-10-28 10:49 - 2016-10-15 05:26 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-10-28 10:49 - 2016-10-15 05:21 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-28 10:49 - 2016-10-15 05:21 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-10-28 10:49 - 2016-10-15 05:21 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-10-28 10:49 - 2016-10-15 05:20 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-10-28 10:49 - 2016-10-15 05:19 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-28 10:49 - 2016-10-15 05:19 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-10-28 10:49 - 2016-10-15 05:18 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-10-28 10:49 - 2016-10-15 05:18 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-10-28 10:49 - 2016-10-15 05:18 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-10-28 10:49 - 2016-10-15 05:15 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-10-28 10:49 - 2016-10-15 05:15 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-10-28 10:49 - 2016-10-15 05:15 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-10-28 10:49 - 2016-10-15 05:15 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-10-28 10:49 - 2016-10-15 05:15 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-10-28 10:49 - 2016-10-15 05:15 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-10-28 10:49 - 2016-10-15 05:14 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-10-28 10:49 - 2016-10-15 05:11 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-10-28 10:49 - 2016-10-15 05:11 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-28 10:49 - 2016-10-15 05:06 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-10-28 10:49 - 2016-10-15 05:05 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-10-28 10:49 - 2016-10-15 05:02 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-28 10:49 - 2016-10-15 05:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-10-28 10:49 - 2016-10-15 04:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-10-28 10:49 - 2016-10-15 04:58 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-10-28 10:49 - 2016-10-15 04:57 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-10-28 10:49 - 2016-10-15 04:57 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-10-28 10:49 - 2016-10-15 04:56 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-28 10:49 - 2016-10-15 04:56 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-10-28 10:49 - 2016-10-15 04:56 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-10-28 10:49 - 2016-10-15 04:56 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-10-28 10:49 - 2016-10-15 04:56 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-10-28 10:49 - 2016-10-15 04:56 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-10-28 10:49 - 2016-10-15 04:55 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-10-28 10:49 - 2016-10-15 04:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-10-28 10:49 - 2016-10-15 04:55 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-10-28 10:49 - 2016-10-15 04:55 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-10-28 10:49 - 2016-10-15 04:55 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-10-28 10:49 - 2016-10-15 04:54 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-28 10:49 - 2016-10-15 04:54 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-10-28 10:49 - 2016-10-15 04:54 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-10-28 10:49 - 2016-10-15 04:54 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-28 10:49 - 2016-10-15 04:54 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-10-28 10:49 - 2016-10-15 04:54 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-10-28 10:49 - 2016-10-15 04:53 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-10-28 10:49 - 2016-10-15 04:53 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-10-28 10:49 - 2016-10-15 04:53 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-10-28 10:49 - 2016-10-15 04:52 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-10-28 10:49 - 2016-10-15 04:51 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-10-28 10:49 - 2016-10-15 04:51 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-10-28 10:49 - 2016-10-15 04:50 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-10-28 10:49 - 2016-10-15 04:50 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-10-28 10:49 - 2016-10-15 04:50 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-10-28 10:49 - 2016-10-15 04:50 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-28 10:49 - 2016-10-15 04:50 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-10-28 10:49 - 2016-10-15 04:49 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-10-28 10:49 - 2016-10-15 04:49 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-10-28 10:49 - 2016-10-15 04:49 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-28 10:49 - 2016-10-15 04:49 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-10-28 10:49 - 2016-10-15 04:48 - 23680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-28 10:49 - 2016-10-15 04:47 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-10-28 10:49 - 2016-10-15 04:47 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-28 10:49 - 2016-10-15 04:47 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-28 10:49 - 2016-10-15 04:47 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-10-28 10:49 - 2016-10-15 04:47 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-10-28 10:49 - 2016-10-15 04:46 - 19418112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-28 10:49 - 2016-10-15 04:46 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-28 10:49 - 2016-10-15 04:46 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-10-28 10:49 - 2016-10-15 04:45 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-10-28 10:49 - 2016-10-15 04:45 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-10-28 10:49 - 2016-10-15 04:45 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-10-28 10:49 - 2016-10-15 04:45 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-10-28 10:49 - 2016-10-15 04:44 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-10-28 10:49 - 2016-10-15 04:44 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-10-28 10:49 - 2016-10-15 04:42 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-28 10:49 - 2016-10-15 04:42 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-28 10:49 - 2016-10-15 04:42 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-10-28 10:49 - 2016-10-15 04:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-10-28 10:49 - 2016-10-15 04:41 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-28 10:49 - 2016-10-15 04:41 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-10-28 10:49 - 2016-10-15 04:41 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-10-28 10:49 - 2016-10-15 04:40 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-28 10:49 - 2016-10-15 04:39 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-10-28 10:49 - 2016-10-15 04:39 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-28 10:49 - 2016-10-15 04:39 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-10-28 10:49 - 2016-10-15 04:39 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-10-28 10:49 - 2016-10-15 04:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-10-28 10:49 - 2016-10-15 04:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-10-28 10:49 - 2016-10-15 04:39 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-10-28 10:49 - 2016-10-15 04:39 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-10-28 10:49 - 2016-10-15 04:38 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-10-28 10:49 - 2016-10-15 04:38 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-10-28 10:49 - 2016-10-15 04:37 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-10-28 10:49 - 2016-10-15 04:37 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-10-28 10:49 - 2016-10-15 04:37 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-28 10:49 - 2016-10-15 04:37 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-10-28 10:49 - 2016-10-15 04:37 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-28 10:49 - 2016-10-15 04:37 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-28 10:49 - 2016-10-15 04:37 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-10-28 10:49 - 2016-10-15 04:36 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-10-28 10:49 - 2016-10-15 04:36 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-10-28 10:49 - 2016-10-15 04:35 - 02670592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-28 10:49 - 2016-10-15 04:35 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-28 10:49 - 2016-10-15 04:35 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-28 10:49 - 2016-10-15 04:35 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-28 10:49 - 2016-10-15 04:35 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-28 10:49 - 2016-10-15 04:35 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-10-28 10:49 - 2016-10-15 04:35 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-10-28 10:49 - 2016-10-15 04:35 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-10-28 10:49 - 2016-10-15 04:34 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-28 10:49 - 2016-10-15 04:34 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-28 10:49 - 2016-10-15 04:34 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-28 10:49 - 2016-10-15 04:34 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-10-28 10:49 - 2016-10-15 04:32 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-10-28 10:49 - 2016-08-06 05:17 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-27 15:11 - 2016-11-02 23:01 - 00002562 _____ C:\Users\jotrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2016-10-27 15:11 - 2016-11-02 23:01 - 00002554 _____ C:\Users\jotrys\Desktop\Google Chrome Canary.lnk
2016-10-27 10:27 - 2016-10-29 11:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-26 19:16 - 2016-10-26 19:16 - 00002320 _____ C:\Users\jotrys\Desktop\Divi-Website-Text-and-Design.lnk
2016-10-12 16:59 - 2016-10-12 16:59 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\Avira
2016-10-12 16:57 - 2016-10-12 16:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-10-12 16:57 - 2016-09-27 13:19 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2016-10-12 16:56 - 2016-11-02 11:43 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-10-12 16:56 - 2016-09-27 13:19 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-10-12 16:56 - 2016-09-27 13:19 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2016-10-12 16:56 - 2016-09-27 13:19 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2016-10-12 16:54 - 2016-11-02 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-10-12 16:54 - 2016-10-12 16:56 - 00000000 ____D C:\ProgramData\Avira
2016-10-12 16:54 - 2016-10-12 16:56 - 00000000 ____D C:\Program Files (x86)\Avira
2016-10-12 16:54 - 2016-10-12 16:54 - 00001279 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-10-12 11:59 - 2016-10-12 11:59 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-10-12 10:54 - 2016-10-05 11:17 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-12 10:54 - 2016-10-05 11:13 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-12 10:54 - 2016-10-05 11:13 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-12 10:54 - 2016-10-05 11:12 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-12 10:54 - 2016-10-05 11:09 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-12 10:54 - 2016-10-05 10:51 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-12 10:54 - 2016-10-05 10:38 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-10-12 10:54 - 2016-10-05 10:36 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 10:54 - 2016-10-05 10:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-12 10:54 - 2016-10-05 10:35 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-12 10:54 - 2016-10-05 10:33 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-12 10:54 - 2016-10-05 10:33 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-12 10:54 - 2016-10-05 10:33 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-12 10:54 - 2016-10-05 10:32 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-12 10:54 - 2016-10-05 10:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-12 10:54 - 2016-10-05 10:31 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-12 10:54 - 2016-10-05 10:31 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-12 10:54 - 2016-10-05 10:30 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-12 10:54 - 2016-10-05 10:29 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-12 10:54 - 2016-10-05 10:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-10-12 10:54 - 2016-10-05 10:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 10:54 - 2016-10-05 10:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-10-12 10:54 - 2016-10-05 10:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-10-12 10:54 - 2016-10-05 10:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-12 10:54 - 2016-10-05 10:25 - 01589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-12 10:54 - 2016-10-05 10:25 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-10-12 10:54 - 2016-10-05 10:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-10-12 10:54 - 2016-10-05 10:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-10-12 10:54 - 2016-10-05 10:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-10-12 10:54 - 2016-10-05 10:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-12 10:54 - 2016-10-05 10:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 10:54 - 2016-10-05 10:23 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-10-12 10:54 - 2016-10-05 10:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-12 10:54 - 2016-10-05 10:23 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-10-12 10:54 - 2016-10-05 10:23 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-12 10:54 - 2016-10-05 10:23 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-10-12 10:54 - 2016-10-05 10:21 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-10-12 10:54 - 2016-10-05 10:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-10-12 10:54 - 2016-10-05 10:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-10-12 10:54 - 2016-10-05 10:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 10:54 - 2016-10-05 10:19 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-12 10:54 - 2016-10-05 10:18 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-12 10:54 - 2016-10-05 10:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-10-12 10:54 - 2016-10-05 10:18 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 10:54 - 2016-10-05 10:17 - 08126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-12 10:54 - 2016-10-05 10:17 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-12 10:54 - 2016-10-05 10:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 10:54 - 2016-10-05 10:16 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-12 10:54 - 2016-10-05 10:15 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-12 10:54 - 2016-10-05 10:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-10-12 10:54 - 2016-10-05 10:14 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-10-12 10:54 - 2016-10-05 10:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 10:54 - 2016-10-05 10:12 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-12 10:54 - 2016-10-05 10:11 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-12 10:54 - 2016-10-05 10:11 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-10-12 10:54 - 2016-10-05 10:10 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-10-12 10:54 - 2016-10-05 10:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-10-12 10:54 - 2016-10-05 10:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 10:54 - 2016-10-05 10:08 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-10-12 10:54 - 2016-10-05 10:07 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 10:54 - 2016-10-05 10:07 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-10-12 10:54 - 2016-10-05 10:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-10-12 10:54 - 2016-10-05 10:07 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-10-12 10:54 - 2016-10-05 10:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-10-12 10:54 - 2016-10-05 10:05 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-10-12 10:54 - 2016-09-07 06:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-12 10:53 - 2016-10-05 11:35 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-12 10:53 - 2016-10-05 11:33 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 10:53 - 2016-10-05 11:31 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-12 10:53 - 2016-10-05 11:22 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-12 10:53 - 2016-10-05 11:16 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-12 10:53 - 2016-10-05 11:12 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-12 10:53 - 2016-10-05 11:09 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-12 10:53 - 2016-10-05 11:08 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-12 10:53 - 2016-10-05 11:03 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-10-12 10:53 - 2016-10-05 10:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-10-12 10:53 - 2016-10-05 10:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-10-12 10:53 - 2016-10-05 10:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-10-12 10:53 - 2016-10-05 10:46 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-10-12 10:53 - 2016-10-05 10:46 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-10-12 10:53 - 2016-10-05 10:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-12 10:53 - 2016-10-05 10:36 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-10-12 10:53 - 2016-10-05 10:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-12 10:53 - 2016-10-05 10:35 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-12 10:53 - 2016-10-05 10:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 10:53 - 2016-10-05 10:32 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-12 10:53 - 2016-10-05 10:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-12 10:53 - 2016-10-05 10:31 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-12 10:53 - 2016-10-05 10:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-12 10:53 - 2016-10-05 10:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-12 10:53 - 2016-10-05 10:31 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-12 10:53 - 2016-10-05 10:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-10-12 10:53 - 2016-10-05 10:29 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-12 10:53 - 2016-10-05 10:28 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-12 10:53 - 2016-10-05 10:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-10-12 10:53 - 2016-10-05 10:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-10-12 10:53 - 2016-10-05 10:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-10-12 10:53 - 2016-10-05 10:27 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-12 10:53 - 2016-10-05 10:27 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-12 10:53 - 2016-10-05 10:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 10:53 - 2016-10-05 10:23 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-12 10:53 - 2016-10-05 10:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 10:53 - 2016-10-05 10:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-10-12 10:53 - 2016-10-05 10:20 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-10-12 10:53 - 2016-10-05 10:18 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 10:53 - 2016-10-05 10:17 - 04136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-12 10:53 - 2016-10-05 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 10:53 - 2016-10-05 10:16 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-12 10:53 - 2016-10-05 10:16 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-12 10:53 - 2016-10-05 10:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 10:53 - 2016-10-05 10:15 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-12 10:53 - 2016-10-05 10:15 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-12 10:53 - 2016-10-05 10:15 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-12 10:53 - 2016-10-05 10:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 10:53 - 2016-10-05 10:14 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-10-12 10:53 - 2016-10-05 10:13 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-12 10:53 - 2016-10-05 10:12 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-10-12 10:53 - 2016-10-05 10:12 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-12 10:53 - 2016-10-05 10:11 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 10:53 - 2016-10-05 10:09 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-10-12 10:53 - 2016-10-05 10:08 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 10:53 - 2016-10-05 10:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-10-12 10:53 - 2016-10-05 10:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-10-12 10:53 - 2016-10-05 10:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-10-12 10:53 - 2016-10-05 10:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-12 10:53 - 2016-10-05 01:01 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-07 14:01 - 2016-09-25 00:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-07 13:06 - 2010-03-31 23:08 - 00000000 ____D C:\ProgramData\Apple
2016-11-07 12:58 - 2010-11-09 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2016-11-07 12:58 - 2010-11-09 21:27 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-11-07 12:52 - 2016-07-29 23:03 - 01424744 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-07 12:47 - 2016-09-25 01:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-07 12:47 - 2016-09-25 00:45 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-07 12:46 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-07 12:41 - 2015-11-13 14:38 - 00000000 ____D C:\AdwCleaner
2016-11-07 09:48 - 2016-05-09 16:34 - 00001028 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000UA.job
2016-11-07 09:48 - 2016-05-09 16:34 - 00000976 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000Core.job
2016-11-06 17:39 - 2016-09-25 01:28 - 00004152 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000UA
2016-11-06 17:39 - 2016-09-25 01:28 - 00003776 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000Core
2016-11-06 16:32 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-06 12:45 - 2016-08-15 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2016-11-05 17:30 - 2012-10-12 11:19 - 00017305 _____ C:\Users\jotrys\Desktop\TODO-BEDRIJF.txt
2016-11-05 15:49 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-03 14:03 - 2015-12-14 19:59 - 00000646 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3743678174-480702614-3700363307-1000.job
2016-11-03 14:03 - 2015-12-14 19:59 - 00000550 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3743678174-480702614-3700363307-1000.job
2016-11-02 20:29 - 2016-09-25 01:28 - 00003798 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3743678174-480702614-3700363307-1000
2016-11-02 20:29 - 2016-09-25 01:28 - 00003702 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3743678174-480702614-3700363307-1000
2016-11-02 13:36 - 2016-06-15 16:27 - 00002333 _____ C:\Users\jotrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blisk.lnk
2016-11-02 13:36 - 2016-06-15 16:27 - 00002325 _____ C:\Users\jotrys\Desktop\Blisk.lnk
2016-11-02 13:36 - 2016-06-15 16:27 - 00000000 ____D C:\Users\jotrys\AppData\Local\Blisk
2016-11-02 12:38 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-10-31 09:51 - 2016-04-27 07:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-31 09:50 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-31 09:49 - 2016-09-25 00:41 - 02332840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-30 19:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-30 19:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-30 19:41 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-30 19:40 - 2016-07-16 12:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-10-30 19:40 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-30 19:28 - 2010-03-23 21:48 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\vlc
2016-10-30 11:35 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-29 16:16 - 2015-09-01 17:15 - 00191488 _____ C:\Users\jotrys\Desktop\dag-geld2-2015.xls
2016-10-29 11:54 - 2012-05-03 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-28 16:40 - 2012-09-30 11:51 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\Dropbox
2016-10-28 11:18 - 2016-02-23 05:33 - 00100313 ____H C:\Users\jotrys\AppData\Local\IconCache.db.backup
2016-10-27 15:20 - 2010-07-22 00:51 - 00000000 ____D C:\Users\jotrys\AppData\Local\Google
2016-10-27 09:54 - 2016-09-09 09:49 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-27 09:54 - 2016-09-09 09:49 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-25 19:03 - 2016-09-25 00:49 - 00000000 ____D C:\Users\jotrys
2016-10-25 16:31 - 2011-04-24 22:29 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\Skype
2016-10-25 00:30 - 2016-07-16 12:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-25 00:30 - 2016-07-16 12:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-24 15:17 - 2011-04-24 22:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-20 13:53 - 2010-04-29 10:49 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\FileZilla
2016-10-20 12:17 - 2010-04-29 10:55 - 00000000 ____D C:\Users\jotrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-10-20 12:17 - 2010-04-29 10:49 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2016-10-15 10:01 - 2009-07-29 07:03 - 00389400 __RSH C:\bootmgr
2016-10-12 16:54 - 2015-09-10 18:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-12 16:49 - 2013-11-24 20:22 - 00000000 ____D C:\ProgramData\AVAST Software
2016-10-12 16:49 - 2013-03-15 19:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-12 16:49 - 2013-03-15 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-12 16:45 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-12 16:45 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-12 16:45 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-12 16:45 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-12 16:45 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-12 11:57 - 2013-08-15 11:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-12 11:41 - 2013-03-15 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-12 11:41 - 2010-03-26 15:57 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-12 10:42 - 2016-07-16 12:43 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2016-10-12 10:42 - 2016-07-16 12:42 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
 
