Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sd-steam.info.com pops up opening default browser upon boot.


  • This topic is locked This topic is locked
13 replies to this topic

#1 pederZen

pederZen

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 17 December 2016 - 03:48 PM

Malwarebytes Anti-Malware recognised and deleted a registry value called PUP Optional.Start Page.

I have uninstalled chrome, opera and firefox with Revo Uninstaller, made sure to erase all reg. items and traces of them.

Also set Microsoft Edge to open with google.com.

But the problem persists, sd-steam.info keeps on opening in the browser upon boot.

 

Here comes the txt log:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by pederZen (administrator) on DESKTOP-9IRPQJS (17-12-2016 21:21:00)
Running from C:\Users\pederZen\Desktop
Loaded Profiles: pederZen (Available Profiles: pederZen)
Platform: Windows 10 Home Version 1607 (X64) Language: magyar (Magyarország)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Bitsum Technologies) C:\Program Files\Process Lasso\ProcessGovernor.exe
(Bitsum Technologies) C:\Program Files\Process Lasso\ProcessLasso.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-08-29] (O&O Software GmbH)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25778760 2016-12-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6006560 2016-11-01] (IObit)
HKLM\...\Winlogon: [Userinit]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2016-03-06] (BitTorrent, Inc.)
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Run: [pederZen] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\RunOnce: [Uninstall C:\Users\pederZen\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\pederZen\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-18\...\Run: [] => 0
AppInit_DLLs: C:\ProgramData\Quoteex\Overlight.dll => No File
ShellExecuteHooks:  - {02635D80-A738-11E6-8C1E-64006A5CFC23} -  No File [ ]
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3a1d9f6d-05e4-4667-bb93-df818bd8ad24}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHHuFbOt0i7Nc9WYLVnrjGG8YPcXbTmPcCDuWvjrCKx67lKX070tsV39q5_j8nlBqfill2pI91zzCT3Sh6raiRSAr8G1EobfiM95C4A2ZDt2egnIEB5Pu1SEdKjNiZu3rav035s2aMf6--dLr02sVAyhFqKtx7vaB5YO5K2m-Tyg&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3797189423-156461087-3773699883-1001 -> {ielnksrch} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2015-07-09] (IObit)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-17]
FireFox:
========
FF DefaultProfile: tp76478t.default
FF ProfilePath: C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\naweriweentcofise\Profiles\tp76478t.default\Profiles\tp76478t.default [not found]
FF ProfilePath: C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 [2016-12-17]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 -> Google
FF Session Restore: Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 -> is enabled.
FF Extension: (uBlock Origin) - C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781\Extensions\uBlock0@raymondhill.net.xpi [2016-12-14]
FF Extension: (Video DownloadHelper) - C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-17] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-17] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-12-17] <==== ATTENTION
CHR Extension: (Google Diák) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28]
CHR Extension: (Google Dokumentumok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-29]
CHR Extension: (Google Drive) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-29]
CHR Extension: (YouTube) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-29]
CHR Extension: (Google Táblázatok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28]
CHR Extension: (Google Dokumentumok Offline) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-29]
CHR Extension: (AdBlock) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-17]
CHR Extension: (Disconnect) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-11-29]
CHR Extension: (Chrome Internetes áruház Fizetési rendszere) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-28]
CHR Extension: (Gmail) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default [2016-12-14]
CHR Extension: (Google Dokumentumok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11]
CHR Extension: (Google Drive) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11]
CHR Extension: (YouTube) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11]
CHR Extension: (Google-keresés) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11]
CHR Extension: (No Name) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2016-11-28]
CHR Extension: (Google Táblázatok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11]
CHR Extension: (Google Dokumentumok Offline) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-27]
CHR Extension: (Disconnect) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-02-13]
CHR Extension: (Chrome Internetes áruház Fizetési rendszere) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11]
CHR Extension: (Chrome Media Router) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-22] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-05] (Dropbox, Inc.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1600800 2016-10-21] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-07] (Malwarebytes Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [741056 2015-11-30] (@ByELDI) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmdag.sys [26559504 2016-10-01] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmpag.sys [527264 2016-10-01] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [155912 2016-03-31] (BitDefender LLC)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-04-01] (IObit)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-07-27] (IObit.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\TRUFOS.sys [452040 2016-03-31] (BitDefender S.R.L.)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-10-16] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-17 21:21 - 2016-12-17 21:21 - 00020936 _____ C:\Users\pederZen\Desktop\FRST.txt
2016-12-17 21:20 - 2016-12-17 21:20 - 00000000 ____D C:\Users\pederZen\Desktop\FRST-OlderVersion
2016-12-17 19:40 - 2016-12-17 19:40 - 00001601 _____ C:\Users\pederZen\Desktop\Microsoft Edge.lnk
2016-12-16 11:59 - 2016-12-16 11:59 - 00003452 _____ C:\WINDOWS\System32\Tasks\SpyHunter3
2016-12-16 11:58 - 2016-12-17 10:37 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-12-16 11:45 - 2016-12-16 11:45 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-16 11:45 - 2016-12-16 11:45 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-16 11:45 - 2016-12-16 11:45 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\TeamViewer
2016-12-16 11:45 - 2016-12-16 11:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-16 09:56 - 2016-12-16 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-15 13:34 - 2016-12-15 13:34 - 00001268 _____ C:\Users\pederZen\Desktop\Olive.Kitteridge.Complete.MiniSereis.720p.HDTV.2CH.x265.HEVC-PSA parancsikonja.lnk
2016-12-15 12:21 - 2016-12-17 19:18 - 00189924 _____ C:\WINDOWS\ntbtlog.txt
2016-12-14 17:17 - 2016-12-14 17:17 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-12-14 17:16 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 17:16 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 17:16 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 17:16 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 17:16 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:16 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 17:16 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 17:16 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 17:16 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:16 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 17:16 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 17:16 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 17:16 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 17:16 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 17:16 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 17:16 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 17:16 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 17:16 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 17:15 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 17:15 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 17:15 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 17:15 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 17:15 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 17:15 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 17:15 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 17:15 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 17:15 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 17:15 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 17:15 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 17:15 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 17:15 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 17:15 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 17:15 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 17:15 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 17:15 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 17:15 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 17:15 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 17:15 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 17:15 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 17:15 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 17:15 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 17:15 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 17:15 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 17:15 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 17:15 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:15 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 17:15 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 17:15 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 17:15 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 17:15 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 17:15 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 17:15 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 17:15 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 17:15 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 17:15 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 17:15 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 17:15 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 17:15 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 17:15 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:15 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 17:15 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 17:15 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 17:15 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 17:15 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 17:15 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 17:15 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 17:15 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 17:15 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 17:15 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 17:15 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 17:15 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 17:15 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 17:15 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 17:15 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 17:15 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 17:15 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 17:15 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 17:15 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 17:15 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 17:15 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 17:15 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 17:15 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 17:15 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 17:15 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 17:15 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 17:15 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 17:15 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 17:15 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 17:15 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 17:15 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 17:15 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-12 09:20 - 2016-12-12 09:20 - 00448597 _____ C:\Users\pederZen\Downloads\c227cb7d-ac98-4776-a557-b4f46519b80c.pdf
2016-12-10 17:43 - 2016-12-10 17:43 - 00000000 ____D C:\ProgramData\Orbit
2016-12-10 16:05 - 2016-12-10 16:05 - 00001375 _____ C:\Users\pederZen\Desktop\Watch Dogs.lnk
2016-12-10 16:05 - 2016-12-10 16:05 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Watch Dogs
2016-12-10 16:05 - 2016-12-10 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-12-10 15:44 - 2016-12-10 15:44 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-12-10 15:22 - 2016-12-10 15:22 - 00017648 _____ C:\Users\pederZen\Downloads\the.night.of.s01.e07.ordinary.death.(2016).hun.1cd.(6786329).zip
2016-12-10 10:50 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 10:50 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 10:50 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 10:50 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 10:50 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 10:50 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 10:50 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 10:50 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 10:49 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 10:49 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 10:49 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 10:49 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 10:49 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 10:49 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 10:49 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 10:49 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 10:49 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 10:49 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 10:49 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 10:49 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 10:49 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 10:49 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 10:49 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 10:49 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 10:49 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 10:49 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 10:49 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 10:49 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 10:49 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 10:49 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 10:49 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 10:49 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 10:49 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 10:49 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 10:49 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 10:49 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 10:49 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 10:49 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 10:49 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 10:49 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 10:49 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 10:49 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 10:49 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 10:49 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 10:49 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 10:49 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 10:49 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 10:49 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 10:49 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 10:49 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 10:49 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 10:49 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 10:49 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 10:49 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 10:49 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 10:49 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 10:49 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 10:49 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 10:49 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 10:49 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 10:49 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 10:49 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 10:49 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 10:49 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 10:49 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 10:49 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 10:49 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 10:49 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 10:49 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 10:49 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 10:49 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 10:49 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 10:49 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 10:49 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 10:49 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 10:49 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 10:49 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 10:49 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 10:49 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 10:49 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 10:49 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 10:49 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 10:49 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 10:49 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 10:49 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 10:49 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 10:49 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 10:49 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 10:49 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 10:49 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 10:49 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 10:49 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 10:49 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 10:49 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 10:49 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 10:49 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 10:49 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 10:49 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 10:49 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 10:49 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 10:49 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 10:49 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 10:49 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 10:49 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-08 18:11 - 2016-12-13 12:19 - 00000000 ____D C:\FRST
2016-12-08 18:09 - 2016-12-17 21:20 - 02420224 _____ (Farbar) C:\Users\pederZen\Desktop\FRST64.exe
2016-12-08 17:09 - 2016-12-08 17:09 - 00243736 _____ C:\Users\pederZen\Downloads\Firefox Setup Stub 50.0.2.exe
2016-12-06 19:42 - 2016-12-14 17:00 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-04 10:38 - 2016-12-04 10:38 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Apple Computer
2016-12-04 10:38 - 2016-12-04 10:38 - 00000000 ____D C:\ProgramData\BDLogging
2016-12-04 10:38 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-12-04 10:38 - 2016-03-31 17:54 - 00155912 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-12-03 18:34 - 2016-12-03 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-03 17:03 - 2016-12-03 18:34 - 00000000 ____D C:\Users\pederZen\Documents\The Witcher 3
2016-12-03 16:41 - 2016-12-03 18:34 - 00000000 ____D C:\GOG Games
2016-12-03 15:18 - 2016-12-03 15:18 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\ProductData
2016-12-03 15:17 - 2016-12-10 22:26 - 00000000 ____D C:\ProgramData\ProductData
2016-12-03 13:23 - 2016-12-03 13:25 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-03 13:23 - 2016-12-03 13:23 - 00002008 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-12-03 13:22 - 2016-12-03 15:16 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-03 13:20 - 2016-12-03 13:20 - 00000000 ____D C:\AdwCleaner
2016-12-03 13:04 - 2016-12-04 10:39 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-03 13:04 - 2016-12-04 10:38 - 00000000 ____D C:\Users\pederZen\AppData\LocalLow\IObit
2016-12-03 13:04 - 2016-12-03 13:04 - 00001246 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2016-12-03 13:04 - 2016-12-03 13:04 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\IObit
2016-12-03 13:04 - 2016-12-03 13:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2016-12-03 13:02 - 2016-12-04 10:37 - 00000000 ____D C:\ProgramData\IObit
2016-12-03 13:02 - 2016-12-03 13:02 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-11-30 20:03 - 2016-11-30 20:03 - 00000000 ____D C:\Users\pederZen\Documents\Square Enix
2016-11-30 19:55 - 2016-12-14 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2016-11-29 11:43 - 2016-11-29 11:43 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2016-11-28 15:52 - 2016-12-15 09:43 - 00000270 __RSH C:\Users\pederZen\ntuser.pol
2016-11-28 15:34 - 2016-11-28 15:34 - 00006142 _____ C:\WINDOWS\System32\Tasks\Uzesyghojet Debuger
2016-11-28 15:34 - 2016-11-28 15:34 - 00003672 _____ C:\WINDOWS\System32\Tasks\c73855ccafac44346a6933b5baa6c354
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\Avira
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\Avg
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-28 15:33 - 2016-12-15 09:43 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-11-28 15:33 - 2016-11-28 15:34 - 00000000 ____D C:\Users\pederZen\AppData\Local\Kiresykafesh
2016-11-28 15:29 - 2016-11-28 15:49 - 00000000 ____D C:\Users\pederZen\AppData\Local\app
2016-11-28 15:28 - 2016-11-28 15:29 - 00000000 ____D C:\ProgramData\Quoteexs
2016-11-28 15:28 - 2016-11-28 15:28 - 00003708 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guardian
2016-11-28 15:28 - 2016-11-28 15:28 - 00003702 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange Guard
2016-11-28 15:28 - 2016-11-28 15:28 - 00003690 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange
2016-11-18 09:24 - 2016-12-17 17:12 - 00000000 ____D C:\Users\pederZen\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-17 21:21 - 2016-09-01 17:27 - 00031785 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-12-17 21:21 - 2016-03-06 18:51 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\uTorrent
2016-12-17 21:01 - 2016-07-16 23:35 - 01323992 _____ C:\WINDOWS\system32\perfh00E.dat
2016-12-17 21:01 - 2016-07-16 23:35 - 00369330 _____ C:\WINDOWS\system32\perfc00E.dat
2016-12-17 21:01 - 2016-02-11 19:04 - 03170012 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-17 20:58 - 2016-02-22 11:17 - 00000000 ___RD C:\Users\pederZen\Dropbox
2016-12-17 20:57 - 2016-09-29 15:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-17 20:56 - 2016-09-29 15:09 - 00000000 ____D C:\Users\pederZen
2016-12-17 20:56 - 2016-09-29 15:08 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-17 20:56 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-17 19:19 - 2016-09-01 17:52 - 00000000 ____D C:\WINDOWS\pss
2016-12-17 19:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-17 19:12 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-17 19:12 - 2016-02-11 18:59 - 00000000 ____D C:\Users\pederZen\AppData\Local\Packages
2016-12-17 17:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-17 17:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-17 17:23 - 2016-03-10 21:58 - 00000000 ____D C:\Users\pederZen\AppData\Local\Adobe
2016-12-17 17:14 - 2016-02-11 21:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-17 14:35 - 2016-09-29 15:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-17 12:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 10:24 - 2016-09-29 15:14 - 00003546 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 10:24 - 2016-09-29 15:14 - 00003422 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 14:47 - 2016-09-29 15:07 - 00269488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 13:23 - 2016-02-14 09:22 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\vlc
2016-12-16 12:06 - 2016-02-11 20:33 - 00000000 ____D C:\Program Files (x86)\Windows Doctor
2016-12-16 10:28 - 2016-02-11 21:23 - 00002262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-16 09:56 - 2016-02-22 11:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-15 19:39 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-14 18:19 - 2016-10-22 21:58 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-14 18:18 - 2016-08-11 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2016-12-14 18:18 - 2016-08-02 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2016-12-14 18:18 - 2016-02-11 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-12-14 17:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 17:23 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 17:20 - 2016-10-13 19:02 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2016-12-14 17:20 - 2016-02-11 21:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 17:18 - 2016-02-11 21:09 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 08:56 - 2016-02-11 18:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 17:43 - 2016-06-18 21:52 - 00000000 ____D C:\Users\pederZen\Documents\My Games
2016-12-10 10:37 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 15:52 - 2015-10-30 09:13 - 00389408 __RSH C:\bootmgr
2016-12-03 16:54 - 2016-09-29 15:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-03 15:16 - 2016-09-01 17:18 - 00041062 _____ C:\WINDOWS\system32\.crusader
2016-12-03 13:12 - 2016-10-16 10:13 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-03 13:12 - 2016-09-01 17:27 - 00014229 _____ C:\WINDOWS\ZAM.krnl.trace
2016-12-03 12:55 - 2016-09-01 17:48 - 00000000 ____D C:\ProgramData\TEMP
2016-12-03 09:28 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-30 20:18 - 2016-09-02 10:55 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Nox
2016-11-30 20:18 - 2016-09-02 10:55 - 00000000 ____D C:\Users\pederZen\AppData\Local\Nox
2016-11-30 20:18 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-30 20:17 - 2016-08-11 22:47 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Leapdroid
2016-11-30 20:17 - 2016-08-11 22:47 - 00000000 ____D C:\Program Files\Leapdroid
2016-11-30 20:17 - 2016-08-11 20:30 - 00000000 ____D C:\Users\pederZen\AppData\Local\Bluestacks
2016-11-30 08:37 - 2016-08-11 20:48 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Andy
2016-11-29 18:52 - 2016-02-22 11:14 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-29 18:52 - 2016-02-22 11:14 - 00000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-29 13:01 - 2016-09-29 15:14 - 00004004 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 13:01 - 2016-09-29 15:14 - 00003772 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-28 16:09 - 2016-02-11 20:06 - 00000000 ____D C:\Program Files\KMSpico
2016-11-28 16:08 - 2016-02-11 19:31 - 00000000 ____D C:\Program Files\Process Lasso
2016-11-28 15:55 - 2016-09-29 15:14 - 00003662 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-11-28 15:34 - 2016-09-29 15:08 - 00000000 ____D C:\Program Files (x86)\AMD
2016-11-28 15:34 - 2016-09-18 14:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-11-28 15:34 - 2016-09-01 17:47 - 00000000 ____D C:\Program Files (x86)\CleanMyPC
2016-11-28 15:34 - 2016-08-11 20:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-28 15:34 - 2016-07-21 10:36 - 00000000 ____D C:\Program Files (x86)\The Bureau
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-28 15:34 - 2016-07-06 11:52 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-11-28 15:34 - 2016-07-06 11:52 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-11-28 15:34 - 2016-04-04 17:47 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-28 15:34 - 2016-03-22 18:48 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2016-11-28 15:34 - 2016-03-06 18:51 - 00000000 ____D C:\Program Files (x86)\uTorrent
2016-11-28 15:34 - 2016-02-11 21:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-28 15:34 - 2016-02-11 19:40 - 00000000 ____D C:\Program Files (x86)\TeraCopy
2016-11-28 15:34 - 2016-02-11 19:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-28 15:34 - 2016-02-11 19:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-28 15:34 - 2016-02-11 19:26 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2016-11-28 15:34 - 2016-02-11 19:26 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-11-28 15:34 - 2016-02-11 19:21 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-11-28 15:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
==================== Files in the root of some directories =======
2016-10-29 11:47 - 2016-10-29 15:46 - 0000000 ____H () C:\Users\pederZen\AppData\Local\BIT7125.tmp
2016-08-21 09:59 - 2016-08-21 09:59 - 0003584 _____ () C:\Users\pederZen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-06 19:35 - 2016-10-06 19:35 - 0000017 _____ () C:\Users\pederZen\AppData\Local\resmon.resmoncfg
2016-10-29 11:46 - 2016-10-29 11:46 - 0000000 _____ () C:\Users\pederZen\AppData\Local\{9234B288-6D5E-4F84-85C9-6E8F94F44463}
2016-07-01 09:50 - 2016-07-01 09:50 - 0000000 _____ () C:\Users\pederZen\AppData\Local\{D59D7F9A-9642-429D-8C8D-0A4AFD6623BA}
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-10 14:48
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,847 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:35 PM

