Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Self creating SVCHost.exe in Windows/temp folder


  • This topic is locked This topic is locked
4 replies to this topic

#1 weinreich

weinreich

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 06 December 2016 - 09:34 AM

Hi,
 
 
I thought I would start by doing the same as in the first step of the solution in the other post so here is my log from FRST64.exe
 
I hope someone can help me get rid of this :)
 
********************************************************************************************************
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-12-2016
Ran by Weinreich (administrator) on BAYMAX (06-12-2016 15:23:16)
Running from C:\Users\Weinreich\Desktop
Loaded Profiles: Weinreich (Available Profiles: Weinreich & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: Danish (Denmark)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Check Point Software Technologies) C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
() C:\Program Files\pia_manager\pia_manager.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(hxxp://www.ruby-lang.org/) C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\Weinreich\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(BitTorrent Inc.) C:\Users\Weinreich\AppData\Roaming\uTorrent\uTorrent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\Weinreich\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe
(BitTorrent Inc.) C:\Users\Weinreich\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Users\Weinreich\AppData\Local\Google\Update\GoogleUpdate.exe
(Google, Inc) C:\Users\Weinreich\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\nacl64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
() C:\Windows\Temp\svchost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Run: [Spotify Web Helper] => C:\Users\Weinreich\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-09-01] (Spotify Ltd)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Run: [uTorrent] => C:\Users\Weinreich\AppData\Roaming\uTorrent\uTorrent.exe [2145984 2016-11-25] (BitTorrent Inc.)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27226072 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Run: [Google Update] => C:\Users\Weinreich\AppData\Local\Google\Update\GoogleUpdate.exe [153752 2016-11-18] (Google Inc.)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Run: [Google Photos Backup] => C:\Users\Weinreich\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Run: [GoogleChromeAutoLaunch_BE345880EEAE8228976F8F63D96217E2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921192 2016-11-08] (Google Inc.)
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\RunOnce: [Application Restart #0] => C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe [1260544 2016-09-25] (The NWJS Community)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{68245ac1-3bea-4018-9314-fe6d4d4eb0e2}: [DhcpNameServer] 89.150.129.22 89.150.129.10
Tcpip\..\Interfaces\{84518a32-83da-4be6-a829-56a93f8a4473}: [DhcpNameServer] 89.150.129.22 89.150.129.10
Tcpip\..\Interfaces\{be526a70-3512-43ad-bfe5-51b38dca3235}: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
Internet Explorer:
==================
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://87.54.22.132/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-12] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-12] (Oracle Corporation)
DPF: HKLM-x32 {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} hxxps://87.54.22.132/CSHELL/extender.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: 1zbtjjis.default
FF ProfilePath: C:\Users\Weinreich\AppData\Roaming\Mozilla\Firefox\Profiles\1zbtjjis.default [2016-12-05]
FF Homepage: Mozilla\Firefox\Profiles\1zbtjjis.default -> hxxps://87.54.22.132/
FF Extension: (Avira Browser Safety) - C:\Users\Weinreich\AppData\Roaming\Mozilla\Firefox\Profiles\1zbtjjis.default\Extensions\abs@avira.com.xpi [2016-11-22]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-12] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1758639380-3939604913-4091818744-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Weinreich\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-1758639380-3939604913-4091818744-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Weinreich\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-18] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll [2012-03-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll [2012-03-19] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll [2012-03-28] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Weinreich\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-03-10] (Cisco WebEx LLC)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/ig?hl=en
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl"
CHR Profile: C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default [2016-12-06]
CHR Extension: (Google Præsentation) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-19]
CHR Extension: (Giphy for Gmail) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\andgibkjiikabclfdkecpmdkfanpdapf [2016-05-27]
CHR Extension: (Google Dokumenter) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-19]
CHR Extension: (Google Drev) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (JSON Formatter) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjindcccaagfpapjjmafapmmgkkhgoa [2016-12-02]
CHR Extension: (YouTube) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google-søgning) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Lookup Companion for Wikipedia) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhgpkiiipkgmckicafkhcihkcldbdeej [2015-07-19]
CHR Extension: (MightyText - SMS from PC & Text from Computer) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2016-10-05]
CHR Extension: (Block site) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-08-02]
CHR Extension: (Google Kalender) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-13]
CHR Extension: (Google Play Musik) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-11-13]
CHR Extension: (Full Page Screen Capture) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-12-02]
CHR Extension: (Google Ark) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-19]
CHR Extension: (Avira Browser Safety) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-09]
CHR Extension: (Google Docs Offline) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-23]
CHR Extension: (Advanced REST client) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2016-12-02]
CHR Extension: (SMS from Gmail ™ & Facebook™ (MightyText)) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\iffdacemhfpnchinokehhnppllonacfj [2016-08-17]
CHR Extension: (AngularJS Batarang) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk [2016-03-08]
CHR Extension: (Imagus) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\immpkjjlgappgfkkfieppnmlhakdmaab [2016-12-06]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2016-03-10]
CHR Extension: (Flatbook) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\kadbillinepbjlgenaliokdhejdmmlgp [2016-10-15]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2016-04-20]
CHR Extension: (Google E-mail-tæller) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-07-19]
CHR Extension: (Google Hangouts) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-12-06]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2015-12-04]
CHR Extension: (SpeakIt!) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgeolalilifpodheeocdmbhehgnkkbak [2016-11-24]
CHR Extension: (Play Music Lyrics Fetcher) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\phnnoaooookpaffnminadcajmghibbbc [2016-10-20]
CHR Extension: (Gmail) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-19]
CHR Extension: (Chrome Media Router) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2015-07-31] ()
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2016-09-07] (Microsoft Corporation)
R2 cpextender; C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe [368272 2015-10-19] (Check Point Software Technologies)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [249328 2015-06-24] (DTS, Inc)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2015-02-05] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-07-31] ()
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-03-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-03-15] (Disc Soft Ltd)
S3 libusb0; C:\WINDOWS\system32\DRIVERS\libusb0.sys [44480 2015-08-17] (hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_674733509ab83d72\nvlddmkm.sys [14242872 2016-09-20] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project)
R3 VNA; C:\WINDOWS\system32\DRIVERS\vna.sys [161256 2015-10-19] (Check Point Software Technologies)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-06 15:23 - 2016-12-06 15:23 - 00027951 _____ C:\Users\Weinreich\Desktop\FRST.txt
2016-12-06 15:20 - 2016-12-06 15:20 - 00000000 ___HD C:\OneDriveTemp
2016-12-06 15:18 - 2016-12-06 15:19 - 00152566 _____ C:\Users\Weinreich\Desktop\complete log.txt
2016-12-06 15:15 - 2016-12-06 15:23 - 00000000 ____D C:\FRST