==================== Files in the root of some directories =======
 
2013-11-18 14:13 - 2013-11-18 14:13 - 12788736 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-08-26 14:36 - 2015-08-26 14:36 - 0000088 _____ () C:\Users\jotrys\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2015-08-26 14:36 - 2015-08-26 14:36 - 0000088 _____ () C:\Users\jotrys\AppData\Roaming\.c79792229cdae4d8fe4e261fc4d6976b.key
2013-09-18 21:15 - 2014-08-18 08:53 - 0099384 _____ () C:\Users\jotrys\AppData\Roaming\inst.exe
2013-05-13 15:47 - 2013-06-14 12:53 - 0000248 _____ () C:\Users\jotrys\AppData\Roaming\ltpReg.txt
2013-09-18 21:15 - 2014-08-18 08:53 - 0007859 _____ () C:\Users\jotrys\AppData\Roaming\pcouffin.cat
2013-09-18 21:15 - 2014-08-18 08:53 - 0001167 _____ () C:\Users\jotrys\AppData\Roaming\pcouffin.inf
2013-09-18 21:15 - 2014-08-18 08:53 - 0000055 _____ () C:\Users\jotrys\AppData\Roaming\pcouffin.log
2013-09-18 21:15 - 2014-08-18 08:53 - 0082816 _____ (VSO Software) C:\Users\jotrys\AppData\Roaming\pcouffin.sys
2015-08-26 14:36 - 2015-08-26 14:41 - 0000236 _____ () C:\Users\jotrys\AppData\Roaming\RO39-2M3Q
2016-03-07 11:12 - 2016-03-07 11:12 - 0000000 ____H () C:\Users\jotrys\AppData\Local\BIT7BF2.tmp
2010-04-01 20:54 - 2014-11-21 00:00 - 0005632 _____ () C:\Users\jotrys\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-11-03 16:38 - 2010-11-03 16:38 - 0000036 _____ () C:\Users\jotrys\AppData\Local\housecall.guid.cache
2014-02-11 23:06 - 2016-09-21 09:51 - 0000600 _____ () C:\Users\jotrys\AppData\Local\PUTTY.RND
2016-09-12 21:18 - 2016-09-12 21:18 - 0006854 _____ () C:\Users\jotrys\AppData\Local\recently-used.xbel
2010-10-19 17:35 - 2014-11-01 17:39 - 0007601 _____ () C:\Users\jotrys\AppData\Local\Resmon.ResmonCfg
2011-04-20 14:30 - 2011-04-20 14:30 - 0000003 _____ () C:\Users\jotrys\AppData\Local\updater.log
2011-04-20 14:30 - 2014-10-08 21:03 - 0002070 _____ () C:\Users\jotrys\AppData\Local\UserProducts.xml
2015-03-07 18:12 - 2015-03-07 18:12 - 0000000 _____ () C:\Users\jotrys\AppData\Local\{69E7D081-2E1C-4743-8DBF-51A89863BDF1}
2015-02-22 13:59 - 2015-02-22 13:59 - 0000000 _____ () C:\Users\jotrys\AppData\Local\{88B5EFF8-0D2F-4E76-8423-1460E2CA6F40}
2016-03-07 11:11 - 2016-03-07 11:11 - 0000000 _____ () C:\Users\jotrys\AppData\Local\{A5D4F08B-2F21-455E-BB08-07E2EF410CCA}
2011-06-12 07:14 - 2011-06-12 07:14 - 0000000 _____ () C:\Users\jotrys\AppData\Local\{DB59EC10-3FAE-4D7C-B4B5-8630AC863141}
2011-04-24 22:31 - 2011-04-24 22:31 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2010-02-21 15:02 - 2009-09-10 18:06 - 0131368 _____ () C:\ProgramData\FullRemove.exe
2010-05-30 15:31 - 2011-06-27 14:35 - 0000411 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2011-06-02 02:11 - 2012-06-22 18:25 - 0001534 _____ () C:\ProgramData\ss.ini
2011-11-14 16:02 - 2011-10-25 13:18 - 2701696 _____ (mquadr.at software engineering und consulting GmbH) C:\ProgramData\UpdateKPNAssistent.exe
2010-02-21 14:41 - 2010-02-21 14:42 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2010-02-21 14:50 - 2010-02-21 14:50 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2010-02-21 14:40 - 2010-02-21 14:41 - 0000106 _____ () C:\ProgramData\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}.log
2010-02-21 14:49 - 2010-02-21 14:50 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-02-21 14:39 - 2010-02-21 14:40 - 0000115 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
 
Files to move or delete:
====================
C:\ProgramData\UpdateKPNAssistent.exe
 