Posted 17 December 2016 - 05:16 PM

Hello pederZen and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

There is evidence of malware on your computer but, before we can help you, you have to remove the illegal software on your system, (which is probably how your computer became infected). Besides being illegal, cracks/keygens are the most certain means of infecting your system, as ALL illegal software contains some form of malicious code.

This forum, as well as all the other well-respected malware removal forums, does not condone the use of illegal software. If you disregard this warning and become re-infected, we may not assist you the next time.

Please uninstall all the illegal software that you have downloaded and installed. When you have done this, run the following program and post the log.

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Satchfan

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 pederZen

pederZen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 18 December 2016 - 05:53 AM

Hi Satchfan,

 

your help is greatly appreciated!

I went thru my progrgams and removed all illegal stuff.

(I like to try them before buying but, nevertheless they were there and i know that is illegal.)

I hope nothing remains.

 

So here comes the Scanner's log:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.RULBF0
 ----- EOF -----



#4 satchfan

satchfan

  • Malware Response Team
  • 2,847 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:35 PM

Posted 18 December 2016 - 06:38 AM

Uninstall programs

iObit

IObit programs are not recommended by myself and many other helpers on this and other well-respected forums. IObit had stolen material from other computer security companies to use in their own programs and are known to cause system problems that tend to go away after uninstalling their software

See:

http://forums.malwarebytes.org/index.php?showtopic=29681
http://forums.malwarebytes.org/index.php?showtopic=30989
http://forums.malwarebytes.org/index.php?showtopic=33217


Windows Doctor

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

I recommend that you uninstall all of the following programs:

Windows Doctor (any version)
IObit Uninstaller
Surfing Protection


If you have chosen to do as I suggest, you should run BitRemover which was designed specifically to remove every trace of the entries of IObit files left behind after uninstalling it. Download BitRemover from here, save the program to your Desktop and double-click on the program to run it.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

AdwCleaner log
JRT.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 pederZen

pederZen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 18 December 2016 - 07:23 AM

OK i removed windows doctor and iobit items, did the scans.

(sd-steam still came up after reboot.)