2016-12-06 15:13 - 2016-12-06 15:15 - 02419712 _____ (Farbar) C:\Users\Weinreich\Desktop\FRST64.exe
2016-12-06 13:50 - 2016-12-06 13:50 - 00000000 ____D C:\Users\Weinreich\AppData\Local\Gallio_NCrunch
2016-12-06 12:14 - 2016-12-06 12:15 - 00000000 ____D C:\Users\Weinreich\Downloads\Westworld (1973) [1080p] [YTS.AG]
2016-12-06 12:14 - 2016-12-06 12:14 - 00028104 _____ C:\Users\Weinreich\Downloads\Westworld (1973) [1080p] [YTS.AG].torrent
2016-12-06 10:31 - 2016-12-06 10:34 - 00000000 ____D C:\Users\Weinreich\Downloads\Ramin Djawadi - Westworld (Music from The HBO® Series, Season 1) (2016) - GEN
2016-12-06 08:16 - 2016-12-06 15:21 - 00000000 ____D C:\Users\Weinreich\AppData\LocalLow\uTorrent
2016-12-05 17:05 - 2016-12-05 17:05 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-05 17:05 - 2016-12-05 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-05 17:05 - 2016-12-05 17:05 - 00000000 ____D C:\Program Files\iTunes
2016-12-05 17:05 - 2016-12-05 17:05 - 00000000 ____D C:\Program Files\iPod
2016-12-05 17:05 - 2016-12-05 17:05 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-05 17:04 - 2016-12-05 17:04 - 00000000 ____D C:\Program Files\Bonjour
2016-12-05 17:04 - 2016-12-05 17:04 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-05 16:26 - 2016-12-05 16:26 - 00000000 ____D C:\Users\Weinreich\Downloads\The.Walking.Dead.S07E07.Custom.DKsubs.720p.HDTV.X264-SUBSTANCE
2016-12-05 11:16 - 2016-12-05 11:16 - 00000370 _____ C:\Users\Weinreich\.gitconfig
2016-12-05 10:06 - 2016-12-05 10:07 - 00000000 ____D C:\Users\Weinreich\Downloads\Miss.Peregrines.Home.For.Peculiar.Children.2016.DKSubs.1080p.BluRay.x264-UNiTAiL
2016-12-02 14:09 - 2016-12-02 14:09 - 00002149 _____ C:\Users\Weinreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiddler ScriptEditor.lnk
2016-12-02 09:59 - 2016-12-02 10:18 - 00000000 ____D C:\Users\Weinreich\Downloads\Kate Bush
2016-12-01 20:42 - 2016-12-01 20:42 - 00000000 ____D C:\Users\Weinreich\Downloads\Southside.With.You.2016.NORDiC.1080p.WEB-DL.x264-UNiTAiL
2016-11-28 21:46 - 2016-11-28 21:59 - 00000000 ____D C:\Users\Weinreich\Downloads\Boyhood.2014.Criterion.Edition.INTERNAL.BDRip.x264-RedBlade
2016-11-28 21:46 - 2016-11-28 21:46 - 00010715 _____ C:\Users\Weinreich\Downloads\Boyhood.2014.Criterion.Edition.INTERNAL.BDRip.x264-RedBlade.torrent
2016-11-28 15:03 - 2016-11-30 17:29 - 00000000 ____D C:\Users\Weinreich\Downloads\The BFG (2016) [1080p]
2016-11-28 15:03 - 2016-11-28 15:03 - 00039856 _____ C:\Users\Weinreich\Downloads\The.BFG.2016.DANiSH.AUDiO.1080p.WEB-DL.DD5.1.H.264-DBRETAiL.torrent
2016-11-28 14:34 - 2016-11-28 14:34 - 00037183 _____ C:\Users\Weinreich\Downloads\Boyhood.2014.NORDIC.720p.BluRay.DTS.x264-DBRETAiL.torrent
2016-11-28 10:26 - 2016-11-28 10:40 - 00000000 ____D C:\Users\Weinreich\Downloads\For.A.Few.Dollars.More.1965.DKSubs.720p.HDTV.x264-DTS
2016-11-28 10:26 - 2016-11-28 10:26 - 00048985 _____ C:\Users\Weinreich\Downloads\For.A.Few.Dollars.More.1965.DKSubs.720p.HDTV.x264-DTS.torrent
2016-11-27 11:35 - 2016-11-27 11:35 - 00000000 ____D C:\Users\Weinreich\Downloads\Ben.Hur.2016.DKSubs.1080p.BluRay.x264-UNiTAiL
2016-11-27 11:34 - 2016-11-27 11:34 - 00023293 _____ C:\Users\Weinreich\Downloads\Ben.Hur.2016.DKSubs.1080p.BluRay.x264-UNiTAiL.torrent
2016-11-24 07:49 - 2016-11-24 07:49 - 00000000 ____D C:\Users\Weinreich\Downloads\Masterminds.2016.Custom.DKSubs.1080p.WEB-DL.x264-UNiTY
2016-11-22 14:15 - 2016-11-22 14:15 - 00000000 _____ C:\Users\Weinreich\AppData\Local\E616.tmp
2016-11-22 14:15 - 2016-11-22 14:15 - 00000000 _____ C:\Users\Weinreich\AppData\Local\E615.tmp
2016-11-22 14:15 - 2016-11-22 14:15 - 00000000 _____ C:\Users\Weinreich\AppData\Local\E614.tmp
2016-11-22 10:43 - 2016-11-22 10:43 - 00056289 _____ C:\Users\Weinreich\Downloads\The.Secret.Life.Of.Pets.2016.NORDIC.1080p.BluRay.x264-DBRETAiL.torrent
2016-11-21 14:05 - 2016-12-05 16:23 - 00000000 ____D C:\Users\Weinreich\AppData\LocalLow\Mozilla
2016-11-18 17:22 - 2016-11-18 17:33 - 00000000 ____D C:\Users\Weinreich\Downloads\Adobe Photoshop CC 2015 (20150529.r.88) (32+64Bit) + Crack
2016-11-18 16:58 - 2016-11-18 16:58 - 00000000 ____D C:\WINDOWS\Panther
2016-11-18 16:43 - 2016-12-02 14:09 - 00000000 ____D C:\Program Files (x86)\Fiddler2
2016-11-18 16:43 - 2016-11-18 16:56 - 00000000 ____D C:\Users\Weinreich\Documents\Fiddler2
2016-11-18 16:43 - 2016-11-18 16:43 - 00001965 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fiddler 4.lnk
2016-11-18 16:42 - 2016-11-18 16:42 - 02996840 _____ (Telerik) C:\Users\Weinreich\Downloads\fiddlersetup.exe
2016-11-18 11:30 - 2016-11-18 16:58 - 00000972 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1758639380-3939604913-4091818744-1000UA.job
2016-11-18 11:30 - 2016-11-18 16:58 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1758639380-3939604913-4091818744-1000Core.job
2016-11-18 11:30 - 2016-11-18 11:35 - 00004098 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1758639380-3939604913-4091818744-1000UA
2016-11-18 11:30 - 2016-11-18 11:35 - 00003722 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1758639380-3939604913-4091818744-1000Core
2016-11-18 11:30 - 2016-11-18 11:30 - 00000000 ____D C:\Users\Weinreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2016-11-18 11:29 - 2016-11-18 11:29 - 02662800 _____ (Google) C:\Users\Weinreich\Downloads\gpautobackup_setup.exe
2016-11-17 14:43 - 2016-12-06 15:19 - 361693184 _____ C:\Users\Weinreich\CloudPortalDev_1.ldf
2016-11-17 14:43 - 2016-12-05 16:46 - 764215296 _____ C:\Users\Weinreich\CloudPortalDev.mdf
2016-11-17 09:44 - 2016-11-17 09:51 - 00000000 ____D C:\Users\Weinreich\Downloads\Top.Secret.1984.720p.WEB-DL.H264-HDCLUB [PublicHD]
2016-11-16 21:51 - 2016-11-16 21:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-11-16 19:50 - 2016-11-16 19:51 - 00000000 ____D C:\Users\Weinreich\Downloads\Come.and.Find.Me.2016.Custom.DKSubs.1080p.WEB-DL.x264-UNiTY
2016-11-16 11:21 - 2016-11-16 13:23 - 00000000 ____D C:\Users\Weinreich\Downloads\The.Grand.Duel.1972.PROPER.REPACK.1080p.BluRay.x264-SADPANDA[rarbg]
2016-11-15 15:54 - 2016-11-16 12:55 - 00000000 ____D C:\Users\Weinreich\Downloads\Queen Discography @ 320Kbps [Aufseher]
2016-11-15 12:16 - 2016-11-15 12:18 - 00000000 ____D C:\Users\Weinreich\Downloads\Suicide.Squad.2016.DKSubs.1080p.WEB-DL.x264-UNiTAiL
2016-11-15 07:46 - 2016-11-15 07:46 - 00000000 ____D C:\Users\Weinreich\Downloads\Snowden.2016.DKSubs.1080p.WEB-DL.x264-UNiTAiL
2016-11-14 18:53 - 2016-11-14 18:53 - 00000000 ____D C:\Users\Weinreich\Downloads\Dog.Eat.Dog.2016.Custom.DKSubs.1080p.WEB-DL.x264-UNiTY
2016-11-09 14:00 - 2016-11-02 13:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-09 14:00 - 2016-11-02 13:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-09 14:00 - 2016-11-02 12:22 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-09 14:00 - 2016-11-02 12:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-09 14:00 - 2016-11-02 12:20 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 14:00 - 2016-11-02 12:20 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 14:00 - 2016-11-02 12:15 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 14:00 - 2016-11-02 12:15 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 14:00 - 2016-11-02 12:14 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 14:00 - 2016-11-02 12:13 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 14:00 - 2016-11-02 12:13 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 14:00 - 2016-11-02 12:13 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 14:00 - 2016-11-02 12:13 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 14:00 - 2016-11-02 12:13 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-09 14:00 - 2016-11-02 12:12 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 14:00 - 2016-11-02 12:12 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 14:00 - 2016-11-02 12:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-09 14:00 - 2016-11-02 12:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-09 14:00 - 2016-11-02 12:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-09 14:00 - 2016-11-02 12:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-09 14:00 - 2016-11-02 12:08 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-09 14:00 - 2016-11-02 12:08 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-09 14:00 - 2016-11-02 12:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-09 14:00 - 2016-11-02 12:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-09 14:00 - 2016-11-02 12:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-09 14:00 - 2016-11-02 12:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-09 14:00 - 2016-11-02 12:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-09 14:00 - 2016-11-02 12:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-09 14:00 - 2016-11-02 12:05 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 14:00 - 2016-11-02 12:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-09 14:00 - 2016-11-02 12:04 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 14:00 - 2016-11-02 12:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-09 14:00 - 2016-11-02 12:03 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 14:00 - 2016-11-02 12:03 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 