 
Some files in TEMP:
====================
C:\Users\jotrys\AppData\Local\Temp\libeay32.dll
C:\Users\jotrys\AppData\Local\Temp\msvcr120.dll
C:\Users\jotrys\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-05 16:52
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by jotrys (07-11-2016 14:43:57)
Running from D:\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-25 00:31:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3743678174-480702614-3700363307-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3743678174-480702614-3700363307-503 - Limited - Disabled)
Guest (S-1-5-21-3743678174-480702614-3700363307-501 - Limited - Disabled)
jotrys (S-1-5-21-3743678174-480702614-3700363307-1000 - Administrator - Enabled) => C:\Users\jotrys
UpdatusUser (S-1-5-21-3743678174-480702614-3700363307-1004 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Aangifte inkomstenbelasting voor ondernemers 2010 (HKLM-x32\...\Aangifte inkomstenbelasting voor ondernemers 2010) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting voor ondernemers 2011 (HKLM-x32\...\Aangifte inkomstenbelasting voor ondernemers 2011) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting voor ondernemers 2012 (HKLM-x32\...\Aangifte inkomstenbelasting voor ondernemers 2012) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting voor ondernemers 2013 (HKLM-x32\...\Aangifte inkomstenbelasting voor ondernemers 2013) (Version:  - Belastingdienst)
Aangifte inkomstenbelasting voor ondernemers 2014 (HKLM-x32\...\Aangifte inkomstenbelasting voor ondernemers 2014) (Version:  - Belastingdienst)
Activation Assistant for the 2007 Microsoft Office suites (HKLM-x32\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (x32 Version: 1.0 - Microsoft Corporation) Hidden
Adobe Creative Suite 3 Design Premium toevoegen of verwijderen (HKLM-x32\...\Adobe_4f447996d55a2562c006714721fae31) (Version: 1.0 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{6B622BD1-9FBD-11E6-A7CB-480FCF5D6515}) (Version: 11.6.3.0 - Google)
AHV content for Acrobat and Flash (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.27 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3301 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.3301 - CyberLink Corp.) Hidden
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{ee247a19-722f-4096-884b-47ec3b7ec396}) (Version: 1.2.73.15322 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.73.15322 - Avira Operations GmbH & Co. KG) Hidden
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AVStoDVD 2.7.5 (HKLM-x32\...\AVStoDVD) (Version: 2.7.5 - MrC)
Blisk (HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\Blisk) (Version: 1.0.125.166 - Blisk)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brackets (HKLM-x32\...\{EF4E49D9-63EF-4BD4-BAD0-2234C79970D3}) (Version: 1.7 - brackets.io)
calibre (HKLM-x32\...\{04DA2FBD-B750-4070-90DE-D387DAC13C71}) (Version: 1.21.0 - Kovid Goyal)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Chrome Embedded Browser version 3.1547.32 (HKLM\...\Chrome Embedded Browser_is1) (Version: 3.1547.32 - NuSphere Corp.)
ChromecastApp (HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
ClPhpEd(remove only) (HKLM-x32\...\ClPhpEd) (Version:  - )
ComicRack v0.9.178 (HKLM\...\ComicRack) (Version: v0.9.178 - cYo Soft)
CPU Thermometer (HKLM-x32\...\{06EA836D-C7AD-42A0-9C17-47BCDE7E015B}_is1) (Version:  - cputhermometer.com)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.16.02 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.16.02 - Creative Technology Ltd.) Hidden
Creative Removable Disk Manager (HKLM-x32\...\Creative Removable Disk Manager) (Version:  - )
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
Creative ZEN Mozaic User's Guide (HKLM-x32\...\ZENMozaicUG) (Version:  - Creative Technology Ltd.)
CSE HTML Validator Lite v14.03 (HKLM-x32\...\CSEHTMLVALIDATORLITE140_is1) (Version: 14.3.0.1 - AI Internet Solutions LLC)
Decrap my Computer (HKLM-x32\...\Decrap my Computer) (Version:  - Macecraft Software)
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version:  - Softland)
Dropbox (HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
ETDWare PS/2-X64 8.0.7.0_WHQL (HKLM\...\Elantech) (Version: 8.0.7.0 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.4 - ASUS)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
FileLocator Pro x64 (HKLM\...\{25310358-2D39-49AD-B7F4-30DD81848B43}) (Version: 6.0.1236.1 - Mythicsoft Ltd)
FileZilla Client 3.22.1 (HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\FileZilla Client) (Version: 3.22.1 - Tim Kosse)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.143.923 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
Free PDF to Word Converter 1.5 (HKLM-x32\...\Free PDF to Word Converter_is1) (Version:  - Free-PDF-to-Word.com)
FreeRIP Toolbar v4.6 (HKLM-x32\...\{398B3CD3-316F-4a9e-A322-28D40D99F736}) (Version: 4.6 - Spigot, Inc.) <==== ATTENTION
FreeUndelete 2.1.36867.1 (HKLM-x32\...\{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}) (Version: 2.1.36867.1 - Recoveronix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Chrome Canary (HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\Google Chrome SxS) (Version: 56.0.2907.0 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
GrabIt 1.7.2 Beta 3 (build 996) (HKLM-x32\...\GrabIt_is1) (Version:  - Ilan Shemes)
Greenfish Icon Editor Pro 2.1 (HKLM-x32\...\{27135B83-5AFF-42A3-BCEB-E689BE9E2090}_is1) (Version:  - Greenfish Corporation)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
HashTab 3.0.0 (HKLM\...\HashTab) (Version: 3.0.0 - Cody Batt)
HEADMasterSEO 1.08 (HKLM\...\HEADMasterSEO_is1) (Version:  - X3M Consulting Ltd)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.6.201 - SurfRight B.V.)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
iBBDemo2 (HKLM-x32\...\iBBDemo2) (Version: 2.0 Beta 2 - Blackbaud, Inc.)
iBBDemo2 (x32 Version: 2.0.2 - Blackbaud, Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.7 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.115.11 - Intel)
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
iPad File Explorer 2.10 (HKLM-x32\...\{35EF5571-957E-4C0A-A34D-0E4BF14B563C}_is1) (Version:  - easypadApps, LLC)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
JetBrains PhpStorm 2016.1.2 (HKLM-x32\...\PhpStorm 2016.1.2) (Version: 145.1616.3 - JetBrains s.r.o.)
Kits Configuration Installer (x32 Version: 10.1.10586.15 - Microsoft) Hidden
KPN Assistent (HKLM-x32\...\KPN Assistent) (Version: 1.1.0.46 - KPN)
KPN Assistent (x32 Version: 1.1.0.46 - KPN) Hidden
KPN Installatie Assistent (HKLM-x32\...\KPN Installatie Assistent) (Version: 1.1.1.120 - KPN)
KPN Installatie Assistent (x32 Version: 1.1.1.120 - KPN) Hidden
Lightshot-5.1.4.17 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.4.17 - Skillbrains)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MediaInfo 0.7.67 (HKLM\...\MediaInfo) (Version: 0.7.67 - MediaArea.net)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{BA62A9E2-7BB4-4D4A-8C5F-CC03C35491BD}) (Version: 4.6.00079 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{6C8591F8-C4FC-4A64-9E21-7F35F1D51D09}) (Version: 4.6.00079 - Microsoft Corporation)
Microsoft Filter Pack 2.0 (HKLM\...\{95140000-2000-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95120000-0120-0409-0000-0000000FF1CE}) (Version: 12.0.6414.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Web Platform Installer 4.0 (HKLM\...\{39960E10-3FF7-46BB-A92D-8076C67ABF60}) (Version: 4.0.1692 - Microsoft Corporation)
Microsoft Windows Performance Toolkit (HKLM\...\{E7F9E526-2324-437B-A609-E8C5309465CB}) (Version: 4.8.0 - Microsoft Corporation)
Microsoft Windows SDK for Windows 7 (7.1) (HKLM\...\SDKSetup_7.1.7600.0.30514) (Version: 7.1.7600.0.30514 - Microsoft Corporation)
MKVToolNix 5.7.0 (HKLM-x32\...\MKVToolNix) (Version: 5.7.0 - Moritz Bunkus)
Mnemosyne 2.2.1 (HKLM-x32\...\Mnemosyne_is1) (Version:  - )
Mozilla Embedded Browser version 26.0.0 (HKLM\...\Mozilla Embedded Browser_is1) (Version: 26.0.0 - NuSphere Corp.)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MultiCommander (HKLM\...\MultiCommander) (Version:  - )
NAPS2 5.3.0 (HKLM-x32\...\NAPS2 (Not Another PDF Scanner 2)_is1) (Version:  - Ben Olden-Cooligan)
NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.17.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.17.0 - NEC Electronics Corporation) Hidden
Network Recording Player (HKLM-x32\...\{2AC49604-8A5B-45A4-B7ED-10BC1E5106A3}) (Version: 2.29.3212 - Cisco WebEx LLC)
Node.js (HKLM\...\{B5FEC613-8EBC-43C3-A232-693D96E07CCF}) (Version: 4.5.0 - Node.js Foundation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )
NuSphere PhpED version 17.0 (HKLM\...\NuSphere PhpED_is1) (Version: 17.0 - NuSphere Corp.)
NVIDIA 3D Vision Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NzbMagic (HKLM-x32\...\NzbMagic) (Version:  - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
Pencil (HKLM-x32\...\Pencil) (Version:  - Evolus Co., Ltd.)
Php Documentor version 2.0 for NuSphere PhpED (HKLM-x32\...\PHP Documentor_is1) (Version: 17.0 - NuSphere Corp.)
php-5.2.17 for NuSphere PhpED (HKLM-x32\...\PHP5_is1) (Version: 17.0 - NuSphere Corp.)
php-5.6.20 x64 for NuSphere PhpED (HKLM\...\PHP56x64_is1) (Version: 17.0 - NuSphere Corp.)
php-7.0.5 x64 for NuSphere PhpED (HKLM\...\PHP70x64_is1) (Version: 17.0 - NuSphere Corp.)
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.4 - Vaclav Slavik)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.6 - Power Software Ltd)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rainlendar2 (remove only) (HKLM-x32\...\Rainlendar2) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6000 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
ResophNotes (HKLM-x32\...\{92F8DFD1-2EE7-4316-BBD9-74E51E3D3BD2}) (Version: 1.0.1 - C.Y.Yen)
Revo Uninstaller 2.0.1 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.1 - VS Revo Group, Ltd.)