 

Here come the logs:

 

 

# AdwCleaner v6.041 - *Logfile created 18/12/2016 *at 13:11:20
# *Updated on 16/12/2016 by Malwarebytes
# *Database : 2016-12-18.1 [*Server]
# *Operating System : Windows 10 Home  (X64)
# *Username : pederZen - DESKTOP-9IRPQJS
# *Running from : C:\Users\pederZen\Desktop\adwcleaner_6.041.exe
# *Mode: Clean
# *Support : https://www.malwarebytes.com/support
 
***** [ *Services ] *****
 
***** [ *Folders ] *****
[-] *Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Doctor
[-] *Folder deleted: C:\Program Files (x86)\Windows Doctor
[-] *Folder deleted: C:\Program Files (x86)\Enigma Software Group

***** [ *Files ] *****
[-] *File deleted: C:\Users\pederZen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Doctor.lnk
[-] *File deleted: C:\Users\pederZen\Desktop\Windows Doctor.lnk

***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ *Shortcuts ] *****
 
***** [ *Scheduled Tasks ] *****
 
***** [ *Registry ] *****
[-] *Key deleted: HKU\S-1-5-21-3797189423-156461087-3773699883-1001\Software\Conduit
[#] *Key deleted on reboot: HKCU\Software\Conduit
[#] *Key deleted on reboot: [x64] HKCU\Software\Conduit

***** [ *Browsers ] *****
 
*************************
:: *"Tracing" keys deleted
:: *Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [3345 *Bytes] - [17/12/2016 22:17:18]
C:\AdwCleaner\AdwCleaner[C2].txt - [1438 *Bytes] - [18/12/2016 13:11:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [3194 *Bytes] - [17/12/2016 22:14:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [1757 *Bytes] - [18/12/2016 13:10:51]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1660 *Bytes] ##########

 

 

---

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by pederZen (Administrator) on 2016. 12. 18. at 13:14:18,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 3
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\pederZen\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\c73855ccafac44346a6933b5baa6c354 (Task)
 
Registry: 0
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2016. 12. 18. at 13:16:10,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

---

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by pederZen (administrator) on DESKTOP-9IRPQJS (18-12-2016 13:18:42)
Running from C:\Users\pederZen\Desktop
Loaded Profiles: pederZen (Available Profiles: pederZen)
Platform: Windows 10 Home Version 1607 (X64) Language: magyar (Magyarország)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-08-29] (O&O Software GmbH)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Ransomware] => C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe [722896 2016-08-26] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25778760 2016-12-12] (Dropbox, Inc.)
HKLM\...\Winlogon: [Userinit]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2016-03-06] (BitTorrent, Inc.)
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Run: [pederZen] => explorer.exe hxxp://sd-steam.info <===== ATTENTION
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\RunOnce: [Uninstall C:\Users\pederZen\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\pederZen\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-18\...\Run: [] => 0
ShellExecuteHooks:  - {02635D80-A738-11E6-8C1E-64006A5CFC23} -  No File [ ]
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
GroupPolicy: Restriction - Chrome <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3a1d9f6d-05e4-4667-bb93-df818bd8ad24}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-17]
FireFox:
========
FF ProfilePath: C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 [2016-12-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 -> Google
FF Session Restore: Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 -> is enabled.
FF Extension: (uBlock Origin) - C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781\Extensions\uBlock0@raymondhill.net.xpi [2016-12-14]
FF Extension: (Video DownloadHelper) - C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-17] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-17] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Session Restore: ChromeDefaultData -> is enabled.
CHR Profile: C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-12-17] <==== ATTENTION
CHR Extension: (Google Diák) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28]
CHR Extension: (Google Dokumentumok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-29]
CHR Extension: (Google Drive) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-29]
CHR Extension: (YouTube) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-29]
CHR Extension: (Google Táblázatok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28]
CHR Extension: (Google Dokumentumok Offline) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-29]
CHR Extension: (AdBlock) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-17]
CHR Extension: (Disconnect) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-11-29]
CHR Extension: (Chrome Internetes áruház Fizetési rendszere) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-28]
CHR Extension: (Gmail) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default [2016-12-14]
CHR Extension: (Google Dokumentumok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11]
CHR Extension: (Google Drive) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11]
CHR Extension: (YouTube) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11]
CHR Extension: (Google-keresés) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11]
CHR Extension: (No Name) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2016-11-28]
CHR Extension: (Google Táblázatok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11]
CHR Extension: (Google Dokumentumok Offline) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-27]
CHR Extension: (Disconnect) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-02-13]
CHR Extension: (Chrome Internetes áruház Fizetési rendszere) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11]
CHR Extension: (Chrome Media Router) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-22] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-05] (Dropbox, Inc.)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe [3291088 2016-08-26] (Malwarebytes)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmdag.sys [26559504 2016-10-01] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmpag.sys [527264 2016-10-01] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R0 MB3SwissArmy; C:\WINDOWS\System32\drivers\MB3SwissArmy.sys [228800 2016-12-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110528 2016-12-18] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-10-16] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-18 13:16 - 2016-12-18 13:16 - 00000784 _____ C:\Users\pederZen\Desktop\JRT.txt
2016-12-18 13:14 - 2016-12-18 13:14 - 01663040 _____ (Malwarebytes) C:\Users\pederZen\Desktop\JRT.exe
2016-12-18 13:09 - 2016-12-18 13:09 - 03977168 _____ C:\Users\pederZen\Desktop\adwcleaner_6.041.exe
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\Program Files\MSBuild
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-12-18 13:06 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-12-18 13:06 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-12-18 13:06 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-12-18 13:06 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-12-18 13:06 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-12-18 13:06 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-12-18 13:05 - 2016-12-18 13:05 - 00110080 _____ (Thomas Hoen - T-Tools) C:\Users\pederZen\Desktop\BitRemover.exe
2016-12-18 11:50 - 2016-12-18 11:50 - 00000127 _____ C:\Users\pederZen\Desktop\ckfiles.txt
2016-12-18 11:48 - 2016-12-18 11:48 - 00468480 _____ () C:\Users\pederZen\Desktop\CKScanner.exe
2016-12-18 08:24 - 2016-12-18 08:25 - 00028595 _____ C:\Users\pederZen\Desktop\the.good.wife.s01.e01.pilot.(2009).hun.1cd.(4877770).zip
2016-12-17 22:13 - 2016-12-18 13:12 - 00110528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-17 22:13 - 2016-12-17 22:22 - 00000000 ____D C:\Users\pederZen\Desktop\mbar
2016-12-17 22:12 - 2016-12-18 13:12 - 00228800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MB3SwissArmy.sys
2016-12-17 22:12 - 2016-12-17 22:13 - 00000000 ____D C:\ProgramData\MalwarebytesARW
2016-12-17 22:12 - 2016-12-17 22:12 - 00001946 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-12-17 22:12 - 2016-12-17 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-17 22:12 - 2016-12-17 22:12 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-17 22:11 - 2016-12-17 22:11 - 00000000 ____D C:\Users\pederZen\AppData\Local\AntiLogger Free
2016-12-17 22:11 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2016-12-17 21:21 - 2016-12-18 13:19 - 00019168 _____ C:\Users\pederZen\Desktop\FRST.txt
2016-12-17 21:21 - 2016-12-17 21:22 - 00051538 _____ C:\Users\pederZen\Desktop\Addition.txt
2016-12-16 11:45 - 2016-12-16 11:45 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-16 11:45 - 2016-12-16 11:45 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-16 11:45 - 2016-12-16 11:45 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\TeamViewer
2016-12-16 11:45 - 2016-12-16 11:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-16 09:56 - 2016-12-16 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-15 13:34 - 2016-12-15 13:34 - 00001268 _____ C:\Users\pederZen\Desktop\Olive.Kitteridge.Complete.MiniSereis.720p.HDTV.2CH.x265.HEVC-PSA parancsikonja.lnk
2016-12-15 12:21 - 2016-12-17 19:18 - 00189924 _____ C:\WINDOWS\ntbtlog.txt
2016-12-14 17:17 - 2016-12-14 17:17 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-12-14 17:16 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 17:16 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 17:16 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 17:16 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 17:16 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:16 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 17:16 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 17:16 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 17:16 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:16 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 17:16 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 17:16 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 17:16 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 17:16 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 17:16 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 17:16 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 17:16 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 17:16 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 17:15 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 17:15 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 17:15 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 17:15 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 17:15 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 17:15 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 17:15 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 17:15 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 17:15 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 17:15 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 17:15 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 17:15 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 17:15 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 17:15 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 17:15 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 17:15 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 17:15 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 17:15 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 17:15 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 17:15 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 17:15 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 17:15 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 17:15 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 17:15 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 17:15 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 17:15 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 17:15 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:15 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 17:15 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 17:15 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 17:15 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 17:15 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 17:15 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 17:15 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 17:15 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 17:15 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 17:15 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 17:15 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 17:15 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 17:15 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 17:15 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:15 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 17:15 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 17:15 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 17:15 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 17:15 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 17:15 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 17:15 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 17:15 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 17:15 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 17:15 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 17:15 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 17:15 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 17:15 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 17:15 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 17:15 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 17:15 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 17:15 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 17:15 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 17:15 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 17:15 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 17:15 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 17:15 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 17:15 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 17:15 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 17:15 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 17:15 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 17:15 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 17:15 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 17:15 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 17:15 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 17:15 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 17:15 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-12 09:20 - 2016-12-12 09:20 - 00448597 _____ C:\Users\pederZen\Downloads\c227cb7d-ac98-4776-a557-b4f46519b80c.pdf
2016-12-10 17:43 - 2016-12-18 11:45 - 00000000 ____D C:\ProgramData\Orbit
2016-12-10 15:44 - 2016-12-18 11:45 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-12-10 15:22 - 2016-12-10 15:22 - 00017648 _____ C:\Users\pederZen\Downloads\the.night.of.s01.e07.ordinary.death.(2016).hun.1cd.(6786329).zip
2016-12-10 10:50 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 10:50 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 10:50 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 10:50 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 10:50 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 10:50 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 10:50 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 10:50 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 10:49 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 10:49 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 10:49 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 10:49 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 10:49 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 10:49 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 10:49 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 10:49 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 10:49 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 10:49 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 10:49 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 10:49 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 10:49 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 10:49 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 10:49 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 10:49 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 10:49 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 10:49 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 10:49 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 10:49 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 10:49 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 10:49 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 10:49 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 10:49 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 10:49 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 10:49 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 10:49 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 10:49 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 10:49 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 10:49 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 10:49 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 10:49 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 10:49 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 10:49 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 10:49 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 10:49 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 10:49 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 10:49 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 10:49 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 10:49 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 10:49 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 10:49 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 10:49 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 10:49 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 10:49 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 10:49 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 10:49 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 10:49 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 10:49 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 10:49 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 10:49 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 10:49 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 10:49 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 10:49 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 10:49 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 10:49 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 10:49 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 10:49 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 10:49 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 10:49 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 10:49 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 10:49 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 10:49 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 10:49 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 10:49 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 10:49 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 10:49 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 10:49 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 10:49 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 10:49 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 10:49 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 10:49 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 10:49 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 10:49 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 10:49 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 10:49 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 10:49 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 10:49 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 10:49 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 10:49 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 10:49 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 10:49 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 10:49 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 10:49 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 10:49 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 10:49 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 10:49 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 10:49 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 10:49 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 10:49 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 10:49 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 10:49 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 10:49 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 10:49 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 10:49 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 10:49 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-08 18:11 - 2016-12-18 13:18 - 00000000 ____D C:\FRST
2016-12-08 18:09 - 2016-12-17 21:20 - 02420224 _____ (Farbar) C:\Users\pederZen\Desktop\FRST64.exe
2016-12-08 17:09 - 2016-12-08 17:09 - 00243736 _____ C:\Users\pederZen\Downloads\Firefox Setup Stub 50.0.2.exe
2016-12-06 19:42 - 2016-12-14 17:00 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-04 10:38 - 2016-12-04 10:38 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Apple Computer
2016-12-04 10:38 - 2016-12-04 10:38 - 00000000 ____D C:\ProgramData\BDLogging
2016-12-04 10:38 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-12-04 10:38 - 2016-03-31 17:54 - 00155912 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-12-03 18:34 - 2016-12-03 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-03 17:03 - 2016-12-03 18:34 - 00000000 ____D C:\Users\pederZen\Documents\The Witcher 3
2016-12-03 16:41 - 2016-12-03 18:34 - 00000000 ____D C:\GOG Games
2016-12-03 13:23 - 2016-12-18 11:45 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-03 13:22 - 2016-12-03 15:16 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-03 13:20 - 2016-12-18 13:11 - 00000000 ____D C:\AdwCleaner
2016-12-03 13:04 - 2016-12-18 13:12 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-03 13:04 - 2016-12-18 13:08 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\IObit
2016-12-03 13:04 - 2016-12-04 10:38 - 00000000 ____D C:\Users\pederZen\AppData\LocalLow\IObit
2016-12-03 13:02 - 2016-12-18 13:08 - 00000000 ____D C:\ProgramData\IObit
2016-12-03 13:02 - 2016-12-03 13:02 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-11-30 20:03 - 2016-11-30 20:03 - 00000000 ____D C:\Users\pederZen\Documents\Square Enix
2016-11-30 19:55 - 2016-12-14 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2016-11-29 11:43 - 2016-11-29 11:43 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2016-11-28 15:52 - 2016-12-15 09:43 - 00000270 __RSH C:\Users\pederZen\ntuser.pol
2016-11-28 15:34 - 2016-11-28 15:34 - 00006142 _____ C:\WINDOWS\System32\Tasks\Uzesyghojet Debuger
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\Avira
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\Avg
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-28 15:33 - 2016-12-15 09:43 - 00000270 __RSH C:\ProgramData\ntuser.pol
2016-11-18 09:24 - 2016-12-17 17:12 - 00000000 ____D C:\Users\pederZen\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-18 13:18 - 2016-09-01 17:27 - 00369340 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-12-18 13:17 - 2016-07-16 23:35 - 01413468 _____ C:\WINDOWS\system32\perfh00E.dat
2016-12-18 13:17 - 2016-07-16 23:35 - 00394100 _____ C:\WINDOWS\system32\perfc00E.dat
2016-12-18 13:17 - 2016-02-11 19:04 - 03366054 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-18 13:16 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-18 13:14 - 2016-03-06 18:51 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\uTorrent
2016-12-18 13:13 - 2016-02-22 11:17 - 00000000 ___RD C:\Users\pederZen\Dropbox
2016-12-18 13:12 - 2016-09-29 15:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-18 13:11 - 2016-09-29 15:08 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-18 13:11 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-18 13:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-12-18 13:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-12-18 13:07 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-18 12:24 - 2016-09-29 15:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-18 11:47 - 2016-02-11 20:06 - 00000000 ____D C:\Program Files\KMSpico
2016-12-18 11:45 - 2016-06-18 21:52 - 00000000 ____D C:\Users\pederZen\Documents\My Games
2016-12-18 11:44 - 2016-07-21 10:36 - 00000000 ____D C:\Program Files (x86)\The Bureau
2016-12-18 11:43 - 2016-03-22 18:48 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2016-12-18 11:43 - 2016-02-11 19:21 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\BSplayer PRO
2016-12-18 11:43 - 2016-02-11 19:21 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-12-18 11:42 - 2016-02-11 19:31 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\ProcessLasso
2016-12-17 20:56 - 2016-09-29 15:09 - 00000000 ____D C:\Users\pederZen
2016-12-17 19:19 - 2016-09-01 17:52 - 00000000 ____D C:\WINDOWS\pss
2016-12-17 19:15 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-17 19:12 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-17 19:12 - 2016-02-11 18:59 - 00000000 ____D C:\Users\pederZen\AppData\Local\Packages
2016-12-17 17:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-17 17:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-17 17:23 - 2016-03-10 21:58 - 00000000 ____D C:\Users\pederZen\AppData\Local\Adobe
2016-12-17 17:14 - 2016-02-11 21:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-17 12:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 10:24 - 2016-09-29 15:14 - 00003546 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 10:24 - 2016-09-29 15:14 - 00003422 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 14:47 - 2016-09-29 15:07 - 00269488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 13:23 - 2016-02-14 09:22 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\vlc
2016-12-16 10:28 - 2016-02-11 21:23 - 00002262 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-16 09:56 - 2016-02-22 11:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-14 18:19 - 2016-10-22 21:58 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-14 18:18 - 2016-08-11 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2016-12-14 18:18 - 2016-08-02 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2016-12-14 17:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 17:20 - 2016-10-13 19:02 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2016-12-14 17:20 - 2016-02-11 21:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 17:18 - 2016-02-11 21:09 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 08:56 - 2016-02-11 18:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 10:37 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 15:52 - 2015-10-30 09:13 - 00389408 __RSH C:\bootmgr
2016-12-03 16:54 - 2016-09-29 15:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-03 15:16 - 2016-09-01 17:18 - 00041062 _____ C:\WINDOWS\system32\.crusader
2016-12-03 13:12 - 2016-10-16 10:13 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-03 13:12 - 2016-09-01 17:27 - 00014229 _____ C:\WINDOWS\ZAM.krnl.trace
2016-12-03 12:55 - 2016-09-01 17:48 - 00000000 ____D C:\ProgramData\TEMP
2016-12-03 09:28 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-30 20:18 - 2016-09-02 10:55 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Nox
2016-11-30 20:18 - 2016-09-02 10:55 - 00000000 ____D C:\Users\pederZen\AppData\Local\Nox
2016-11-30 20:18 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-30 20:17 - 2016-08-11 22:47 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Leapdroid
2016-11-30 20:17 - 2016-08-11 22:47 - 00000000 ____D C:\Program Files\Leapdroid
2016-11-30 20:17 - 2016-08-11 20:30 - 00000000 ____D C:\Users\pederZen\AppData\Local\Bluestacks
2016-11-30 08:37 - 2016-08-11 20:48 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Andy
2016-11-29 18:52 - 2016-02-22 11:14 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-29 18:52 - 2016-02-22 11:14 - 00000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-29 13:01 - 2016-09-29 15:14 - 00004004 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 13:01 - 2016-09-29 15:14 - 00003772 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-28 15:55 - 2016-09-29 15:14 - 00003662 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-11-28 15:34 - 2016-09-29 15:08 - 00000000 ____D C:\Program Files (x86)\AMD
2016-11-28 15:34 - 2016-09-01 17:47 - 00000000 ____D C:\Program Files (x86)\CleanMyPC
2016-11-28 15:34 - 2016-08-11 20:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-28 15:34 - 2016-07-06 11:52 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-11-28 15:34 - 2016-07-06 11:52 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-11-28 15:34 - 2016-04-04 17:47 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-28 15:34 - 2016-03-06 18:51 - 00000000 ____D C:\Program Files (x86)\uTorrent
2016-11-28 15:34 - 2016-02-11 21:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-28 15:34 - 2016-02-11 19:40 - 00000000 ____D C:\Program Files (x86)\TeraCopy
2016-11-28 15:34 - 2016-02-11 19:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-28 15:34 - 2016-02-11 19:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-28 15:34 - 2016-02-11 19:26 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2016-11-28 15:34 - 2016-02-11 19:26 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-11-28 15:33 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
==================== Files in the root of some directories =======
2016-10-29 11:47 - 2016-10-29 15:46 - 0000000 ____H () C:\Users\pederZen\AppData\Local\BIT7125.tmp
2016-08-21 09:59 - 2016-08-21 09:59 - 0003584 _____ () C:\Users\pederZen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-06 19:35 - 2016-10-06 19:35 - 0000017 _____ () C:\Users\pederZen\AppData\Local\resmon.resmoncfg
2016-10-29 11:46 - 2016-10-29 11:46 - 0000000 _____ () C:\Users\pederZen\AppData\Local\{9234B288-6D5E-4F84-85C9-6E8F94F44463}
2016-07-01 09:50 - 2016-07-01 09:50 - 0000000 _____ () C:\Users\pederZen\AppData\Local\{D59D7F9A-9642-429D-8C8D-0A4AFD6623BA}
Some files in TEMP:
====================
C:\Users\pederZen\AppData\Local\Temp\HitmanPro.exe
C:\Users\pederZen\AppData\Local\Temp\libeay32.dll
C:\Users\pederZen\AppData\Local\Temp\msvcr120.dll
C:\Users\pederZen\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-10 14:48
==================== End of FRST.txt ============================