14:00 - 2016-11-02 12:02 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 14:00 - 2016-11-02 12:02 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-09 14:00 - 2016-11-02 12:02 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-09 14:00 - 2016-11-02 12:02 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 14:00 - 2016-11-02 12:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-09 14:00 - 2016-11-02 12:01 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-09 14:00 - 2016-11-02 12:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-09 14:00 - 2016-11-02 12:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-09 14:00 - 2016-11-02 12:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-09 14:00 - 2016-11-02 12:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 14:00 - 2016-11-02 12:00 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 14:00 - 2016-11-02 12:00 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 14:00 - 2016-11-02 12:00 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 14:00 - 2016-11-02 12:00 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 14:00 - 2016-11-02 12:00 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 14:00 - 2016-11-02 12:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-09 14:00 - 2016-11-02 11:59 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 14:00 - 2016-11-02 11:56 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 14:00 - 2016-11-02 11:56 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 14:00 - 2016-11-02 11:56 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 14:00 - 2016-11-02 11:56 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 14:00 - 2016-11-02 11:56 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 14:00 - 2016-11-02 11:55 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 14:00 - 2016-11-02 11:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-09 14:00 - 2016-11-02 11:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-09 14:00 - 2016-11-02 11:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-09 14:00 - 2016-11-02 11:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-09 14:00 - 2016-11-02 11:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-09 14:00 - 2016-11-02 11:48 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-09 14:00 - 2016-11-02 11:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-09 14:00 - 2016-11-02 11:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-09 14:00 - 2016-11-02 11:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-09 14:00 - 2016-11-02 11:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-09 14:00 - 2016-11-02 11:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-09 14:00 - 2016-11-02 11:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-09 14:00 - 2016-11-02 11:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-09 14:00 - 2016-11-02 11:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-09 14:00 - 2016-11-02 11:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-09 14:00 - 2016-11-02 11:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-09 14:00 - 2016-11-02 11:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-09 14:00 - 2016-11-02 11:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-09 14:00 - 2016-11-02 11:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-09 14:00 - 2016-11-02 11:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-09 14:00 - 2016-11-02 11:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-09 14:00 - 2016-11-02 11:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-09 14:00 - 2016-11-02 11:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-09 14:00 - 2016-11-02 11:42 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-09 14:00 - 2016-11-02 11:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-09 14:00 - 2016-11-02 11:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-09 14:00 - 2016-11-02 11:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-09 14:00 - 2016-11-02 11:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-09 14:00 - 2016-11-02 11:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 14:00 - 2016-11-02 11:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-09 14:00 - 2016-11-02 11:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-09 14:00 - 2016-11-02 11:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-09 14:00 - 2016-11-02 11:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-09 14:00 - 2016-11-02 11:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-09 14:00 - 2016-11-02 11:39 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-09 14:00 - 2016-11-02 11:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-09 14:00 - 2016-11-02 11:38 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 14:00 - 2016-11-02 11:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-09 14:00 - 2016-11-02 11:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-09 14:00 - 2016-11-02 11:37 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2016-11-09 14:00 - 2016-11-02 11:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-09 14:00 - 2016-11-02 11:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-09 14:00 - 2016-11-02 11:36 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2016-11-09 14:00 - 2016-11-02 11:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-09 14:00 - 2016-11-02 11:35 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-09 14:00 - 2016-11-02 11:34 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 14:00 - 2016-11-02 11:34 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 14:00 - 2016-11-02 11:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-09 14:00 - 2016-11-02 11:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-09 14:00 - 2016-11-02 11:33 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 14:00 - 2016-11-02 11:32 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 14:00 - 2016-11-02 11:32 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 14:00 - 2016-11-02 11:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-09 14:00 - 2016-11-02 11:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 14:00 - 2016-11-02 11:29 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 14:00 - 2016-11-02 11:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 14:00 - 2016-11-02 11:28 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-09 14:00 - 2016-11-02 11:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-09 14:00 - 2016-11-02 11:27 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 14:00 - 2016-11-02 11:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-09 14:00 - 2016-11-02 11:27 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 14:00 - 2016-11-02 11:27 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 14:00 - 2016-11-02 11:27 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 14:00 - 2016-11-02 11:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-09 14:00 - 2016-11-02 11:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-09 14:00 - 2016-11-02 11:27 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 14:00 - 2016-11-02 11:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-09 14:00 - 2016-11-02 11:27 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 14:00 - 2016-11-02 11:26 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-09 14:00 - 2016-11-02 11:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-09 14:00 - 2016-11-02 11:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-09 14:00 - 2016-11-02 11:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-09 14:00 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 14:00 - 2016-11-02 11:25 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-09 14:00 - 2016-11-02 11:25 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-09 14:00 - 2016-11-02 11:25 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 14:00 - 2016-11-02 11:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 14:00 - 2016-11-02 11:24 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 14:00 - 2016-11-02 11:24 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 14:00 - 2016-11-02 11:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-09 14:00 - 2016-11-02 11:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-09 14:00 - 2016-11-02 11:23 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 14:00 - 2016-11-02 11:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-09 14:00 - 2016-11-02 11:23 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 14:00 - 2016-11-02 11:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 14:00 - 2016-11-02 11:22 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 14:00 - 2016-11-02 11:22 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 14:00 - 2016-11-02 11:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 14:00 - 2016-11-02 11:22 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-09 14:00 - 2016-11-02 11:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-09 14:00 - 2016-11-02 11:21 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 14:00 - 2016-11-02 11:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 14:00 - 2016-11-02 11:20 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 14:00 - 2016-11-02 11:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 14:00 - 2016-11-02 11:19 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 14:00 - 2016-11-02 11:19 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 14:00 - 2016-11-02 11:19 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 14:00 - 2016-11-02 11:19 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-09 14:00 - 2016-11-02 11:19 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 14:00 - 2016-11-02 11:19 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 14:00 - 2016-11-02 11:19 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-09 14:00 - 2016-11-02 11:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 14:00 - 2016-11-02 11:18 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 14:00 - 2016-11-02 11:18 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 14:00 - 2016-11-02 11:18 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 14:00 - 2016-11-02 11:18 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-11-09 14:00 - 2016-11-02 11:18 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-09 14:00 - 2016-11-02 11:17 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 14:00 - 2016-11-02 11:17 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 14:00 - 2016-11-02 11:17 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-09 14:00 - 2016-11-02 11:17 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 14:00 - 2016-11-02 11:17 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 14:00 - 2016-11-02 11:17 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 14:00 - 2016-11-02 11:15 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 14:00 - 2016-11-02 11:15 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 14:00 - 2016-11-02 11:15 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 14:00 - 2016-11-02 11:15 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 14:00 - 2016-11-02 11:15 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 14:00 - 2016-11-02 11:15 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-09 14:00 - 2016-11-02 11:15 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 14:00 - 2016-11-02 11:14 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 14:00 - 2016-11-02 11:13 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 14:00 - 2016-11-02 11:13 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 14:00 - 2016-11-02 11:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 14:00 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-09 14:00 - 2016-11-02 10:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 14:00 - 2016-11-02 09:20 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 14:00 - 2016-08-02 05:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-08 21:01 - 2016-11-08 21:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-12-06 15:23 - 2015-08-12 13:52 - 00000000 ____D C:\Users\Weinreich\AppData\Roaming\uTorrent
2016-12-06 15:22 - 2015-07-28 13:58 - 00000000 ____D C:\Users\Weinreich\AppData\Roaming\Skype
2016-12-06 15:20 - 2016-09-07 19:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-06 15:20 - 2016-09-07 19:11 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-06 15:20 - 2015-07-31 11:17 - 00000000 ___RD C:\Users\Weinreich\OneDrive
2016-12-06 15:20 - 2015-07-29 13:51 - 00000000 ____D C:\Program Files (x86)\Steam
2016-12-06 15:19 - 2016-09-07 19:12 - 00000000 ____D C:\Users\Weinreich
2016-12-06 15:19 - 2016-07-16 07:04 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2016-12-06 15:19 - 2015-07-29 10:13 - 00000000 ____D C:\Users\Weinreich\AppData\Local\NCrunch
2016-12-06 15:17 - 2016-05-13 08:49 - 00000000 ____D C:\Users\Weinreich\AppData\Local\Battle.net
2016-12-06 14:55 - 2016-09-09 11:49 - 04390912 _____ C:\Users\Weinreich\PortalManager.Developer.mdf
2016-12-06 14:55 - 2016-09-09 11:49 - 01638400 _____ C:\Users\Weinreich\PortalManager.Developer_log.ldf
2016-12-06 14:27 - 2016-05-13 08:48 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-06 14:03 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-06 14:03 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-06 13:14 - 2016-05-24 19:02 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-12-06 12:07 - 2016-09-07 19:10 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-06 08:20 - 2016-09-07 19:12 - 03618008 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-06 08:20 - 2016-07-17 01:09 - 01512054 _____ C:\WINDOWS\system32\perfh006.dat
2016-12-06 08:20 - 2016-07-17 01:09 - 00421808 _____ C:\WINDOWS\system32\perfc006.dat
2016-12-05 17:05 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-05 17:05 - 2016-06-27 09:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-05 17:04 - 2015-11-23 14:17 - 00000000 ____D C:\ProgramData\Apple
2016-12-05 16:25 - 2015-11-12 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-05 14:37 - 2015-07-31 08:32 - 00002296 ____H C:\Users\Weinreich\Documents\Default.rdp
2016-12-05 13:57 - 2015-07-28 21:14 - 00001832 _____ C:\Users\Weinreich\AppData\Local\SLC_Weinreich.prx
2016-12-05 12:54 - 2015-11-12 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-02 14:16 - 2015-07-19 08:41 - 00000000 ____D C:\Users\Weinreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps
2016-12-01 11:56 - 2016-05-23 09:02 - 00000000 ____D C:\Users\Weinreich\Documents\Visual Studio 2015
2016-11-30 12:41 - 2016-04-05 09:52 - 00000000 ____D C:\Users\Weinreich\AppData\Local\CrashDumps
2016-11-30 08:34 - 2015-07-28 14:52 - 00000000 ____D C:\Users\Weinreich\Documents\Visual Studio 2013
2016-11-29 17:07 - 2016-03-18 17:21 - 00000000 ____D C:\Users\Weinreich\AppData\Roaming\vlc
2016-11-29 17:01 - 2016-10-28 16:29 - 00000000 ____D C:\Video
2016-11-28 21:50 - 2015-07-28 16:24 - 00000000 ____D C:\Users\Weinreich\Documents\SQL Server Management Studio
2016-11-28 09:46 - 2015-07-28 22:19 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-11-24 11:49 - 2015-07-29 09:13 - 00000000 ____D C:\Users\Weinreich\AppData\Roaming\TeamViewer
2016-11-24 07:49 - 2016-01-04 08:52 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-11-24 07:49 - 2015-07-28 13:57 - 00000000 ____D C:\ProgramData\Skype
2016-11-23 22:53 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-22 10:09 - 2015-07-28 21:05 - 00000000 ____D C:\ProgramData\Atlassian
2016-11-18 16:58 - 2016-09-07 19:10 - 00245936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-18 11:30 - 2015-07-19 08:40 - 00000000 ____D C:\Users\Weinreich\AppData\Local\Google
2016-11-17 14:43 - 2015-07-29 07:56 - 00000000 ____D C:\Dev
2016-11-16 22:30 - 2015-09-16 08:14 - 00000000 ___RD C:\Users\Weinreich\3D Objects
2016-11-16 22:30 - 2015-07-31 11:15 - 00000000 ____D C:\Users\Weinreich\AppData\Local\Packages
2016-11-16 22:27 - 2015-07-28 19:39 - 00000000 ____D C:\Users\Weinreich\AppData\Roaming\DAEMON Tools Lite
2016-11-16 22:10 - 2015-07-19 19:50 - 00000000 ____D C:\Users\Weinreich\Documents\My Games
2016-11-16 21:53 - 2015-09-21 10:44 - 00000000 ____D C:\Users\Weinreich\AppData\Local\SkypePlugin
2016-11-16 21:51 - 2015-08-17 11:58 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-11-15 07:47 - 2015-07-19 08:40 - 00002288 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-13 14:25 - 2016-05-13 08:50 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-11-11 08:13 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 12:24 - 2016-09-07 19:28 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-10 08:41 - 2015-07-31 11:15 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-09 22:26 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 22:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 22:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 22:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 22:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 22:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 15:21 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 15:19 - 2015-07-19 09:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 15:16 - 2015-07-19 09:00 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-09 12:10 - 2015-07-28 14:25 - 00000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2016-11-22 14:15 - 2016-11-22 14:15 - 0000000 _____ () C:\Users\Weinreich\AppData\Local\E614.tmp
2016-11-22 14:15 - 2016-11-22 14:15 - 0000000 _____ () C:\Users\Weinreich\AppData\Local\E615.tmp
2016-11-22 14:15 - 2016-11-22 14:15 - 0000000 _____ () C:\Users\Weinreich\AppData\Local\E616.tmp
2016-03-07 09:45 - 2016-03-07 09:45 - 0000000 _____ () C:\Users\Weinreich\AppData\Local\EE16.tmp
2016-03-07 09:45 - 2016-03-07 09:45 - 0000000 _____ () C:\Users\Weinreich\AppData\Local\EE17.tmp
2016-03-07 09:45 - 2016-03-07 09:45 - 0000000 _____ () C:\Users\Weinreich\AppData\Local\EE28.tmp
2015-08-10 10:33 - 2016-09-01 09:10 - 0000600 _____ () C:\Users\Weinreich\AppData\Local\PUTTY.RND
2016-06-15 12:16 - 2016-10-29 11:00 - 0007635 _____ () C:\Users\Weinreich\AppData\Local\resmon.resmoncfg
2015-07-28 21:14 - 2016-12-05 13:57 - 0001832 _____ () C:\Users\Weinreich\AppData\Local\SLC_Weinreich.prx
2016-09-07 19:11 - 2016-09-07 19:11 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Weinreich\AppData\Roaming\Origin\update.vbe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-02 21:11
 