SABnzbd 0.7.0 (HKLM-x32\...\SABnzbd) (Version: 0.7.0 - The SABnzbd Team)
Samsung Auto Backup (HKLM-x32\...\{821D6F49-1B20-4809-8C73-286CFC52B1B1}) (Version: 4.1.371.0 - Clarus)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung ML-1865W Series (HKLM-x32\...\Samsung ML-1865W Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 5.1 - Screaming Frog Ltd)
SDK Debuggers (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
SEO PowerSuite (HKLM-x32\...\seopowersuite) (Version:  - SEO PowerSuite)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{DF6DC2FB-6783-4340-8B98-401CB656AD3A}) (Version: 7.26.0.48 - Skype Technologies S.A.)
Skype™ 7.28 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.28.101 - Skype Technologies S.A.)
Smartflix (HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\smartflix) (Version: 1.3.1 - Smartflix)
Spotnet (HKLM-x32\...\{12947715-B6F0-4597-816F-5E13FB647921}_is1) (Version: 1.8.1 - Spotnet)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
Stardock Fences 3 (HKLM-x32\...\Stardock Fences 3) (Version: 3.03 - Stardock Software, Inc.)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.29.0 - ASUS)
WinMerge 2.12.4 (HKLM-x32\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.12 - ASUS)
WordPress.com (HKLM-x32\...\WordPress.com) (Version:  - Automattic, Inc.)
WPT Redistributables (x32 Version: 10.1.10586.15 - Microsoft) Hidden
WPTx64 (x32 Version: 10.1.10586.15 - Microsoft) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.15-1 - Bitnami)
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jotrys\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\5174\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{BB384F15-7676-403E-B797-1F9D935525A3}\InprocServer32 -> C:\Users\jotrys\AppData\Local\SkypePlugin\7.26.0.48\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\jotrys\AppData\Local\SkypePlugin\7.26.0.48\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{EE77E2C8-7CCF-4449-AC4D-C885C28FAEA2}\localserver32 -> C:\Users\jotrys\AppData\Local\SkypePlugin\7.26.0.48\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\jotrys\AppData\Roaming\Dropbox\bin\DropboxExt64.1.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {03FBDEA1-BA25-4B8B-A2AD-11E48D29D7BC} - System32\Tasks\{7E2D6D9E-45A7-4386-94B3-591C993E5422} => pcalua.exe -a "D:\My Documents\2-HOWTO &amp; INFO\1-INFO INFO INFO\MY-PRODUCTS\Canon CanoScan LIDE 50\driver LIDE 60\lide60vst6411111a_64en\SetupSG.exe" -d "D:\My Documents\2-HOWTO &amp; INFO\1-INFO INFO INFO\MY-PRODUCTS\Canon CanoScan LIDE 50\driver LIDE 60\lide60vst6411111a_64en"
Task: {04C54137-B86A-48E5-AD10-8B1C4B29055C} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2009-09-16] ()
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {0EB2F6CE-77CC-4C5F-B3F2-809952D44CF2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {14401ED7-86C9-415B-92DE-CB6AAF53D603} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19453B41-429D-4DFA-AC1E-22672EFD826F} - System32\Tasks\{5558072D-6D62-4FD2-816E-68C32D06B90D} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2016-09-12] (Skype Technologies S.A.)
Task: {1AF5C75C-6CAD-4487-8FC6-29A7BCDEFE0D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {26F82C39-6F78-4FF4-9C28-D6C7A744FBAA} - System32\Tasks\{7225FF50-D35D-424A-ACDD-5351A5785067} => pcalua.exe -a C:\Users\jotrys\Downloads\CopyTransDriversInstallerv1.007\CopyTransDriversInstaller.exe -d C:\Users\jotrys\Downloads\CopyTransDriversInstallerv1.007
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2CE29EC4-B44B-41BB-869E-2483FE2CF70E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {32B46D76-71F0-4643-BA3C-C24E1D60B00F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3E8E2966-FE58-4E91-94BC-1B7D709C51F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {49AEF855-DED5-4F12-A3F7-F099CC67E6A2} - System32\Tasks\GoogleUpdateTaskMachineCore1d20a76f3e146f3 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {4C1F6986-2CE6-47C0-A32C-DC1EF67DF000} - System32\Tasks\{D8994DD2-1663-442F-8F13-791593E6EFEC} => pcalua.exe -a C:\Users\jotrys\Downloads\SetupSG.exe -d C:\Users\jotrys\Downloads
Task: {57A66669-652C-4C9B-9A0D-DC45B5928BC3} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000UA => C:\Users\jotrys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-09] (Dropbox, Inc.)
Task: {599B389B-2C3A-426D-8753-8E7AFE0C419E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {601CF52B-CEC7-4D15-B05E-02B2AE8148CF} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000Core => C:\Users\jotrys\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-05-09] (Dropbox, Inc.)
Task: {6EEDA092-80EE-411D-8E67-5EB30DC971CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7E11B39E-265C-4714-A0D2-3A76E66B0C91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000Core => C:\Users\jotrys\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {94852421-5A3A-40F8-8C2D-DE13C5054607} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {9D7BB841-B765-4116-AD45-87E61827EA76} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {A143D79D-EE15-4E7D-A144-1F98B1CEC872} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-09] (Google Inc.)
Task: {A219AFE6-644B-4A0E-936A-ADAC4EE8E9E9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B6ACD979-2896-48F3-AB3B-A9BB825A0E75} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000UA => C:\Users\jotrys\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {C38E65E4-4B64-42F2-995A-F72F45DCC3ED} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-05-21] ()
Task: {C3BBDCBC-DD99-4A95-B8B1-CDF3213E4653} - System32\Tasks\{11E3C386-69C3-43A9-8C7E-42FC7D257EEF} => pcalua.exe -a C:\Users\jotrys\Downloads\upd-PCL6-X64-5_2_0_8874.exe -d C:\Users\jotrys\Downloads
Task: {C4348BEF-C9BA-444A-A22F-0799D25851C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - no filepath
Task: {D9336D48-C67C-42AE-8998-07571FB67D0F} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {DDB5A136-323F-4318-AE27-6882A2D138A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E0BACB9C-8584-4C70-9D66-F8EC39F6A7CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E33DAAFB-12A8-4C60-B832-D5E4C5D05635} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E7C6D422-6916-4281-92DA-68D87A55DFFC} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EC3A4290-CAD2-4A7A-89E2-EE9C5BC64326} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2009-12-24] (ATK)
Task: {EDEC1836-35C4-45D3-AE9F-A8C044815E30} - System32\Tasks\G2MUploadTask-S-1-5-21-3743678174-480702614-3700363307-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F7C2499C-EF9B-4DB0-AD4E-2C39EBE65CC3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-16] (AVAST Software)
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FD50432F-D9A5-48DC-89B3-A83975828B84} - System32\Tasks\G2MUpdateTask-S-1-5-21-3743678174-480702614-3700363307-1000 => C:\Program Files (x86)\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-02] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000Core.job => C:\Users\jotrys\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000UA.job => C:\Users\jotrys\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3743678174-480702614-3700363307-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3743678174-480702614-3700363307-1000.job => C:\Program Files (x86)\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d20a76f3e146f3.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000Core.job => C:\Users\jotrys\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3743678174-480702614-3700363307-1000UA.job => C:\Users\jotrys\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\jotrys\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files\nodejs\nodevars.bat"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 10:10 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-25 00:45 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-06-17 07:49 - 2011-06-17 07:49 - 00034304 _____ () C:\WINDOWS\System32\ssp8ml6.dll
2016-09-30 10:10 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-03 15:57 - 2016-10-03 15:57 - 00052400 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-05-01 18:12 - 2012-10-16 17:23 - 00168448 _____ () D:\Downloads\7plus V.2.5.0 X64 Binary\ShellExtension.dll
2016-09-25 01:39 - 2016-09-25 01:39 - 00959168 _____ () C:\Users\jotrys\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-09-25 10:33 - 2016-09-25 10:33 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-12 10:53 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-11-05 15:40 - 2016-11-05 15:40 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-05 15:40 - 2016-11-05 15:40 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-05 15:40 - 2016-11-05 15:40 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2010-08-03 06:46 - 2011-06-17 07:49 - 00826880 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\ssp8mdu.dll
2016-10-28 10:50 - 2016-10-15 04:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-28 10:50 - 2016-10-15 04:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-28 10:50 - 2016-10-15 04:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-28 10:50 - 2016-10-15 04:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-28 10:50 - 2016-10-15 04:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2010-08-15 19:34 - 2010-08-15 19:34 - 00204800 _____ () C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll
2011-07-18 22:07 - 2011-07-18 22:07 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll
2011-09-21 21:46 - 2016-04-05 14:01 - 02873856 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll
2007-08-05 02:10 - 2007-08-05 02:10 - 00250368 _____ () C:\Program Files (x86)\Notepad++\plugins\Config\tidy\libTidy.dll
2016-09-25 01:36 - 2016-09-25 01:36 - 00679624 _____ () C:\Users\jotrys\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\123simsen.com -> www.123simsen.com
 