 

 

---

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by pederZen (18-12-2016 13:19:34)
Running from C:\Users\pederZen\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-29 14:15:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Alapértelmezett fiók (S-1-5-21-3797189423-156461087-3773699883-503 - Limited - Disabled)
pederZen (S-1-5-21-3797189423-156461087-3773699883-1001 - Administrator - Enabled) => C:\Users\pederZen
Rendszergazda (S-1-5-21-3797189423-156461087-3773699883-500 - Administrator - Disabled)
Vendég (S-1-5-21-3797189423-156461087-3773699883-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
Bandizip (HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Bandizip) (Version: 2.0 - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Malwarebytes Anti-Ransomware version 0.9.17.661 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.17.661 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
O&O Defrag Professional (HKLM\...\{50C961A1-889F-4A4E-9587-2772A45B6AAD}) (Version: 18.0.39 - O&O Software GmbH)
Online.io Application (HKLM-x32\...\{A91EEA9B-DCAA-4B2D-B62A-50B8EA351561}) (Version: 1.13.0 - Microleaves) <==== ATTENTION
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TeraCopy (HKLM-x32\...\TeraCopy) (Version: 1.00 - Company name)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\pederZen\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02CABAF3-4FF0-4DA5-97D8-59C5E3704BD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.)
Task: {0EAECFB5-2499-4CEC-9CC4-A71A583F0B66} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {126B2EFB-0166-4727-B023-9F56B601B24D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
Task: {128281C1-459C-4FA7-AA38-3916D119916B} - \pederZen -> No File <==== ATTENTION
Task: {1BA235CD-09DE-4D78-AE59-E2CA906C04AA} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
Task: {7B0EB2D6-FB25-4B24-8EA1-A71C4F3555B4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {7D457580-551F-4A91-8DC2-C09F12C29326} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {84A95C34-0166-4147-9F8F-8C99EA7BBDD8} - System32\Tasks\Uzesyghojet Debuger => C:\Program Files (x86)\Tmerdom\judosh.exe
Task: {8D9BC8F7-C772-4C60-81F6-74E65C349AD9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-22] (Dropbox, Inc.)
Task: {D5E94C7D-F21A-4CDD-9657-2758CF9C809C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-22] (Dropbox, Inc.)
Task: {EA9C002A-DE77-4097-8233-FDD3F637B63D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:15 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 22:12 - 2016-12-17 22:14 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2016-12-14 17:15 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-17 22:12 - 2016-04-14 18:38 - 00745984 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-12-14 16:55 - 2016-12-14 16:55 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 16:55 - 2016-12-14 16:55 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 16:55 - 2016-12-14 16:55 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 16:55 - 2016-12-14 16:55 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-09-29 16:03 - 2016-09-29 16:03 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 17:15 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-14 20:08 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-14 20:08 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-14 20:08 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-14 20:08 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-14 20:08 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-03 13:04 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [354]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-09-18 11:43 - 2016-12-03 13:04 - 00000346 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pederZen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{6B68B639-CC97-447A-B70C-7AAB805DDA07}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{250815FD-4365-40D8-BC8F-55C3C8EBADB7}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5E2B72-6A2B-4EC1-8FA9-BDAF09C03220}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B32AFE8-930C-4ECA-AC4B-FEADADE8E899}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E048B39-43AA-4147-8C13-0F4A997D607C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{172E0E02-5B7D-4741-9220-A66F57CD5C0D}] => C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{9465C11A-30EF-4CD0-970B-A37DDAECA99F}] => C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{00C70A10-5617-4544-894F-D1E3F3552A1F}] => C:\Users\pederZen\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{8075BD76-BD09-4950-A0EF-E7A64BFDC0A5}] => C:\Users\pederZen\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [UDP Query User{42D1E7C0-E066-4CCE-9149-4D78CE096B99}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{552EEB2C-5163-428B-8CDC-CEEBEACBB0E3}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{E3EA3028-DCF7-4DDA-8B35-FEF03F799FDB}C:\borederlands\binaries\borderlands.exe] => C:\borederlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{9D9DAA1C-BC59-4360-B059-E7529327A4BC}C:\borederlands\binaries\borderlands.exe] => C:\borederlands\binaries\borderlands.exe
FirewallRules: [{ED41F380-F5F0-4C93-8E7D-9BBA1742D9F5}] => LPort=1688
FirewallRules: [UDP Query User{1540B2B1-351A-4096-8F4D-D6FA5EEF46C5}C:\borederlands\binaries\borderlands.exe] => C:\borederlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{2F5A7587-C45B-4F5B-9A50-E20F0FF28C98}C:\borederlands\binaries\borderlands.exe] => C:\borederlands\binaries\borderlands.exe
FirewallRules: [{3DD4BFFB-A1D9-4400-B883-DD576024BF4F}] => C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{9DE9BA94-8E74-45FE-889F-B13ACC71AB8C}] => C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{77874E12-1B6E-483F-843B-62914B5C9092}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{3E1E1965-E96E-45F3-A92E-0CE438AC48A8}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{6E1A0EF5-02A2-4727-89E0-5693DF9E6EF6}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A5746A78-C83B-47D7-B70D-63058A0FCBA9}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{200BBD2C-B246-4AD3-A5B9-5CC102BCB8E8}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95ECE3D6-CA5F-4397-B8D3-66A8D454E44E}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F36917BA-0E60-40EB-A1E1-F98144B671E5}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Restore Points =========================
13-12-2016 12:19:31 első
15-12-2016 19:38:21 Revo Uninstaller Pro's restore point - Traffic Exchange
17-12-2016 10:33:17 Revo Uninstaller Pro's restore point - SpyHunter
18-12-2016 10:46:32 Revo Uninstaller Pro's restore point - AntiLogger Free version 1.8.2.320
18-12-2016 13:14:19 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (12/18/2016 01:18:43 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 01:16:56 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 01:16:49 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 01:16:43 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 01:16:36 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 01:14:36 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 01:14:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: A kriptográfiai szolgáltatás hibával leállt, miközben az OnIdentity() hívást dolgozta fel a System Writer objektumban.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft LLDP protokoll.
System Error:
A hozzáférés megtagadva.
.
Error: (12/18/2016 01:12:16 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) A rendszer nem találja a megadott fájlt.
Error: (12/18/2016 10:46:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: A kriptográfiai szolgáltatás hibával leállt, miközben az OnIdentity() hívást dolgozta fel a System Writer objektumban.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft LLDP protokoll.
System Error:
A hozzáférés megtagadva.
.
Error: (12/18/2016 10:46:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Kötet árnyékmásolata - szolgáltatáshiba: Váratlan hiba történt az IVssWriterCallback felület lekérdezése közben.  hr = 0x80070005, A hozzáférés megtagadva.
.
Ezt gyakran okozzák helytelen biztonsági beállítások vagy az író, vagy a kérelmező folyamatban.