==================== End of FRST.txt ============================
 
********************************************************************************************************
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-12-2016
Ran by Weinreich (06-12-2016 15:23:52)
Running from C:\Users\Weinreich\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-07 18:30:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1758639380-3939604913-4091818744-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1758639380-3939604913-4091818744-503 - Limited - Disabled)
Gæst (S-1-5-21-1758639380-3939604913-4091818744-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1758639380-3939604913-4091818744-1002 - Limited - Enabled)
Weinreich (S-1-5-21-1758639380-3939604913-4091818744-1000 - Administrator - Enabled) => C:\Users\Weinreich
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\uTorrent) (Version: 3.4.9.42973 - BitTorrent Inc.)
7-Zip 15.06 beta (x64) (HKLM\...\7-Zip) (Version: 15.06 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Another World (HKLM-x32\...\Steam App 233550) (Version:  - Eric Chahi)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Apple-programunderstøttelse (32 bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple-programunderstøttelse (64 bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.5 - Microsoft Corporation) Hidden
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.34.223.5 - Broadcom Corporation)
Build Tools - amd64 (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.40629 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
Check Point SSL Network Extender (HKLM-x32\...\{1fb771a1-e18d-4c27-83db-e5a3dbc1fc94}) (Version: 7.01.0000 - CheckPoint)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition 5.19.1 (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2013 (HKLM-x32\...\{D5170452-84D1-4725-AD9C-F9ECFD0A9E9F}) (Version: 12.0.40302.0 - Microsoft Corporation)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-750 Series Printer Uninstall (HKLM\...\EPSON XP-750 Series) (Version:  - SEIKO EPSON Corporation)
Fiddler Syntax-Highlighting Addons (HKLM-x32\...\FiddlerSyntaxAddons) (Version:  - )
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Photos Backup (HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
IBM Tivoli Storage Manager Client (HKLM\...\{A32F262C-4A6A-4129-93E8-E920ECF379C7}) (Version: 07.01.0200 - IBM)
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 19.1 - Intel)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Magic Duels (HKLM-x32\...\Steam App 316010) (Version:  - Stainless Games Ltd.)
MakeMKV v1.10.2 (HKLM-x32\...\MakeMKV) (Version: v1.10.2 - GuinpinSoft inc)
Memory Profiler (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
METAL GEAR SOLID V: THE PHANTOM PAIN (HKLM-x32\...\Steam App 287700) (Version:  - Konami Digital Entertainment)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft ASP.Net Web Frameworks 5.1 Security Update (KB2994397) (HKLM-x32\...\{94F716A3-CBBA-4005-9516-1C4267DDB824}) (Version: 5.1.20821 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft ODBC Driver 11 for SQL Server (HKLM\...\{A106FA6F-E94C-44C9-8A0F-C34BD82C9FE6}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Report Viewer 2014 Runtime (HKLM-x32\...\{327E9C0D-1687-414F-923E-F5979E549548}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2014) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Policies  (HKLM-x32\...\{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Setup (English) (HKLM\...\{0EEBDCCA-EF5D-4896-9FEA-D7D410A57E8A}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL Compiler Service  (HKLM\...\{59DE4D1C-690E-4397-8A44-B684934E863C}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM\...\{7FE9A69F-6D91-4E2E-86B5-E2EB27AE6041}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB RC0 (HKLM\...\{9CED5D08-5664-4668-A927-CD6C60C4175D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (HKLM-x32\...\{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{F6F8053F-D328-4ACA-93A1-A49E495899F2}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service RC0 (HKLM-x32\...\{1852BD30-570B-4E47-8752-461448E8E250}) (Version: 13.0.12000.52 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom RC0 (HKLM\...\{D9F55D00-A8AB-4518-A56E-D9D5E615542A}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.50717.0) (HKLM-x32\...\{B8FDF791-C2DB-4ECB-9F3E-AE536FD1DEE3}) (Version: 12.0.50717.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60311.1) (HKLM-x32\...\{28292CA9-8D65-4E37-95A3-753EEB38F122}) (Version: 14.0.60311.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools 2013 (HKLM-x32\...\{09dfa1d3-c891-42de-ac69-695b4f420c1e}) (Version: 12.0.50717.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM\...\{495CC0B4-D4C3-4D87-8317-F66BA48C5552}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM-x32\...\{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 with Update 4 (HKLM-x32\...\{c96467b4-e480-4218-8fde-db83bf9d47d1}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
MKVToolNix 7.2.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.2.0 - Moritz Bunkus)
Mozilla Firefox 50.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.0.2 (x86 en-GB)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
NCrunch for Visual Studio 2013 (HKLM-x32\...\{16C1BD3D-D313-40B4-8AB8-6DD5A62A361F}) (Version: 2.20.4 - Remco Software Ltd)
Node.js (HKLM-x32\...\{B716A4B0-5096-4132-A741-2D99CFF53207}) (Version: 0.12.7 - Joyent, Inc. and other Node contributors)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NuGet Package Explorer (HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\bd16641f5a08dd57) (Version: 3.15.0.0 - NuGet Package Explorer)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PowerShellIntegration.Notifications (x32 Version: 2.6.0.0 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Prerequisites for SSDT RC0 (HKLM-x32\...\{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}) (Version: 13.0.1100.286 - Microsoft Corporation)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
QNAP Qfinder Pro (HKLM-x32\...\QNAP_FINDER) (Version: 5.2.1.1224 - QNAP Systems, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25130 - Microsoft Corporation) Hidden
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
SourceGear DiffMerge 4.2.0.697.stable (x64) (HKLM\...\{F6BEC317-F689-4158-B1F0-F229B794CFBA}) (Version: 4.2.0.697 - SourceGear, LLC)
SourceTree (HKLM-x32\...\SourceTree 1.8.2.3) (Version: 1.8.2.3 - Atlassian)
SourceTree (HKLM-x32\...\SourceTree 1.9.6.1) (Version: 1.9.6.1 - Atlassian)
SourceTree (HKLM-x32\...\SourceTree 1.9.6.2) (Version: 1.9.6.2 - Atlassian)
SourceTree (x32 Version: 1.9.6.1 - Atlassian) Hidden
SourceTree (x32 Version: 1.9.6.2 - Atlassian) Hidden
Spotify (HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\Spotify) (Version: 1.0.36.124.g1cba1920 - Spotify AB)
SQL Sentry Plan Explorer (HKLM-x32\...\{e624e155-f2b1-4240-ae48-8b490d8a8461}) (Version: 8.5.7.0 - SQL Sentry, Inc.)
SQL Sentry Plan Explorer (Version: 8.5.7.0 - SQL Sentry, Inc.) Hidden
SQL Sentry Plan Explorer SSMS Addin (x32 Version: 2.0.0.0 - SQL Sentry, Inc.) Hidden
SQL Server 2014 Client Tools (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Common Files (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SQL Server 2014 Management Studio (Version: 12.0.2000.8 - Microsoft Corporation) Hidden
SSMSBoost for SSMS 2014 (HKLM-x32\...\{E045B2CD-1205-4158-882D-EF401A04ED66}) (Version: 2.18.5828.29751 - Solutions Crew)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 2 (x32 Version: 14.95.25118 - Microsoft) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.3.44034 - Telerik)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.31.0 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2013 Update 5 (KB2829760) (HKLM-x32\...\{17551f85-1d1c-4142-a83f-bbd18a3522c2}) (Version: 12.0.40629 - Microsoft Corporation)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 12.0.40629 - Microsoft Corporation) Hidden
VS Update core components (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
vs_update2notification (x32 Version: 14.0.25130 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\...\WinDirStat) (Version:  - )
Workflow Manager Client 1.0 (Version: 2.0.40131.0 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.40326.0 - Microsoft Corporation) Hidden
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1758639380-3939604913-4091818744-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Weinreich\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1758639380-3939604913-4091818744-1000_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()
CustomCLSID: HKU\S-1-5-21-1758639380-3939604913-4091818744-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Weinreich\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {05FDD92B-F885-40B7-97C9-EDF97606CB59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1758639380-3939604913-4091818744-1000UA => C:\Users\Weinreich\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-18] (Google Inc.)
Task: {09FD0EF8-9431-42FA-9901-92DC04FAE394} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0BF1A5EA-3C22-4991-A83B-ECED4A2DCE19} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1758639380-3939604913-4091818744-1000Core => C:\Users\Weinreich\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-18] (Google Inc.)