There are 7660 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-05-07 18:29 - 2016-09-26 21:52 - 00001288 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost127.0.0.1       theme.nl127.0.0.1 www.tuts.dev
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3743678174-480702614-3700363307-1000\Control Panel\Desktop\\Wallpaper -> D:\My Pictures\windows 10 wallpaper\windows_10_by_randydorney-d814zqq.jpg
HKU\S-1-5-21-3743678174-480702614-3700363307-1004\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^jotrys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk => C:\Windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup
MSCONFIG\startupfolder: C:^Users^jotrys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Guage.lnk => C:\Windows\pss\Samsung Auto Backup Guage.lnk.Startup
MSCONFIG\startupfolder: C:^Users^jotrys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Real-Time Daemon.lnk => C:\Windows\pss\Samsung Auto Backup Real-Time Daemon.lnk.Startup
MSCONFIG\startupfolder: C:^Users^jotrys^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Auto Backup Scheduler.lnk => C:\Windows\pss\Samsung Auto Backup Scheduler.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AmIcoSinglun64 => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ATKMEDIA => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
MSCONFIG\startupreg: ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EeeStorageBackup => C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe MySyncFolder
MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: ETDWare => C:\Program Files\Elantech\ETDCtrl.exe
MSCONFIG\startupreg: Google Update => "C:\Users\jotrys\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HControlUser => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass2\KeePass.exe" --preload
MSCONFIG\startupreg: KPN Assistent => C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe /auto
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UpdateP2GoShortCut => "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-3743678174-480702614-3700363307-1000\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{25B48746-F1BE-4BAA-A020-EE3FE4787786}] => (Allow) LPort=443
FirewallRules: [{6E1531C3-BDB5-40B4-BE30-AB98901A61F0}] => (Allow) LPort=80
FirewallRules: [{6E1DA8D3-CA8B-4EB4-9102-4A9FB40AE275}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{2625048D-CFD1-4D3B-920A-ADD86FFAD946}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [UDP Query User{1F2ABBF3-A53E-4A55-A01A-4A9BB9C4B7E6}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
FirewallRules: [TCP Query User{3195123B-151B-4D2F-9C2E-63988046F46E}C:\program files (x86)\brackets\node.exe] => (Allow) C:\program files (x86)\brackets\node.exe
FirewallRules: [UDP Query User{125711EF-B51C-4FDC-B39F-63A59064F5E8}C:\program files\comicracknew\comicrack.exe] => (Allow) C:\program files\comicracknew\comicrack.exe
FirewallRules: [TCP Query User{2687AD24-BA72-44DA-AAB9-AC481558D06E}C:\program files\comicracknew\comicrack.exe] => (Allow) C:\program files\comicracknew\comicrack.exe
FirewallRules: [{A06A27EF-A939-4B2A-9D57-1F28B937B61A}] => (Allow) svchost.exe
FirewallRules: [TCP Query User{AA005651-6E0E-441A-8996-D47C4A03667E}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{22B53358-4293-4FF3-BD7E-451AEC95AE94}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{ED8EAFB5-9E40-45DD-AB4C-9592A56FC463}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{BF81A89F-5D98-4D3D-BCEE-95B69C8F68CD}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{7BEB681B-027B-4D29-A7DF-6C92E9A1D538}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{527F9AAC-E1CC-44B1-AF5A-D0559E3DDB1F}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{255CCE14-0C1D-49A0-AEA2-5D4771BF5865}C:\program files (x86)\martview\ieembed.exe] => (Allow) C:\program files (x86)\martview\ieembed.exe
FirewallRules: [UDP Query User{D01C0CD2-2E92-4465-A49A-04F69012B125}C:\program files (x86)\martview\ieembed.exe] => (Allow) C:\program files (x86)\martview\ieembed.exe
FirewallRules: [{A2750372-5B31-4E7E-91B5-5F20C5C86460}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{597E9BBA-2583-4246-A61B-81B80625C927}] => (Allow) C:\Program Files\Soluto\Soluto.exe
FirewallRules: [{16FFDFF5-C154-4834-8880-EC9EA5745EBB}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{E4A1F7B3-4A8B-40BB-B0FE-9FE8DB793CFF}] => (Allow) C:\Program Files\Soluto\SolutoService.exe
FirewallRules: [{11401689-DD59-4D4D-8E0D-28A2CF5A88B0}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{5C26F6EC-6CDA-4C36-B3ED-C56C999DBD36}] => (Allow) C:\Program Files\Soluto\SolutoConsole.exe
FirewallRules: [{74D23F85-8E55-46A2-964F-7CC65DFC700D}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [{28F2ED51-E62C-4B00-B6DC-147F484BC56D}] => (Allow) C:\Program Files\Soluto\SolutoUpdateService.exe
FirewallRules: [TCP Query User{8A044DDA-CBEC-416A-AF4A-CAFF9396CB5C}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{5C05BBA6-8841-44A8-89AF-3248BE51D369}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{A6B0F4A3-E704-4044-873A-33E72D35117A}C:\program files (x86)\snelstart\v900\snelstart.exe] => (Allow) C:\program files (x86)\snelstart\v900\snelstart.exe
FirewallRules: [UDP Query User{B37DEA27-0479-4793-80FD-EDE0B8BB2EBB}C:\program files (x86)\snelstart\v900\snelstart.exe] => (Allow) C:\program files (x86)\snelstart\v900\snelstart.exe
FirewallRules: [TCP Query User{200C6222-5D12-4C58-AA8E-BAAE09382A98}C:\program files (x86)\spotify\spotify.exe] => (Block) C:\program files (x86)\spotify\spotify.exe
FirewallRules: [UDP Query User{B14CC709-7241-41B8-9A6D-2650E1CE4BEB}C:\program files (x86)\spotify\spotify.exe] => (Block) C:\program files (x86)\spotify\spotify.exe
FirewallRules: [TCP Query User{F216D298-9EAB-45B2-8803-B258E641AA04}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [UDP Query User{FC654BEE-CD3D-43C9-BE2A-B1C2CDCE876A}C:\windows\splwow64.exe] => (Allow) C:\windows\splwow64.exe
FirewallRules: [TCP Query User{0223D085-CC65-4510-AFC4-EFAE5C8C9BDD}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{F6DEA0E9-A8A5-4ACF-8F30-F8C99860B61D}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{E697EDF6-4FDA-47B1-A7EC-1FFBDC8A305F}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{A9AB0E17-72F7-4627-8F6D-EF4282269ABB}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{6F88D675-E2EC-4B17-A554-E1D1584EF0C8}C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe] => (Allow) C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe
FirewallRules: [UDP Query User{F10F594C-4EE1-4C0F-AFB8-5AC9AC96B9AA}C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe] => (Allow) C:\program files (x86)\netbeans 6.9.1\bin\netbeans.exe
FirewallRules: [{9449F17A-3D8B-4109-9555-E6D68092B47A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{22494CF2-F0EB-4BB1-B48B-D9C23D6C826B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6125C141-FFD7-4385-90AA-A133CBD81C17}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{26AD38E3-76D3-4680-B2D7-D9E1EDA6517F}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{1B8C7F4A-8913-4DC1-B7B7-89A8FAC0DDED}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{B57A1899-1EE9-4824-87CE-07FF958E8DD5}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [{37AB4715-E529-4DC8-B9C4-102D7C9A1ECA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3C82F94D-1957-4B1A-9ABF-7C3A3BF26CD6}C:\program files (x86)\spotify\spotify.exe] => (Allow) C:\program files (x86)\spotify\spotify.exe
FirewallRules: [UDP Query User{501A0C08-E8C5-4AE1-AE22-111EB57DCA2D}C:\program files (x86)\spotify\spotify.exe] => (Allow) C:\program files (x86)\spotify\spotify.exe