Művelet:
   Íróadatok gyűjtése
Környezet:
   Író osztályazonosítója: {e8132975-6f93-4464-a53e-1050253ae220}
   Író neve: System Writer
   Író példányazonosítója: {4d115863-4469-47dd-90ce-0474c8944d53}

System errors:
=============
Error: (12/18/2016 01:16:32 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9IRPQJS)
Description: A(z) alkalmazásspecifikus engedélybeállítások nem biztosítanak a(z) Helyi számára Aktiválás engedélyt a COM-kiszolgálóalkalmazáshoz. CLSID:
{9E175B6D-F52A-11D8-B9A5-505054503030}
, APPID:
{9E175B9C-F52A-11D8-B9A5-505054503030}
, felhasználó: DESKTOP-9IRPQJS\pederZen, SID: S-1-5-21-3797189423-156461087-3773699883-1001, cím: LocalHost (helyi állomás, LRPC használatával), futtatási alkalmazástároló: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe, SID: S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194. Ez a biztonsági engedély a Komponensszolgáltatások felügyeleti eszközzel módosítható.
Error: (12/18/2016 01:13:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: A(z) alkalmazásspecifikus engedélybeállítások nem biztosítanak a(z) Helyi számára Aktiválás engedélyt a COM-kiszolgálóalkalmazáshoz. CLSID:
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
, APPID:
{F72671A9-012C-4725-9D2F-2A4D32D65169}
, felhasználó: NT AUTHORITY\SYSTEM, SID: S-1-5-18, cím: LocalHost (helyi állomás, LRPC használatával), futtatási alkalmazástároló: Nem érhető el, SID: Nem érhető el. Ez a biztonsági engedély a Komponensszolgáltatások felügyeleti eszközzel módosítható.
Error: (12/18/2016 01:11:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: A szolgáltatás (Windows Search) a következő hiba következtében leállt:
A szolgáltatás bejelentkezési hiba miatt nem indult el.
Error: (12/18/2016 01:11:47 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: A(z) WSearch szolgáltatás nem tudott bejelentkezni a fiókkal (NT AUTHORITY\SYSTEM) és a jelenleg konfigurált jelszóval a következő hiba miatt:
A kérés nem támogatott.

A szolgáltatás megfelelően konfigurált állapotáról a Szolgáltatások beépülő MMC-modul segítségével győződhet meg.
Error: (12/18/2016 01:11:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Windows Search szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. 30000 milliszekundumon belül a következő ellenintézkedés történik: A szolgáltatás újraindítása.
Error: (12/18/2016 01:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: A(z) SAMSUNG Mobile Connectivity Service szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő.
Error: (12/18/2016 01:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: A(z) Office Software Protection Platform szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő.
Error: (12/18/2016 01:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: A(z) O&O Defrag szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő.
Error: (12/18/2016 01:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: A(z) MB3Service szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő.
Error: (12/18/2016 01:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: A(z) DbxSvc szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő.

CodeIntegrity:
===================================
  Date: 2016-12-18 09:56:34.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-18 08:23:41.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.977
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.862
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:48.662
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:48.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-11-30 18:41:07.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================
Processor: AMD FX™-8120 Eight-Core Processor
Percentage of memory in use: 38%
Total physical RAM: 6104.73 MB
Available physical RAM: 3747.22 MB
Total Virtual: 9176.73 MB
Available Virtual: 6769.46 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.34 GB) (Free:67.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (TITÁN) (Fixed) (Total:931.5 GB) (Free:68.45 GB) NTFS
Drive f: (Letölt) (Fixed) (Total:111.79 GB) (Free:101.48 GB) NTFS
Drive g: (Program) (Fixed) (Total:74.5 GB) (Free:64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: AAAAAAAA)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 011D45E7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6D30CC90)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DE6BA41E)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================


#6 pederZen

pederZen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 18 December 2016 - 07:34 AM

Very disturbing News about IOBit by the way.



#7 satchfan

satchfan

  • Malware Response Team
  • 2,847 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:35 PM

Posted 18 December 2016 - 11:08 AM

Please uninstall Microleaves Online.io Application.


Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below and paste it into Notepad.

CloseProcesses:
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Run: [pederZen] => explorer.exe hxxp://sd-steam.info <===== ATTENTI
ShellExecuteHooks: - {02635D80-A738-11E6-8C1E-64006A5CFC23} - No File [ ]
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2016-12-03 13:04 - 2016-12-18 13:12 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-03 13:04 - 2016-12-18 13:08 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\IObit
2016-12-03 13:04 - 2016-12-04 10:38 - 00000000 ____D C:\Users\pederZen\AppData\LocalLow\IObit
2016-12-03 13:02 - 2016-12-18 13:08 - 00000000 ____D C:\ProgramData\IObit
2016-12-03 13:02 - 2016-12-03 13:02 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\Avira
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\Avg
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-18 11:47 - 2016-02-11 20:06 - 00000000 ____D C:\Program Files\KMSpico
2016-10-29 11:47 - 2016-10-29 15:46 - 0000000 ____H () C:\Users\pederZen\AppData\Local\BIT7125.tmp
2016-10-29 11:46 - 2016-10-29 11:46 - 0000000 _____ () C:\Users\pederZen\AppData\Local\{9234B288-6D5E-4F84-85C9-6E8F94F44463}
2016-07-01 09:50 - 2016-07-01 09:50 - 0000000 _____ () C:\Users\pederZen\AppData\Local\{D59D7F9A-9642-429D-8C8D-0A4AFD6623BA}
Task: {128281C1-459C-4FA7-AA38-3916D119916B} - \pederZen -> No File <==== ATTENTION
Task: {7D457580-551F-4A91-8DC2-C09F12C29326} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
FirewallRules: [{172E0E02-5B7D-4741-9220-A66F57CD5C0D}] => C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{9465C11A-30EF-4CD0-970B-A37DDAECA99F}] => C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe
C:\Users\pederZen\AppData\Local\BIT7125.tmp
C:\Users\pederZen\AppData\Local\{9234B288-6D5E-4F84-85C9-6E8F94F44463}
C:\Users\pederZen\AppData\Local\{D59D7F9A-9642-429D-8C8D-0A4AFD6623BA}
C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe
CMD: ipconfig /flushdns
EmptyTemp:

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

================================================

You need to reset Chrome back to defaults to completely clear out what is going on.

You can keep the bookmarks by exporting them - Export Bookmarks

  • go to Google Sync and sign into your account
    scroll down until you see the ‘Stop and Clear’ button and click on it
  • at the prompt click on OK.

Next you need to uninstall chrome - if asked about user data or settings, remove those also.

Restart the computer and reinstall chrome: you can download The latest version from here.

================================================

Run Farbar Recovery Scan Tool

Please run FRST again and again make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

Fixlog.txt
New Frst.txt
New Addition.txt

 

Can you tell me if that has sorted the problem.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 pederZen

pederZen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 18 December 2016 - 02:26 PM