Task: {1B1FEAD0-AA4D-4B19-ADC1-B930DD6627D0} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1EEFC12F-3E96-4F48-970E-A7491A96BAD8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {297FAAEA-9B45-4544-82E0-A6FC6620BB48} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {29AFC3E9-7E17-4163-A4E5-FCC1FD3958E3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {39ACE950-3CE8-4163-8F06-D2ECF0C61E6F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {3E946410-502E-4047-ABA0-F7EBB582C480} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {4017D4DD-AA1E-4C6A-8DCF-FD6FEA2FA530} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {45D3DCFC-A5F3-453A-8469-FFB65EC0D336} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {47933837-9383-4616-B1BB-A4F55D7AB300} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F51F398-938F-44C1-A033-16EF7C43A38A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {56790F9B-62FE-4BD8-9CB6-722D4E60C255} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5D536BA6-1535-4F42-AAFB-14FB533170C4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {64030631-C3D7-42A5-97F5-129AEC4262F8} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {6A469E2B-5003-41F1-BB77-D109F09BECEB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {75519C60-F6EF-4578-9FFD-A1689E4842C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {77379787-7FEA-44AC-A17A-ED8DB943A0E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {78DFF6DB-2798-4043-B574-A3E3DBF3E32E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {845AB912-052C-4026-B580-231C0D6D3FFA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {88DDAAB0-CC2C-4D5C-B054-B98AA2F16BD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8FF7F471-408D-4EBD-B073-9846ABA63895} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {90F39C6E-B370-47B2-879C-7E87FEC636CB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-09] (Microsoft Corporation)
Task: {9BDBE577-42D0-4552-ABF9-5F04A397F41F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {9BEC706B-1339-41C8-BA54-FCC2BDC368E1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {9FDB3C0E-AFA7-4698-86C6-412343CB017F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AC1B4856-4DE5-4C4F-BCE8-33DB957948E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {AD08C68C-51D0-4DBC-858B-922866EAE7F0} - System32\Tasks\Origin => C:\Users\Weinreich\AppData\Roaming\Origin\update.vbe [2016-05-04] () <==== ATTENTION
Task: {BAD426EC-3DA4-417A-A9AB-D619736A3FC6} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BC194DD9-5FFE-438C-BB3E-432F631C8076} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C136B57B-1F49-47B2-873A-3B92D63CA3D9} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-12-24] ()
Task: {C155BD5C-5C63-4D9B-9BED-3A0A8CBF6DE1} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {CBE59CB6-098E-4597-B0E3-D789394BF435} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D23006CC-556F-416D-8B6E-7D2B43139F3E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DB3D8DD1-3F61-492D-BBD4-0A3E9F18163B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E4CC9A87-93DF-45DA-83F3-E6509F653FD8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E6A31713-FD14-4FA2-8EEF-D5F8FCB83E63} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E9657AD3-B7CB-483A-97AA-17E2B1857F6D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EF8DF48F-D72D-406F-AEA1-707AC7B49451} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F414C1BF-C2EB-4A6B-A8AD-FA0DB93FF2FC} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-09-25] ()
Task: {F74365AD-23C8-436F-A91F-DEF6055C4FA2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1758639380-3939604913-4091818744-1000Core.job => C:\Users\Weinreich\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1758639380-3939604913-4091818744-1000UA.job => C:\Users\Weinreich\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Weinreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"
ShortcutWithArgument: C:\Users\Weinreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\Advanced REST client.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hgmloofddffdnphfgcellkdfbfbjeloo
ShortcutWithArgument: C:\Users\Weinreich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-03 08:06 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-07 19:11 - 2016-09-16 23:54 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-07 19:11 - 2015-07-31 11:29 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2016-05-04 06:51 - 2016-06-15 02:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-04-05 07:10 - 2016-06-15 02:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-05-04 06:51 - 2016-06-15 02:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-04 06:51 - 2016-06-15 02:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-05-04 06:51 - 2016-06-15 02:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-04 06:51 - 2016-06-15 02:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-04 06:51 - 2016-06-15 02:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-04-05 07:10 - 2016-06-15 02:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-04 06:51 - 2016-06-15 02:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-04 06:51 - 2016-06-15 02:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-03-16 17:57 - 2015-12-24 05:29 - 01739952 _____ () C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
2016-09-23 13:18 - 2016-09-25 09:48 - 07711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2016-10-03 08:06 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-08 08:06 - 2016-09-08 08:06 - 01864384 _____ () C:\Users\Weinreich\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2015-07-29 07:56 - 2015-03-19 22:33 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll
2015-04-15 21:13 - 2015-04-15 21:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-09-21 07:05 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 14:00 - 2016-11-02 11:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 14:00 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 14:00 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 14:00 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 14:00 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 14:00 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-23 13:18 - 2016-09-25 09:48 - 00693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-09-23 13:18 - 2016-09-25 09:48 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-09-23 13:18 - 2016-09-25 09:48 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-09-23 13:18 - 2016-09-25 09:48 - 00144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2016-11-18 16:58 - 2016-12-06 15:21 - 01563136 _____ () C:\Windows\Temp\svchost.exe
2016-11-17 14:31 - 2016-11-17 14:32 - 01084928 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1611.3132.0_x64__8wekyb3d8bbwe\TimeBackground.dll
2016-11-04 09:38 - 2016-11-04 09:38 - 02549248 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.2850.0_x64__8wekyb3d8bbwe\People.BackgroundTasks.dll
2016-11-04 09:38 - 2016-11-04 09:38 - 00139264 _____ () C:\Program Files\WindowsApps\Microsoft.People_10.1.2850.0_x64__8wekyb3d8bbwe\PeopleUtilRT.Windows.dll
2016-09-07 19:11 - 2016-12-06 15:20 - 00042128 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2016-09-07 19:11 - 2015-07-31 11:29 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2015-07-19 10:28 - 2016-06-15 02:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-12-06 15:20 - 2016-12-06 15:20 - 00012800 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00009728 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00014848 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00094208 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\src\rgloader\rgloader193.mswin.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00009216 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00094208 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00126976 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00087552 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00016384 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00127316 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\bin\libffi-6.dll
2016-12-06 15:20 - 2016-12-06 15:20 - 00008704 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00013312 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00095744 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00026624 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr3FE7.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00012800 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00009728 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00014848 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00094208 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\src\rgloader\rgloader193.mswin.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00094208 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00118784 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00069120 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00083968 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\bin\zlib1.dll
2016-12-06 15:20 - 2016-12-06 15:20 - 00026624 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00275968 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00015360 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00008192 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00009216 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00023552 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00008704 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00008704 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00008704 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00008704 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00036352 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00126976 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00087552 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00016384 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00127316 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\bin\libffi-6.dll