FirewallRules: [TCP Query User{6788AADD-5068-4A85-9220-176BD07A5DA7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{63CCD784-D71D-449E-A316-BB50B0084691}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{FF880AFD-BE2B-499B-858D-90DA0ECA8721}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{862857B3-EF4D-4342-A62E-BFA273982328}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7A2F8D6E-58DC-4E41-83DA-85171B6E3206}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5A91B59-C921-4F52-88F7-A5702F5E2E69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{E76E8B10-1635-4D12-AA56-B5F5D716F948}C:\xampp\filezillaftp\filezilla server.exe] => (Block) C:\xampp\filezillaftp\filezilla server.exe
FirewallRules: [UDP Query User{243BFAC0-DE91-4C65-90A1-B4B8DCA28579}C:\xampp\filezillaftp\filezilla server.exe] => (Block) C:\xampp\filezillaftp\filezilla server.exe
FirewallRules: [TCP Query User{5C48C453-B496-4024-933B-8B524CE83B9E}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [UDP Query User{8A454449-B852-4E93-8366-7C388F8F3EA1}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [TCP Query User{0FE28032-4DCD-4631-B897-56C1C037B2D2}C:\users\jotrys\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jotrys\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E44AD7A7-7355-428E-90B4-B31036CF2A43}C:\users\jotrys\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\jotrys\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{CA646EEB-4E94-4CE4-A4E6-B306E99D2284}C:\program files (x86)\martview\ieembed.exe] => (Block) C:\program files (x86)\martview\ieembed.exe
FirewallRules: [UDP Query User{4626D851-166F-4068-8EE4-69C5F0354EFA}C:\program files (x86)\martview\ieembed.exe] => (Block) C:\program files (x86)\martview\ieembed.exe
FirewallRules: [{4B24AB64-1C4D-4131-95EC-2E58F2F1B022}] => (Allow) C:\Users\jotrys\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5C3D41C8-10FF-4211-AB62-EAA804EBDAB5}] => (Allow) C:\Users\jotrys\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{710A709E-19C3-4C10-8AB0-1D0805DA79A0}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{B640B9E3-152B-443A-A9BC-B3BE26BC641E}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [TCP Query User{665FA04D-4420-4DF1-B7C7-216F41817F5B}C:\users\jotrys\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jotrys\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2DC18C2E-347B-40D9-952B-A5344E39C9A7}C:\users\jotrys\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\jotrys\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{C70BBB37-30A2-40CD-94BB-53753F14D460}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{DF3314C8-66E4-4CC7-A7F1-C151CB99EE3A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8EE73387-AC03-440A-A238-FA8756C74729}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A6D049F8-72CC-4CE6-9FDC-25334D1B46C2}C:\xampplite\apache\bin\httpd.exe] => (Allow) C:\xampplite\apache\bin\httpd.exe
FirewallRules: [UDP Query User{0BD5FBC8-974B-4A84-A35E-83C082BA7192}C:\xampplite\apache\bin\httpd.exe] => (Allow) C:\xampplite\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BCB3BB2E-977D-4C94-B964-7737FC644970}C:\xampplite\mysql\bin\mysqld.exe] => (Allow) C:\xampplite\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{7E7B0C9D-CAF7-4BB0-8FF5-5B9A26C987FE}C:\xampplite\mysql\bin\mysqld.exe] => (Allow) C:\xampplite\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{C6EFEFE7-C75E-4A33-8411-5903FDBFE3FB}C:\users\jotrys\appdata\local\winnerdm\wdm.bin] => (Block) C:\users\jotrys\appdata\local\winnerdm\wdm.bin
FirewallRules: [UDP Query User{AC519E9C-5E70-4668-A912-89F27C50A2A9}C:\users\jotrys\appdata\local\winnerdm\wdm.bin] => (Block) C:\users\jotrys\appdata\local\winnerdm\wdm.bin
FirewallRules: [TCP Query User{EF646B47-C245-41AC-A8C5-A949218A5937}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{676F97FE-FA1F-483B-B113-924ED0424B31}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [{F3CE369D-3AA6-4665-B7F3-088C98643DBC}] => (Allow) C:\Users\jotrys\.vagrant.d\gems\gems\vagrant-winnfsd-1.0.11\bin\winnfsd.exe
FirewallRules: [{A9964D4E-9375-435D-A88F-9E29DF853ADB}] => (Allow) C:\Users\jotrys\.vagrant.d\gems\gems\vagrant-winnfsd-1.0.11\bin\winnfsd.exe
FirewallRules: [TCP Query User{2B1F6D18-90D8-46F3-9A36-8763C8A131FE}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{2893FEAC-AEAF-4AF6-9BF4-84ED81102D6C}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [{76C2F61D-3564-4F53-B4F9-6CCC653B498F}] => (Allow) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
FirewallRules: [{71E3E599-0446-424E-883B-5C73B09E6B17}] => (Allow) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
FirewallRules: [{24202DDC-5468-46B0-9850-80517307FAF3}] => (Allow) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
FirewallRules: [{B0BB4CD9-7B64-4A6F-AB9A-E41A8854AC64}] => (Allow) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
FirewallRules: [{F92E8B6F-814D-47FC-B97D-6F7F0E0B3B0D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F095CE0-1CEF-4F49-B299-DE9B8A744A74}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C08AF2AA-5B18-42B0-828C-45199506736F}] => (Allow) C:\Program Files (x86)\Opera Mail\operamail.exe
FirewallRules: [{7FA4E811-7865-4E29-82F0-CCC58AF7C780}] => (Allow) C:\Program Files (x86)\Opera Mail\operamail.exe
FirewallRules: [{F4B143F0-EB9A-4D00-AE1D-9F23CDAE4081}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{4122852A-FCD3-44F5-BFA0-9904773BC744}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{F7B06D27-1333-41F3-9051-C3021355EC4B}] => (Allow) C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe
FirewallRules: [{5839E68E-9C7B-438E-A955-B5A746DD1253}] => (Allow) C:\Program Files (x86)\KPN\KPN Assistent\KPN_Assistent.exe
FirewallRules: [{7D6A7191-0240-4CD5-90A2-12E9A58CB434}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A631F824-E872-4864-A303-1012A73B6292}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0A004AC-0AE7-4E0E-9EBF-DB026F562214}] => (Allow) C:\Program Files (x86)\NuSphere\PhpED\php5\php-cgi.exe
FirewallRules: [{DE8A3DAE-F777-486F-813D-B63A8D0D7E3F}] => (Allow) C:\Program Files (x86)\NuSphere\PhpED\php5\php.exe
FirewallRules: [{6C174F92-C33F-4592-82BB-5BE9A71B2068}] => (Allow) C:\Program Files\NuSphere\PhpED\php56\php-cgi.exe
FirewallRules: [{06B2C0E8-3C54-4613-8BDD-C6A0A37EFA70}] => (Allow) C:\Program Files\NuSphere\PhpED\php56\php.exe
FirewallRules: [{B3555E4A-5C68-41F8-B64E-0F412AE78174}] => (Allow) C:\Program Files\NuSphere\PhpED\php7\php-cgi.exe
FirewallRules: [{A7448137-3445-4CF8-96AD-71D8EC52B9D9}] => (Allow) C:\Program Files\NuSphere\PhpED\php7\php.exe
FirewallRules: [{C42D4713-9487-4D68-9400-1DC8D1B7B0E4}] => (Allow) C:\Program Files\NuSphere\PhpED\srv.exe
FirewallRules: [{CC9468BD-EBA3-452F-9325-F2D8F2E40EE0}] => (Allow) C:\Program Files\NuSphere\PhpED\dbglistener.exe
FirewallRules: [{9FD5BB4B-FB48-4431-825D-FB6FB41BF17F}] => (Allow) C:\Program Files\NuSphere\PhpED\PhpED.exe
FirewallRules: [{581ECBD5-094E-4C06-87C0-7ECF230C97F9}] => (Allow) C:\Users\jotrys\AppData\Local\Blisk\Application\blisk.exe
FirewallRules: [TCP Query User{E67FB27E-7348-4D62-B214-412F3DE796BA}C:\users\jotrys\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\jotrys\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{54894A37-4AC8-4D65-95F2-11A142681CEA}C:\users\jotrys\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\jotrys\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{CD2B71D8-8154-4195-8BD8-A0F055F60925}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{1FF03010-DC39-4EDF-9BFD-86FEECB79E93}] => (Allow) C:\Users\jotrys\AppData\Local\Google\Chrome SxS\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/07/2016 02:28:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:28:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:28:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:25:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:25:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:25:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:25:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:24:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:22:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
Error: (11/07/2016 02:22:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.
 