Okay here come the logs:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by pederZen (18-12-2016 20:15:52) Run:3
Running from C:\Users\pederZen\Desktop
Loaded Profiles: pederZen (Available Profiles: pederZen)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Run: [pederZen] => explorer.exe hxxp://sd-steam.info <===== ATTENTI
ShellExecuteHooks: - {02635D80-A738-11E6-8C1E-64006A5CFC23} - No File [ ]
GroupPolicy: Restriction - Chrome <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
2016-12-03 13:04 - 2016-12-18 13:12 - 00000000 ____D C:\Program Files (x86)\IObit
2016-12-03 13:04 - 2016-12-18 13:08 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\IObit
2016-12-03 13:04 - 2016-12-04 10:38 - 00000000 ____D C:\Users\pederZen\AppData\LocalLow\IObit
2016-12-03 13:02 - 2016-12-18 13:08 - 00000000 ____D C:\ProgramData\IObit
2016-12-03 13:02 - 2016-12-03 13:02 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\Avira
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\Avg
2016-11-28 15:34 - 2016-11-28 15:34 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-18 11:47 - 2016-02-11 20:06 - 00000000 ____D C:\Program Files\KMSpico
2016-10-29 11:47 - 2016-10-29 15:46 - 0000000 ____H () C:\Users\pederZen\AppData\Local\BIT7125.tmp
2016-10-29 11:46 - 2016-10-29 11:46 - 0000000 _____ () C:\Users\pederZen\AppData\Local\{9234B288-6D5E-4F84-85C9-6E8F94F44463}
2016-07-01 09:50 - 2016-07-01 09:50 - 0000000 _____ () C:\Users\pederZen\AppData\Local\{D59D7F9A-9642-429D-8C8D-0A4AFD6623BA}
Task: {128281C1-459C-4FA7-AA38-3916D119916B} - \pederZen -> No File <==== ATTENTION
Task: {7D457580-551F-4A91-8DC2-C09F12C29326} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
FirewallRules: [{172E0E02-5B7D-4741-9220-A66F57CD5C0D}] => C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe
FirewallRules: [{9465C11A-30EF-4CD0-970B-A37DDAECA99F}] => C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe
C:\Users\pederZen\AppData\Local\BIT7125.tmp
C:\Users\pederZen\AppData\Local\{9234B288-6D5E-4F84-85C9-6E8F94F44463}
C:\Users\pederZen\AppData\Local\{D59D7F9A-9642-429D-8C8D-0A4AFD6623BA}
C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe
CMD: ipconfig /flushdns
EmptyTemp:
*****************
Processes closed successfully.
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => No running process found
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\Software\Microsoft\Windows\CurrentVersion\Run\\pederZen => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{02635D80-A738-11E6-8C1E-64006A5CFC23} => value removed successfully
"HKCR\CLSID\{02635D80-A738-11E6-8C1E-64006A5CFC23}" => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
LiveUpdateSvc => service removed successfully
dbx => service removed successfully
vmci => service removed successfully
VMnetAdapter => service removed successfully
ZAM => service removed successfully
C:\Program Files (x86)\IObit => moved successfully
C:\Users\pederZen\AppData\Roaming\IObit => moved successfully
C:\Users\pederZen\AppData\LocalLow\IObit => moved successfully
C:\ProgramData\IObit => moved successfully
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705} => moved successfully
C:\ProgramData\Avira => moved successfully
C:\ProgramData\Avg => moved successfully
C:\ProgramData\AVAST Software => moved successfully
C:\Program Files\KMSpico => moved successfully
C:\Users\pederZen\AppData\Local\BIT7125.tmp => moved successfully
C:\Users\pederZen\AppData\Local\{9234B288-6D5E-4F84-85C9-6E8F94F44463} => moved successfully
C:\Users\pederZen\AppData\Local\{D59D7F9A-9642-429D-8C8D-0A4AFD6623BA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{128281C1-459C-4FA7-AA38-3916D119916B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{128281C1-459C-4FA7-AA38-3916D119916B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\pederZen" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D457580-551F-4A91-8DC2-C09F12C29326}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D457580-551F-4A91-8DC2-C09F12C29326}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{172E0E02-5B7D-4741-9220-A66F57CD5C0D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9465C11A-30EF-4CD0-970B-A37DDAECA99F} => value removed successfully
"C:\Users\pederZen\AppData\Local\BIT7125.tmp" => not found.
"C:\Users\pederZen\AppData\Local\{9234B288-6D5E-4F84-85C9-6E8F94F44463}" => not found.
"C:\Users\pederZen\AppData\Local\{D59D7F9A-9642-429D-8C8D-0A4AFD6623BA}" => not found.
"C:\Users\pederZen\AppData\Local\Temp\RemoveTemp.exe" => not found.
========= ipconfig /flushdns =========

Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========

=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31692838 B
Java, Flash, Steam htmlcache => 11461251 B
Windows/system/drivers => 204133 B
Edge => 199298986 B
Chrome => 274298980 B
Firefox => 387430504 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1355278 B
NetworkService => 15476 B
pederZen => 48359526 B
RecycleBin => 1736841888 B
EmptyTemp: => 2.5 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 20:16:09 ====

 

 