2016-12-06 15:20 - 2016-12-06 15:20 - 00013312 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00095744 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2016-12-06 15:20 - 2016-12-06 15:20 - 00026624 _____ () C:\Users\Weinreich\AppData\Local\Temp\ocr5AE1.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-07-29 13:52 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-07-29 13:52 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-07-29 13:52 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2015-07-29 13:52 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-07-29 13:52 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-07-29 13:52 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-07-29 13:52 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-07-29 13:52 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-07-29 13:52 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-07-29 13:52 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-07-29 13:52 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-10 08:08 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-09-08 08:06 - 2016-09-08 08:06 - 01383616 _____ () C:\Users\Weinreich\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-09-08 08:06 - 2016-09-08 08:06 - 00118976 _____ () C:\Users\Weinreich\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-10-14 07:18 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-04-08 23:35 - 2016-04-08 23:35 - 03481600 _____ () C:\Users\Weinreich\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2016-11-15 07:47 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 07:47 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\libegl.dll
2016-09-23 13:18 - 2016-09-25 09:48 - 00939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-09-23 13:18 - 2016-09-25 09:48 - 03115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2016-12-06 13:51 - 00001889 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
10.50.25.245      cloudportal.test # Cloud Portal app for tests
10.50.25.246      cloudportal.dev # Development version of Cloud Portal app
10.50.25.246      api.cloudportal.dev # Development version of Cloud Portal API
10.50.28.4        lang.cloudportal.dev # Development version of Language Module App Cloud Portal
10.50.25.245      api.cloudportal.test # Cloud Portal API for tests
10.50.25.245      portalmanager.test # Portal Manager app for tests
10.50.28.4        portalmanager.release # Release version of Portal Manager app (for internal use)
10.50.25.246      portalmanager.dev # Development version of Portal Manager app0.0.0.0 v10.vortex-win.data.microsoft.com
0.0.0.0 win10.ipv6.microsoft.com
10.50.28.4        api.cloudportal.release # Release version of Cloud Portal API (for internal use)
10.50.28.4        lang.cloudportal.release # Release version of Language Module App Cloud Portal (for internal use)
10.50.28.4        cloudportal.release # Release version of Cloud Portal app (for internal use)
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1758639380-3939604913-4091818744-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Weinreich\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 209.222.18.222 - 209.222.18.218
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [{BB3BAFCC-CD4D-411C-B261-32502AA7A6CA}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{00E55555-65A5-41AB-B650-B4587939F703}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2F322519-520A-4162-B0AA-98BD9B8F9E35}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95E0252D-3802-4DEC-BB7B-0540B9370D3E}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{943D2B40-94C9-4A55-A604-9C048A17EBDD}] => C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{FBEDE305-1143-4BE1-BDB0-87AC4D72B756}] => C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{09B3D715-5CE9-48FC-9289-CA65CDE0BD4A}] => C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{4452249A-58DD-4A3E-9128-9979CA726F90}] => C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{1361D290-A28E-4AFD-8A50-A092B8D337A3}] => C:\Users\Weinreich\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{C61915CC-51F7-4C82-9881-8C4A97C9D758}] => C:\Users\Weinreich\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{56A310DE-C50B-40A3-90F1-E8E1CBCAE400}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D58FF19A-3817-4A2C-A04A-5ADDD7CB1EAE}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A5744603-A541-445B-85CC-48EE735F6BC1}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1ADD9C93-B0C4-41A4-AD17-A98428419CB4}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{1FAC38BB-9420-4123-BA03-354CD1AF2F8F}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [TCP Query User{C14FF1E2-BE5A-4DA7-90F4-CF5923BE997D}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{39CFEDEE-2BE1-44A6-A37A-A91A4D765453}] => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{10073C6F-FFD3-4940-8F15-ED3E185D22EC}C:\users\weinreich\appdata\roaming\spotify\spotify.exe] => C:\users\weinreich\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{83FB3A6E-C26D-4C5C-A432-0A62C4201946}C:\users\weinreich\appdata\roaming\spotify\spotify.exe] => C:\users\weinreich\appdata\roaming\spotify\spotify.exe
FirewallRules: [{21C76537-7315-43C1-B8C6-895748F42F80}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5C436A14-AC61-4266-A59B-6E1D9AFA0756}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3DCCAE63-861B-4085-8DB1-1FFE4E9BA89C}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{263600FB-1834-4EA3-88CE-7144B7BDDC0A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BF92AFFD-4CF0-4F54-B9F4-8B2BDD657BF6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{58029AED-D5BB-46B1-9EF5-C502CF450B5C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A249CAC8-0ACB-4208-810E-34A674BD95CC}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [UDP Query User{DF0A3FED-C539-4FC4-9709-4C8639598E40}C:\program files (x86)\diablo iii\diablo iii.exe] => C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{9439883A-D9B9-43BD-92D9-420E86B53510}C:\program files (x86)\diablo iii\diablo iii.exe] => C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{32F0ABFA-6167-49A7-AB04-7EB7BF8BD00F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6BB79FA3-1D03-4F9A-A71C-E42620B472F4}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{42F1FD20-CB39-425C-BB3B-226F15FE642B}] => C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [{B994FE99-3089-4C92-A9AD-025C33396CD4}] => C:\Program Files (x86)\Steam\steamapps\common\MGS_TPP\mgsvtpp.exe
FirewallRules: [UDP Query User{2B1451B1-9EC5-40D6-A5B5-DFEF6823FEB0}C:\users\weinreich\appdata\roaming\utorrent\utorrent.exe] => C:\users\weinreich\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{D3587E76-4DC7-49F5-86C8-A1CDE2C93498}C:\users\weinreich\appdata\roaming\utorrent\utorrent.exe] => C:\users\weinreich\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2E4DB69B-C1B8-4C4C-AB8E-65FB45F33585}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3DF1C22D-92C6-42C3-AD64-BB6C77AA6ECA}C:\program files (x86)\skype\phone\skype.exe] => C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D9A7FA3D-BFE8-4675-8D98-E990EB7AEADE}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{087C9A6B-B0D0-40F5-9416-AE2A2F819F1A}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{CB85C1D9-7A71-47A6-BB57-53DC46B12ABD}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [UDP Query User{FF95FD36-0C44-420D-B0AE-F7C7BDCBABD5}C:\program files (x86)\qnap\qfinder\qfinderpro.exe] => C:\program files (x86)\qnap\qfinder\qfinderpro.exe
FirewallRules: [{A984CCB3-442C-4770-95B1-E20F51E53D09}] => C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{802BD426-C54D-42D2-A053-82ADF5BFCF18}] => C:\Program Files (x86)\Steam\steamapps\common\Magic Duels\MagicDuels.exe
FirewallRules: [{711C6388-348C-4CD6-9FF7-3381AB2DF97C}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E414C74D-E86C-4952-A921-30CA7132A507}] => C:\Program Files (x86)\Fiddler2\Fiddler.exe
FirewallRules: [{22E9911E-16D6-424C-8AC0-8A2F396630DA}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DF234D0F-6319-4ABA-992B-DA3D76283D3A}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{919415E9-9A9E-42AD-BAF5-20143D701258}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90E49B27-9FCB-4707-823B-8ABB105DFDEC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E3DFEDDC-09C1-4740-AAD0-80390C4EBB67}] => C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
16-11-2016 21:50:37 Removed Garmin ANT Agent
22-11-2016 10:09:09 Installed SourceTree
29-11-2016 21:11:40 Planlagt kontrolpunkt
05-12-2016 17:05:05 Installed iTunes
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/06/2016 03:20:53 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (12/06/2016 03:19:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BAYMAX)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/06/2016 03:19:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BAYMAX)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/06/2016 03:19:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BAYMAX)
Description: Activation of app Microsoft.MicrosoftMinesweeper_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/06/2016 03:19:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BAYMAX)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (12/06/2016 08:16:02 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (12/05/2016 05:05:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery-protokol.
 