 
System errors:
=============
Error: (11/07/2016 12:48:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (11/07/2016 12:46:37 PM) (Source: DCOM) (EventID: 10010) (User: asus)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
 
Error: (11/07/2016 12:46:37 PM) (Source: DCOM) (EventID: 10010) (User: asus)
Description: The server {9AA46009-3CE0-458A-A354-715610A075E6} did not register with DCOM within the required timeout.
 
Error: (11/07/2016 12:42:09 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (11/07/2016 12:41:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/07/2016 12:41:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/07/2016 12:41:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/07/2016 12:41:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SAMSUNG Mobile Connectivity Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/07/2016 12:41:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/07/2016 12:41:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour-service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-10-31 11:03:02.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 11:03:02.889
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 11:03:02.800
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 11:03:02.715
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 11:03:02.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 11:03:02.646
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 11:02:59.177
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 11:02:58.916
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 10:10:16.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2016-10-31 10:10:16.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 430 @ 2.27GHz
Percentage of memory in use: 55%
Total physical RAM: 7981.53 MB
Available physical RAM: 3519.65 MB
Total Virtual: 16173.53 MB
Available Virtual: 10920.15 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:116 GB) (Free:45.77 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:334.67 GB) (Free:84.33 GB) NTFS
Drive s: () (Fixed) (Total:0.02 GB) (Free:0 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=116 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)
Partition 4: (Not Active) - (Size=334.7 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 AM

Posted 09 November 2016 - 01:32 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Remove this program in bold via the Control Panel > Programs > Programs and Features.
FreeRIP Toolbar v4.6 (HKLM-x32\...\{398B3CD3-316F-4a9e-A322-28D40D99F736}) (Version: 4.6 - Spigot, Inc.) <==== ATTENTION
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Extension: (avast! Online Security) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-29]
CHR Extension: (Google Wallet) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
U4 aspnet_state; no ImagePath
U0 aswVmm; no ImagePath
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {0EB2F6CE-77CC-4C5F-B3F2-809952D44CF2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {14401ED7-86C9-415B-92DE-CB6AAF53D603} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2CE29EC4-B44B-41BB-869E-2483FE2CF70E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {32B46D76-71F0-4643-BA3C-C24E1D60B00F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {599B389B-2C3A-426D-8753-8E7AFE0C419E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {94852421-5A3A-40F8-8C2D-DE13C5054607} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C4348BEF-C9BA-444A-A22F-0799D25851C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - no filepath
Task: {DDB5A136-323F-4318-AE27-6882A2D138A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E0BACB9C-8584-4C70-9D66-F8EC39F6A7CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E33DAAFB-12A8-4C60-B832-D5E4C5D05635} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
====

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 73 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418073F0}) (Version: 8.0.730.2 - Oracle Corporation)
<<<>>>

Please post the Fixlog.txt file and let me know what problem persists with this computer.

#3 joety22

joety22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 09 November 2016 - 02:41 PM

Hi nasdaq,

 

- Performed the first action (Turn System Restore On for Drives) successfully.

 

- But the second action: (Remove program FreeRIP Toolbar v4.6) -> can not do this since it is NOT listed Programs and Features

 

Note: ​I have not been performing any cleanup operations on my laptop since posting (as stated in the FAQ).

 

Should I just skip this action and just go on to the next one?

 

cheers,

Jo



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 AM

Posted 10 November 2016 - 09:42 AM

Yes.

#5 joety22

joety22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 11 November 2016 - 07:14 AM

Hi nasdaq,

 

"Please post the Fixlog.txt file and let me know what problem persists with this computer. "

 

I performed the actions, and added the contents of the Fixlog.txt file below.

 

As to the problems:

- laptop seems not to be so slugish -> nice!

"Qualcomm atheros client installation program" still has a HUGE size of 11,5 GB, but not sure if this is due to malware or not

 

 

-----------------------------

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by jotrys (11-11-2016 12:32:22) Run:1
Running from C:\Program files standalone\FRST64
Loaded Profiles: jotrys & UpdatusUser (Available Profiles: jotrys & UpdatusUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
GroupPolicy: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
FF Plugin: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Extension: (avast! Online Security) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-29]
CHR Extension: (Google Wallet) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
U4 aspnet_state; no ImagePath
U0 aswVmm; no ImagePath
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\jotrys\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
Task: {0EB2F6CE-77CC-4C5F-B3F2-809952D44CF2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {14401ED7-86C9-415B-92DE-CB6AAF53D603} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2CE29EC4-B44B-41BB-869E-2483FE2CF70E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {32B46D76-71F0-4643-BA3C-C24E1D60B00F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {599B389B-2C3A-426D-8753-8E7AFE0C419E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {94852421-5A3A-40F8-8C2D-DE13C5054607} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C4348BEF-C9BA-444A-A22F-0799D25851C1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D0250F3F-6480-484F-B719-42F659AC64D5} - no filepath
Task: {DDB5A136-323F-4318-AE27-6882A2D138A8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E0BACB9C-8584-4C70-9D66-F8EC39F6A7CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E33DAAFB-12A8-4C60-B832-D5E4C5D05635} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [145]
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found. 
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.73.2" => key removed successfully
C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2" => key removed successfully
C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513" => key removed successfully
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => not found.
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\gomekmidlodglbbmalcneegieacbdmki => moved successfully
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
aspnet_state => service removed successfully
aswVmm => service removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKU\S-1-5-21-3743678174-480702614-3700363307-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0EB2F6CE-77CC-4C5F-B3F2-809952D44CF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0EB2F6CE-77CC-4C5F-B3F2-809952D44CF2}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14401ED7-86C9-415B-92DE-CB6AAF53D603}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14401ED7-86C9-415B-92DE-CB6AAF53D603}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CE29EC4-B44B-41BB-869E-2483FE2CF70E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CE29EC4-B44B-41BB-869E-2483FE2CF70E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32B46D76-71F0-4643-BA3C-C24E1D60B00F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32B46D76-71F0-4643-BA3C-C24E1D60B00F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{599B389B-2C3A-426D-8753-8E7AFE0C419E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{599B389B-2C3A-426D-8753-8E7AFE0C419E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94852421-5A3A-40F8-8C2D-DE13C5054607}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94852421-5A3A-40F8-8C2D-DE13C5054607}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4348BEF-C9BA-444A-A22F-0799D25851C1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4348BEF-C9BA-444A-A22F-0799D25851C1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D0250F3F-6480-484F-B719-42F659AC64D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0250F3F-6480-484F-B719-42F659AC64D5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDB5A136-323F-4318-AE27-6882A2D138A8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDB5A136-323F-4318-AE27-6882A2D138A8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0BACB9C-8584-4C70-9D66-F8EC39F6A7CA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0BACB9C-8584-4C70-9D66-F8EC39F6A7CA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E33DAAFB-12A8-4C60-B832-D5E4C5D05635}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E33DAAFB-12A8-4C60-B832-D5E4C5D05635}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
"C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\BACKUP Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda" => not found.
"C:\Users\jotrys\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36623853 B
Java, Flash, Steam htmlcache => 729 B
Windows/system/drivers => 174336556 B
Edge => 964457 B
Chrome => 427116022 B
Firefox => 460445446 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 16674 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 207998 B
NetworkService => 14188 B
jotrys => 696676187 B
UpdatusUser => 16674 B
 
RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 

==== End of Fixlog 12:39:05 ==== 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,586 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:51 AM

Posted 11 November 2016 - 10:02 AM



"Qualcomm atheros client installation program" still has a HUGE size of 11,5 GB, but not sure if this is due to malware or not

I have never used this. It seem very huge. Check the manufacturers site.

If it's the installer then may be if the drivers for all products are included.
If it's the running .exe file than you will have to check.

You can check with the Windows 10 experts on this forum
http://www.bleepingcomputer.com/forums/f/229/windows-10-support/
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#7 joety22

joety22
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:51 PM

Posted 11 November 2016 - 12:29 PM

Hi Nasdaq, Thanks for your help!

 

I will check the forum you mentioned. 

 

cheers,

Jo






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users