---

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-12-2016
Ran by pederZen (administrator) on DESKTOP-9IRPQJS (18-12-2016 20:19:30)
Running from C:\Users\pederZen\Desktop
Loaded Profiles: pederZen (Available Profiles: pederZen)
Platform: Windows 10 Home Version 1607 (X64) Language: magyar (Magyarország)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe [4465448 2014-08-29] (O&O Software GmbH)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes Anti-Ransomware] => C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe [722896 2016-08-26] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25778760 2016-12-12] (Dropbox, Inc.)
HKLM\...\Winlogon: [Userinit]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2016-03-06] (BitTorrent, Inc.)
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\RunOnce: [Uninstall C:\Users\pederZen\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\pederZen\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-12] (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3a1d9f6d-05e4-4667-bb93-df818bd8ad24}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2016-12-17]
FireFox:
========
FF ProfilePath: C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 [2016-12-18]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 -> Google
FF Session Restore: Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781 -> is enabled.
FF Extension: (uBlock Origin) - C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781\Extensions\uBlock0@raymondhill.net.xpi [2016-12-14]
FF Extension: (Video DownloadHelper) - C:\Users\pederZen\AppData\Roaming\Mozilla\Firefox\Profiles\c3d3evej.default-1481213428781\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-17] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-17] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR Profile: C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-12-18] <==== ATTENTION
CHR Extension: (Google Diák) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-28]
CHR Extension: (Google Dokumentumok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-29]
CHR Extension: (Google Drive) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-29]
CHR Extension: (YouTube) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-29]
CHR Extension: (Google Táblázatok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-28]
CHR Extension: (Google Dokumentumok Offline) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-29]
CHR Extension: (AdBlock) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-17]
CHR Extension: (Disconnect) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-11-29]
CHR Extension: (Chrome Internetes áruház Fizetési rendszere) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-28]
CHR Extension: (Gmail) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-29]
CHR Extension: (Chrome Media Router) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default [2016-12-18]
CHR Extension: (Google Dokumentumok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-11]
CHR Extension: (Google Drive) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-11]
CHR Extension: (YouTube) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-11]
CHR Extension: (Google-keresés) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-11]
CHR Extension: (No Name) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eojeoeddgeaeahpmfabdfpfialkoplcb [2016-11-28]
CHR Extension: (Google Táblázatok) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-11]
CHR Extension: (Google Dokumentumok Offline) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (AdBlock) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-27]
CHR Extension: (Disconnect) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-02-13]
CHR Extension: (Chrome Internetes áruház Fizetési rendszere) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Gmail) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-11]
CHR Extension: (Chrome Media Router) - C:\Users\pederZen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [137584 2014-09-19] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-22] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [42096 2016-12-05] (Dropbox, Inc.)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe [3291088 2016-08-26] (Malwarebytes)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmdag.sys [26559504 2016-10-01] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0307329.inf_amd64_55b6bd3e40065979\atikmpag.sys [527264 2016-10-01] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3.0; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [60104 2014-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [101376 2016-07-24] (Advanced Micro Devices)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R0 MB3SwissArmy; C:\WINDOWS\System32\drivers\MB3SwissArmy.sys [228800 2016-12-18] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110528 2016-12-18] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 VBoxUSBMon; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-10-16] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-18 20:19 - 2016-12-18 20:19 - 00018793 _____ C:\Users\pederZen\Desktop\FRST.txt
2016-12-18 20:15 - 2016-12-18 20:16 - 00006887 _____ C:\Users\pederZen\Desktop\Fixlog.txt
2016-12-18 20:05 - 2016-12-18 20:05 - 01065376 _____ (Google Inc.) C:\Users\pederZen\Desktop\ChromeSetup.exe
2016-12-18 20:05 - 2016-12-18 20:05 - 00002322 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-18 20:02 - 2016-12-18 20:02 - 00000000 _____ C:\Users\pederZen\Desktop\Új szöveges dokumentum.txt
2016-12-18 14:30 - 2016-12-18 14:30 - 00000872 _____ C:\Users\pederZen\Desktop\season 1 parancsikonja.lnk
2016-12-18 13:14 - 2016-12-18 13:14 - 01663040 _____ (Malwarebytes) C:\Users\pederZen\Desktop\JRT.exe
2016-12-18 13:09 - 2016-12-18 13:09 - 03977168 _____ C:\Users\pederZen\Desktop\adwcleaner_6.041.exe
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\Program Files\MSBuild
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-18 13:07 - 2016-12-18 13:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-12-18 13:06 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-12-18 13:06 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-12-18 13:06 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-12-18 13:06 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-12-18 13:06 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-12-18 13:06 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-12-18 13:05 - 2016-12-18 13:05 - 00110080 _____ (Thomas Hoen - T-Tools) C:\Users\pederZen\Desktop\BitRemover.exe
2016-12-18 11:48 - 2016-12-18 11:48 - 00468480 _____ () C:\Users\pederZen\Desktop\CKScanner.exe
2016-12-17 22:13 - 2016-12-18 20:17 - 00110528 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-17 22:12 - 2016-12-18 20:17 - 00228800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MB3SwissArmy.sys
2016-12-17 22:12 - 2016-12-17 22:13 - 00000000 ____D C:\ProgramData\MalwarebytesARW
2016-12-17 22:12 - 2016-12-17 22:12 - 00001946 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-12-17 22:12 - 2016-12-17 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-17 22:12 - 2016-12-17 22:12 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-17 22:11 - 2016-12-17 22:11 - 00000000 ____D C:\Users\pederZen\AppData\Local\AntiLogger Free
2016-12-17 22:11 - 2015-11-05 15:00 - 00143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2016-12-16 11:45 - 2016-12-16 11:45 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-16 11:45 - 2016-12-16 11:45 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk
2016-12-16 11:45 - 2016-12-16 11:45 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\TeamViewer
2016-12-16 11:45 - 2016-12-16 11:45 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-16 09:56 - 2016-12-16 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-15 13:34 - 2016-12-15 13:34 - 00001268 _____ C:\Users\pederZen\Desktop\Olive.Kitteridge.Complete.MiniSereis.720p.HDTV.2CH.x265.HEVC-PSA parancsikonja.lnk
2016-12-15 12:21 - 2016-12-17 19:18 - 00189924 _____ C:\WINDOWS\ntbtlog.txt
2016-12-14 17:17 - 2016-12-14 17:17 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-12-14 17:16 - 2016-12-09 11:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 17:16 - 2016-12-09 11:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 17:16 - 2016-12-09 11:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 17:16 - 2016-12-09 11:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 17:16 - 2016-12-09 11:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:16 - 2016-12-09 11:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 17:16 - 2016-12-09 11:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 17:16 - 2016-12-09 10:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 17:16 - 2016-12-09 10:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:16 - 2016-12-09 10:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 17:16 - 2016-12-09 10:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 17:16 - 2016-12-09 10:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 17:16 - 2016-12-09 10:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 17:16 - 2016-12-09 10:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 17:16 - 2016-12-09 10:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 17:16 - 2016-12-09 10:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 17:16 - 2016-12-09 10:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 17:16 - 2016-12-09 10:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 17:15 - 2016-12-09 11:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 17:15 - 2016-12-09 11:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 17:15 - 2016-12-09 11:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 17:15 - 2016-12-09 11:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 17:15 - 2016-12-09 11:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 17:15 - 2016-12-09 11:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 17:15 - 2016-12-09 11:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 17:15 - 2016-12-09 11:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 17:15 - 2016-12-09 11:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 17:15 - 2016-12-09 11:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 17:15 - 2016-12-09 11:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 17:15 - 2016-12-09 11:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 17:15 - 2016-12-09 11:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 17:15 - 2016-12-09 11:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 17:15 - 2016-12-09 11:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 17:15 - 2016-12-09 11:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 17:15 - 2016-12-09 11:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 17:15 - 2016-12-09 11:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 17:15 - 2016-12-09 11:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 17:15 - 2016-12-09 11:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 17:15 - 2016-12-09 11:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 17:15 - 2016-12-09 11:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 17:15 - 2016-12-09 11:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 17:15 - 2016-12-09 11:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 17:15 - 2016-12-09 11:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 17:15 - 2016-12-09 11:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 17:15 - 2016-12-09 10:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 17:15 - 2016-12-09 10:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 17:15 - 2016-12-09 10:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 17:15 - 2016-12-09 10:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 17:15 - 2016-12-09 10:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 17:15 - 2016-12-09 10:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 17:15 - 2016-12-09 10:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 17:15 - 2016-12-09 10:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 17:15 - 2016-12-09 10:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 17:15 - 2016-12-09 10:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 17:15 - 2016-12-09 10:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 17:15 - 2016-12-09 10:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 17:15 - 2016-12-09 10:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 17:15 - 2016-12-09 10:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 17:15 - 2016-12-09 10:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 17:15 - 2016-12-09 10:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 17:15 - 2016-12-09 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 17:15 - 2016-12-09 10:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 17:15 - 2016-12-09 10:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 17:15 - 2016-12-09 10:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 17:15 - 2016-12-09 10:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 17:15 - 2016-12-09 10:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 17:15 - 2016-12-09 10:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 17:15 - 2016-12-09 10:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 17:15 - 2016-12-09 10:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 17:15 - 2016-12-09 10:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 17:15 - 2016-12-09 10:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 17:15 - 2016-12-09 10:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 17:15 - 2016-12-09 10:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 17:15 - 2016-12-09 10:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 17:15 - 2016-12-09 10:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 17:15 - 2016-12-09 10:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 17:15 - 2016-12-09 10:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 17:15 - 2016-12-09 10:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 17:15 - 2016-12-09 10:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 17:15 - 2016-12-09 10:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 17:15 - 2016-12-09 10:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 17:15 - 2016-12-09 10:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 17:15 - 2016-12-09 10:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 17:15 - 2016-12-09 10:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 17:15 - 2016-12-09 10:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 17:15 - 2016-12-09 10:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 17:15 - 2016-12-09 10:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-14 17:15 - 2016-12-09 10:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 17:15 - 2016-12-09 10:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 17:15 - 2016-12-09 10:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 17:15 - 2016-12-09 10:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 17:15 - 2016-12-09 10:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 17:15 - 2016-12-09 10:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 17:15 - 2016-12-09 10:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 17:15 - 2016-12-09 09:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 17:15 - 2016-11-02 11:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 17:15 - 2016-11-02 11:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 17:15 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-12 09:20 - 2016-12-12 09:20 - 00448597 _____ C:\Users\pederZen\Downloads\c227cb7d-ac98-4776-a557-b4f46519b80c.pdf
2016-12-10 17:43 - 2016-12-18 11:45 - 00000000 ____D C:\ProgramData\Orbit
2016-12-10 15:44 - 2016-12-18 11:45 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-12-10 15:22 - 2016-12-10 15:22 - 00017648 _____ C:\Users\pederZen\Downloads\the.night.of.s01.e07.ordinary.death.(2016).hun.1cd.(6786329).zip
2016-12-10 10:50 - 2016-11-11 11:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 10:50 - 2016-11-11 10:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 10:50 - 2016-11-11 10:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 10:50 - 2016-11-11 10:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 10:50 - 2016-11-11 10:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 10:50 - 2016-11-11 10:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 10:50 - 2016-11-11 10:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 10:50 - 2016-11-11 10:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 10:49 - 2016-11-11 11:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 10:49 - 2016-11-11 11:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 10:49 - 2016-11-11 11:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 10:49 - 2016-11-11 11:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 10:49 - 2016-11-11 11:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 10:49 - 2016-11-11 11:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 10:49 - 2016-11-11 11:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 10:49 - 2016-11-11 11:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 10:49 - 2016-11-11 11:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 10:49 - 2016-11-11 11:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 10:49 - 2016-11-11 11:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 10:49 - 2016-11-11 11:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 10:49 - 2016-11-11 11:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 10:49 - 2016-11-11 11:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 10:49 - 2016-11-11 11:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 10:49 - 2016-11-11 11:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 10:49 - 2016-11-11 11:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 10:49 - 2016-11-11 10:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 10:49 - 2016-11-11 10:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 10:49 - 2016-11-11 10:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 10:49 - 2016-11-11 10:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 10:49 - 2016-11-11 10:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 10:49 - 2016-11-11 10:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 10:49 - 2016-11-11 10:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 10:49 - 2016-11-11 10:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 10:49 - 2016-11-11 10:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 10:49 - 2016-11-11 10:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 10:49 - 2016-11-11 10:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 10:49 - 2016-11-11 10:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 10:49 - 2016-11-11 10:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 10:49 - 2016-11-11 10:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 10:49 - 2016-11-11 10:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 10:49 - 2016-11-11 10:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 10:49 - 2016-11-11 10:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 10:49 - 2016-11-11 10:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 10:49 - 2016-11-11 10:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 10:49 - 2016-11-11 10:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 10:49 - 2016-11-11 10:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 10:49 - 2016-11-11 10:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 10:49 - 2016-11-11 10:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 10:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 10:49 - 2016-11-11 10:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 10:49 - 2016-11-11 10:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 10:49 - 2016-11-11 10:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 10:49 - 2016-11-11 10:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 10:49 - 2016-11-11 10:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 10:49 - 2016-11-11 10:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 10:49 - 2016-11-11 10:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 10:49 - 2016-11-11 10:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 10:49 - 2016-11-11 10:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 10:49 - 2016-11-11 10:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 10:49 - 2016-11-11 10:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 10:49 - 2016-11-11 10:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 10:49 - 2016-11-11 10:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 10:49 - 2016-11-11 10:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 10:49 - 2016-11-11 10:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 10:49 - 2016-11-11 10:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 10:49 - 2016-11-11 10:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 10:49 - 2016-11-11 10:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 10:49 - 2016-11-11 10:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 10:49 - 2016-11-11 10:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 10:49 - 2016-11-11 10:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 10:49 - 2016-11-11 10:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 10:49 - 2016-11-11 10:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 10:49 - 2016-11-11 10:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 10:49 - 2016-11-11 10:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 10:49 - 2016-11-11 10:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 10:49 - 2016-11-11 10:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 10:49 - 2016-11-11 10:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 10:49 - 2016-11-11 10:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 10:49 - 2016-11-11 10:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 10:49 - 2016-11-11 10:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 10:49 - 2016-11-11 10:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 10:49 - 2016-11-11 10:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 10:49 - 2016-11-11 10:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 10:49 - 2016-11-11 10:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 10:49 - 2016-11-11 10:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 10:49 - 2016-11-11 09:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 10:49 - 2016-11-11 09:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 10:49 - 2016-11-11 09:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 10:49 - 2016-11-11 08:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 10:49 - 2016-11-11 08:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 10:49 - 2016-11-11 08:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 10:49 - 2016-11-11 08:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 10:49 - 2016-11-11 08:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 10:49 - 2016-11-11 08:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 10:49 - 2016-11-11 08:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 10:49 - 2016-11-11 08:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 10:49 - 2016-11-11 08:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 10:49 - 2016-11-11 08:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 10:49 - 2016-11-11 08:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 10:49 - 2016-11-11 08:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 10:49 - 2016-11-11 08:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 10:49 - 2016-11-11 08:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 10:49 - 2016-11-11 08:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 10:49 - 2016-11-11 08:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 10:49 - 2016-11-11 08:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 10:49 - 2016-11-11 08:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 10:49 - 2016-11-11 08:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 10:49 - 2016-11-11 08:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 10:49 - 2016-11-11 08:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 10:49 - 2016-11-11 08:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 10:49 - 2016-11-11 08:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 10:49 - 2016-11-11 08:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 10:49 - 2016-11-11 08:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 10:49 - 2016-11-11 08:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 10:49 - 2016-11-11 08:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 10:49 - 2016-11-11 08:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 10:49 - 2016-11-11 08:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 10:49 - 2016-11-11 08:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 10:49 - 2016-11-11 08:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 10:49 - 2016-11-11 08:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 10:49 - 2016-11-11 08:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 10:49 - 2016-11-11 08:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 10:49 - 2016-11-11 08:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 10:49 - 2016-11-11 08:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 10:49 - 2016-11-11 08:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 10:49 - 2016-11-11 08:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 10:49 - 2016-11-11 08:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 10:49 - 2016-11-11 08:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 10:49 - 2016-11-11 08:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 10:49 - 2016-11-11 08:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 10:49 - 2016-11-11 08:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 10:49 - 2016-11-11 08:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 10:49 - 2016-11-11 08:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 10:49 - 2016-11-11 08:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 10:49 - 2016-11-11 08:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 10:49 - 2016-11-11 08:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-08 18:11 - 2016-12-18 20:19 - 00000000 ____D C:\FRST
2016-12-08 18:09 - 2016-12-17 21:20 - 02420224 _____ (Farbar) C:\Users\pederZen\Desktop\FRST64.exe
2016-12-08 17:09 - 2016-12-08 17:09 - 00243736 _____ C:\Users\pederZen\Downloads\Firefox Setup Stub 50.0.2.exe
2016-12-06 19:42 - 2016-12-14 17:00 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-12-05 21:07 - 2016-12-05 21:07 - 00042096 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-04 10:38 - 2016-12-04 10:38 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Apple Computer
2016-12-04 10:38 - 2016-12-04 10:38 - 00000000 ____D C:\ProgramData\BDLogging
2016-12-04 10:38 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2016-12-04 10:38 - 2016-03-31 17:54 - 00155912 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2016-12-03 18:34 - 2016-12-03 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-12-03 17:03 - 2016-12-03 18:34 - 00000000 ____D C:\Users\pederZen\Documents\The Witcher 3
2016-12-03 16:41 - 2016-12-03 18:34 - 00000000 ____D C:\GOG Games
2016-12-03 13:23 - 2016-12-18 11:45 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-03 13:22 - 2016-12-03 15:16 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-03 13:20 - 2016-12-18 13:11 - 00000000 ____D C:\AdwCleaner
2016-11-30 20:03 - 2016-11-30 20:03 - 00000000 ____D C:\Users\pederZen\Documents\Square Enix
2016-11-30 19:55 - 2016-12-14 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy VII
2016-11-29 11:43 - 2016-11-29 11:43 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2016-11-28 15:52 - 2016-12-18 20:17 - 00000008 __RSH C:\Users\pederZen\ntuser.pol
2016-11-28 15:34 - 2016-11-28 15:34 - 00006142 _____ C:\WINDOWS\System32\Tasks\Uzesyghojet Debuger
2016-11-28 15:33 - 2016-12-18 20:17 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-11-18 09:24 - 2016-12-17 17:12 - 00000000 ____D C:\Users\pederZen\AppData\LocalLow\Mozilla
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-18 20:19 - 2016-09-01 17:27 - 00015573 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-12-18 20:18 - 2016-03-06 18:51 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\uTorrent
2016-12-18 20:18 - 2016-02-22 11:17 - 00000000 ___RD C:\Users\pederZen\Dropbox
2016-12-18 20:17 - 2016-09-29 15:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-18 20:17 - 2016-09-29 15:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-12-18 20:17 - 2016-09-29 15:09 - 00000000 ____D C:\Users\pederZen
2016-12-18 20:16 - 2016-09-29 15:08 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-18 20:16 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-12-18 20:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-12-18 20:05 - 2016-02-11 21:23 - 00002334 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-18 20:05 - 2016-02-11 21:23 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-18 19:59 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-18 17:55 - 2016-09-29 15:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-18 15:57 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-18 15:57 - 2016-02-14 09:22 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\vlc
2016-12-18 13:17 - 2016-07-16 23:35 - 01413468 _____ C:\WINDOWS\system32\perfh00E.dat
2016-12-18 13:17 - 2016-07-16 23:35 - 00394100 _____ C:\WINDOWS\system32\perfc00E.dat
2016-12-18 13:17 - 2016-02-11 19:04 - 03366054 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-18 13:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-12-18 13:07 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-12-18 13:07 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-18 11:45 - 2016-06-18 21:52 - 00000000 ____D C:\Users\pederZen\Documents\My Games
2016-12-18 11:44 - 2016-07-21 10:36 - 00000000 ____D C:\Program Files (x86)\The Bureau
2016-12-18 11:43 - 2016-03-22 18:48 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2016-12-18 11:43 - 2016-02-11 19:21 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\BSplayer PRO
2016-12-18 11:43 - 2016-02-11 19:21 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-12-18 11:42 - 2016-02-11 19:31 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\ProcessLasso
2016-12-17 19:19 - 2016-09-01 17:52 - 00000000 ____D C:\WINDOWS\pss
2016-12-17 19:12 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-17 19:12 - 2016-02-11 18:59 - 00000000 ____D C:\Users\pederZen\AppData\Local\Packages
2016-12-17 17:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-12-17 17:23 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-12-17 17:23 - 2016-03-10 21:58 - 00000000 ____D C:\Users\pederZen\AppData\Local\Adobe
2016-12-17 12:50 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-17 10:24 - 2016-09-29 15:14 - 00003546 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 10:24 - 2016-09-29 15:14 - 00003422 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 14:47 - 2016-09-29 15:07 - 00269488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-16 09:56 - 2016-02-22 11:14 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-14 18:19 - 2016-10-22 21:58 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-14 18:18 - 2016-08-11 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2016-12-14 18:18 - 2016-08-02 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2016-12-14 17:47 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-14 17:20 - 2016-10-13 19:02 - 00000000 ____D C:\WINDOWS\system32\MpEngineStore
2016-12-14 17:20 - 2016-02-11 21:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 17:18 - 2016-02-11 21:09 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-12 00:56 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-11 08:56 - 2016-02-11 18:59 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 23:51 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 23:51 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 10:37 - 2016-07-16 12:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 15:52 - 2015-10-30 09:13 - 00389408 __RSH C:\bootmgr
2016-12-03 16:54 - 2016-09-29 15:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-03 15:16 - 2016-09-01 17:18 - 00041062 _____ C:\WINDOWS\system32\.crusader
2016-12-03 13:12 - 2016-10-16 10:13 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-12-03 13:12 - 2016-09-01 17:27 - 00014229 _____ C:\WINDOWS\ZAM.krnl.trace
2016-12-03 12:55 - 2016-09-01 17:48 - 00000000 ____D C:\ProgramData\TEMP
2016-12-03 09:28 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-30 20:18 - 2016-09-02 10:55 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Nox
2016-11-30 20:18 - 2016-09-02 10:55 - 00000000 ____D C:\Users\pederZen\AppData\Local\Nox
2016-11-30 20:18 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-30 20:17 - 2016-08-11 22:47 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Leapdroid
2016-11-30 20:17 - 2016-08-11 22:47 - 00000000 ____D C:\Program Files\Leapdroid
2016-11-30 20:17 - 2016-08-11 20:30 - 00000000 ____D C:\Users\pederZen\AppData\Local\Bluestacks
2016-11-30 08:37 - 2016-08-11 20:48 - 00000000 ____D C:\Users\pederZen\AppData\Roaming\Andy
2016-11-29 18:52 - 2016-02-22 11:14 - 00000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-29 18:52 - 2016-02-22 11:14 - 00000940 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-29 13:01 - 2016-09-29 15:14 - 00004004 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 13:01 - 2016-09-29 15:14 - 00003772 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-28 15:55 - 2016-09-29 15:14 - 00003662 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-11-28 15:34 - 2016-09-29 15:08 - 00000000 ____D C:\Program Files (x86)\AMD
2016-11-28 15:34 - 2016-09-01 17:47 - 00000000 ____D C:\Program Files (x86)\CleanMyPC
2016-11-28 15:34 - 2016-08-11 20:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-11-28 15:34 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-11-28 15:34 - 2016-07-06 11:52 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-11-28 15:34 - 2016-07-06 11:52 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2016-11-28 15:34 - 2016-04-04 17:47 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-28 15:34 - 2016-03-06 18:51 - 00000000 ____D C:\Program Files (x86)\uTorrent
2016-11-28 15:34 - 2016-02-11 21:19 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-28 15:34 - 2016-02-11 19:40 - 00000000 ____D C:\Program Files (x86)\TeraCopy
2016-11-28 15:34 - 2016-02-11 19:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-28 15:34 - 2016-02-11 19:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-28 15:34 - 2016-02-11 19:26 - 00000000 ____D C:\Program Files (x86)\Winamp Detect
2016-11-28 15:34 - 2016-02-11 19:26 - 00000000 ____D C:\Program Files (x86)\Winamp
==================== Files in the root of some directories =======
2016-08-21 09:59 - 2016-08-21 09:59 - 0003584 _____ () C:\Users\pederZen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-10-06 19:35 - 2016-10-06 19:35 - 0000017 _____ () C:\Users\pederZen\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-10 14:48
==================== End of FRST.txt ============================