System Error:
Adgang nægtet.
.
 
Error: (12/05/2016 04:25:49 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
Error: (12/05/2016 04:24:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program uTorrent.exe version 3.4.9.42973 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 25e4
 
Start Time: 01d24ec7beaad2df
 
Termination Time: 4294967295
 
Application Path: C:\Users\Weinreich\AppData\Roaming\uTorrent\uTorrent.exe
 
Report Id: d9216474-bafe-11e6-9cc9-54271efcd4e6
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (12/05/2016 08:18:08 AM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
 
 
System errors:
=============
Error: (12/06/2016 03:20:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The programspecifikke permission settings do not grant Lokal Aktivering permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOKAL TJENESTE SID (S-1-5-19) from address LocalHost (via LRPC) running in the application container Ikke tilgængelig SID (Ikke tilgængelig). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/06/2016 03:20:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The programspecifikke permission settings do not grant Lokal Aktivering permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOKAL TJENESTE SID (S-1-5-19) from address LocalHost (via LRPC) running in the application container Ikke tilgængelig SID (Ikke tilgængelig). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/06/2016 03:20:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The programspecifikke permission settings do not grant Lokal Aktivering permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (via LRPC) running in the application container Ikke tilgængelig SID (Ikke tilgængelig). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/06/2016 03:20:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (12/06/2016 03:19:46 PM) (Source: DCOM) (EventID: 10010) (User: BAYMAX)
Description: The server microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca did not register with DCOM within the required timeout.
 
Error: (12/06/2016 03:19:46 PM) (Source: DCOM) (EventID: 10010) (User: BAYMAX)
Description: The server Microsoft.XboxApp.AppX079r1k3wxyr7e04r85h2kh1sretge9f7.mca did not register with DCOM within the required timeout.
 
Error: (12/06/2016 03:19:46 PM) (Source: DCOM) (EventID: 10010) (User: BAYMAX)
Description: The server App.AppXmrt6p7ccfr8w2agez7a00x8xa8nqspkp.mca did not register with DCOM within the required timeout.
 
Error: (12/06/2016 03:19:46 PM) (Source: DCOM) (EventID: 10010) (User: BAYMAX)
Description: The server CortanaUI.AppXjytc7c0yvwb8n3cw0r82k4364sd1s7bv.mca did not register with DCOM within the required timeout.
 
Error: (12/06/2016 08:15:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The programspecifikke permission settings do not grant Lokal Aktivering permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOKAL TJENESTE SID (S-1-5-19) from address LocalHost (via LRPC) running in the application container Ikke tilgængelig SID (Ikke tilgængelig). This security permission can be modified using the Component Services administrative tool.
 
Error: (12/06/2016 08:15:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The programspecifikke permission settings do not grant Lokal Aktivering permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOKAL TJENESTE SID (S-1-5-19) from address LocalHost (via LRPC) running in the application container Ikke tilgængelig SID (Ikke tilgængelig). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2016-12-06 15:23:13.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:23:13.646
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:22:19.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:22:19.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:21:51.223
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:21:51.222
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:21:51.220
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:21:26.427
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:21:26.426
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-06 15:21:26.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5820K CPU @ 3.30GHz
Percentage of memory in use: 18%
Total physical RAM: 16285.8 MB
Available physical RAM: 13218.07 MB
Total Virtual: 32669.8 MB
Available Virtual: 29064.7 MB
 
==================== Drives ================================
 
Drive c: (Main) (Fixed) (Total:465.22 GB) (Free:188.24 GB) NTFS
Drive d: (TOY_STORY_3_DISC_1) (CDROM) (Total:41.39 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5A03041C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 07 December 2016 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Windows\Temp\svchost.exe
FF Homepage: Mozilla\Firefox\Profiles\1zbtjjis.default -> hxxps://87.54.22.132/
CHR Extension: (Avira Browser Safety) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-09]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
C:\Windows\Temp\svchost.exe
C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Task: {3E946410-502E-4047-ABA0-F7EBB582C480} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {845AB912-052C-4026-B580-231C0D6D3FFA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {88DDAAB0-CC2C-4D5C-B054-B98AA2F16BD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AD08C68C-51D0-4DBC-858B-922866EAE7F0} - System32\Tasks\Origin => C:\Users\Weinreich\AppData\Roaming\Origin\update.vbe [2016-05-04] () <==== ATTENTION
Task: {DB3D8DD1-3F61-492D-BBD4-0A3E9F18163B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EF8DF48F-D72D-406F-AEA1-707AC7B49451} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.
===

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)

===

How is the computer running now?

#3 weinreich

weinreich
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 08 December 2016 - 03:08 AM

Thank you so much nasdaq. It seems to have fixed the issue. Do you have any idea how I got this problem in the first place?

 

I would like to give a donation. Can I make it to you personally or should I just make one to the site?

 

EDIT: I also updated java... 

 

Here is the fixlog: 

************************************************************************************************************************************

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Weinreich (08-12-2016 08:59:31) Run:1
Running from C:\Users\Weinreich\Desktop
Loaded Profiles: Weinreich (Available Profiles: Weinreich & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
() C:\Windows\Temp\svchost.exe
FF Homepage: Mozilla\Firefox\Profiles\1zbtjjis.default -> hxxps://87.54.22.132/
CHR Extension: (Avira Browser Safety) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-09]
CHR Extension: (Betalinger i Chrome Webshop) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Chrome Media Router) - C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
U3 idsvc; no ImagePath
C:\Windows\Temp\svchost.exe
C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
Task: {3E946410-502E-4047-ABA0-F7EBB582C480} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {845AB912-052C-4026-B580-231C0D6D3FFA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {88DDAAB0-CC2C-4D5C-B054-B98AA2F16BD9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {AD08C68C-51D0-4DBC-858B-922866EAE7F0} - System32\Tasks\Origin => C:\Users\Weinreich\AppData\Roaming\Origin\update.vbe [2016-05-04] () <==== ATTENTION
Task: {DB3D8DD1-3F61-492D-BBD4-0A3E9F18163B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EF8DF48F-D72D-406F-AEA1-707AC7B49451} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
 
reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\Temp\svchost.exe => No running process found
Firefox "homepage" removed successfully
C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully
C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
idsvc => service removed successfully
C:\Windows\Temp\svchost.exe => moved successfully
"C:\Users\Weinreich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E946410-502E-4047-ABA0-F7EBB582C480}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E946410-502E-4047-ABA0-F7EBB582C480}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{845AB912-052C-4026-B580-231C0D6D3FFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{845AB912-052C-4026-B580-231C0D6D3FFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88DDAAB0-CC2C-4D5C-B054-B98AA2F16BD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88DDAAB0-CC2C-4D5C-B054-B98AA2F16BD9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD08C68C-51D0-4DBC-858B-922866EAE7F0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD08C68C-51D0-4DBC-858B-922866EAE7F0}" => key removed successfully
C:\WINDOWS\System32\Tasks\Origin => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB3D8DD1-3F61-492D-BBD4-0A3E9F18163B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB3D8DD1-3F61-492D-BBD4-0A3E9F18163B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF8DF48F-D72D-406F-AEA1-707AC7B49451}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF8DF48F-D72D-406F-AEA1-707AC7B49451}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 103846448 B
Java, Flash, Steam htmlcache => 363907987 B
Windows/system/drivers => 3130512 B
Edge => 8717 B
Chrome => 825685573 B
Firefox => 55920834 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6152 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 609674 B
Weinreich => 106466977 B
DefaultAppPool => 6152 B
 
RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 08:59:42 ====

Edited by weinreich, 08 December 2016 - 03:08 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:51 AM

Posted 08 December 2016 - 10:31 AM


Thank you for the offer. My services are free.

Your support is needed with this lawsuit.
https://www.bleepingcomputer.com/forums/t/604046/we-need-your-help-bleepingcomputer-is-being-sued-by-the-creators-of-spyhunter/?hl=%20spyhunter

Thank you for your support.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#5 weinreich

weinreich
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:51 AM

Posted 09 December 2016 - 10:10 AM

I have donated to the lawsuit as sugested :D

 

Feel free to close the thread and once again thank you for your help






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users