 

 

---

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2016
Ran by pederZen (18-12-2016 20:20:13)
Running from C:\Users\pederZen\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-29 14:15:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Alapértelmezett fiók (S-1-5-21-3797189423-156461087-3773699883-503 - Limited - Disabled)
pederZen (S-1-5-21-3797189423-156461087-3773699883-1001 - Administrator - Enabled) => C:\Users\pederZen
Rendszergazda (S-1-5-21-3797189423-156461087-3773699883-500 - Administrator - Disabled)
Vendég (S-1-5-21-3797189423-156461087-3773699883-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
Bandizip (HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Bandizip) (Version: 2.0 - Bandisoft.com)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.29 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Malwarebytes Anti-Ransomware version 0.9.17.661 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.17.661 - Malwarebytes)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
O&O Defrag Professional (HKLM\...\{50C961A1-889F-4A4E-9587-2772A45B6AAD}) (Version: 18.0.39 - O&O Software GmbH)
Revo Uninstaller Pro 3.1.5 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.5 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.1.16052.2 - Samsung Electronics Co., Ltd.) Hidden
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.1 - Krzysztof Kowalczyk)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TeraCopy (HKLM-x32\...\TeraCopy) (Version: 1.00 - Company name)
TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-3797189423-156461087-3773699883-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3797189423-156461087-3773699883-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Users\pederZen\AppData\Local\Bandizip\bdzshl64.dll (Bandisoft.com)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {02CABAF3-4FF0-4DA5-97D8-59C5E3704BD2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.)
Task: {09141EFE-DFD8-4F0B-A071-BA6ECBC5A4DF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0EAECFB5-2499-4CEC-9CC4-A71A583F0B66} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {126B2EFB-0166-4727-B023-9F56B601B24D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
Task: {1BA235CD-09DE-4D78-AE59-E2CA906C04AA} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-09-16] (Advanced Micro Devices, Inc.)
Task: {400AE448-4EB3-4709-8753-28E638B664AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5F7FFDB2-0A90-41D0-9784-7348394FC196} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {79646CFE-94D5-4A22-B8B8-BC17EB424184} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {7B0EB2D6-FB25-4B24-8EA1-A71C4F3555B4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {84A95C34-0166-4147-9F8F-8C99EA7BBDD8} - System32\Tasks\Uzesyghojet Debuger => C:\Program Files (x86)\Tmerdom\judosh.exe
Task: {8D9BC8F7-C772-4C60-81F6-74E65C349AD9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-22] (Dropbox, Inc.)
Task: {D5E94C7D-F21A-4CDD-9657-2758CF9C809C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-22] (Dropbox, Inc.)
Task: {EA9C002A-DE77-4097-8233-FDD3F637B63D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-11] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 17:15 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-17 22:12 - 2016-12-17 22:14 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2016-12-14 17:15 - 2016-12-09 11:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-29 16:03 - 2016-09-29 16:03 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 17:15 - 2016-12-09 10:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-14 20:08 - 2016-11-02 11:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-14 20:08 - 2016-11-02 11:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-14 20:08 - 2016-11-02 11:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-14 20:08 - 2016-11-02 11:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-14 20:08 - 2016-11-02 11:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-17 22:12 - 2016-04-14 18:38 - 00745984 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-12-14 17:03 - 2016-12-14 17:04 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-12-14 16:55 - 2016-12-14 16:55 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 16:55 - 2016-12-14 16:55 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 16:55 - 2016-12-14 16:55 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 16:55 - 2016-12-14 16:55 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-02-22 11:16 - 2016-11-11 21:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-02-22 11:16 - 2016-11-11 21:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-22 11:16 - 2016-11-11 21:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-22 11:16 - 2016-12-12 15:17 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-22 11:16 - 2016-11-11 21:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-22 11:16 - 2016-11-11 21:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-16 09:56 - 2016-11-11 21:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-16 09:56 - 2016-11-11 21:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-16 09:56 - 2016-11-11 21:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-22 11:16 - 2016-11-11 21:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-03 19:31 - 2016-12-12 15:17 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-16 09:56 - 2016-11-11 21:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-16 09:56 - 2016-11-11 21:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-22 11:16 - 2016-11-11 21:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-02-22 11:16 - 2016-11-11 21:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-02-22 11:16 - 2016-12-12 15:17 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-02-22 11:16 - 2016-11-11 21:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-03 19:31 - 2016-12-12 15:17 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-02-22 11:16 - 2016-11-11 21:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-22 11:16 - 2016-11-11 21:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-22 11:16 - 2016-11-11 21:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-22 11:16 - 2016-11-11 21:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-02-22 11:16 - 2016-11-11 21:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-22 11:16 - 2016-11-11 21:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-02-22 11:16 - 2016-11-11 21:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-03 19:31 - 2016-11-11 21:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-02-22 11:16 - 2016-11-11 21:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-22 11:16 - 2016-12-12 15:17 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-22 11:16 - 2016-12-12 15:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-22 11:16 - 2016-12-12 15:17 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-22 11:16 - 2016-12-12 15:17 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-02-22 11:16 - 2016-11-11 21:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-22 11:16 - 2016-12-12 15:17 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-16 09:56 - 2016-11-11 21:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-16 09:56 - 2016-12-12 15:16 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-12-16 09:56 - 2016-12-05 21:07 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-12-16 09:56 - 2016-12-12 15:16 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-16 09:56 - 2016-12-12 15:16 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-22 11:16 - 2016-11-11 21:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-16 09:56 - 2016-12-12 15:17 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-16 09:56 - 2016-12-12 15:17 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-16 09:56 - 2016-12-12 15:17 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-03 19:31 - 2016-12-12 15:17 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-16 09:56 - 2016-11-11 21:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-16 09:56 - 2016-11-11 21:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-16 09:56 - 2016-12-12 15:16 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-16 09:56 - 2016-12-12 15:17 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-02-22 11:16 - 2016-11-11 21:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-16 08:45 - 2016-12-12 15:17 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-03 19:31 - 2016-12-12 15:17 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-16 09:56 - 2016-12-12 15:16 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:ECF54A0E [354]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-09-18 11:43 - 2016-12-03 13:04 - 00000346 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3797189423-156461087-3773699883-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\pederZen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{6B68B639-CC97-447A-B70C-7AAB805DDA07}] => C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe
FirewallRules: [{250815FD-4365-40D8-BC8F-55C3C8EBADB7}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DD5E2B72-6A2B-4EC1-8FA9-BDAF09C03220}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4B32AFE8-930C-4ECA-AC4B-FEADADE8E899}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E048B39-43AA-4147-8C13-0F4A997D607C}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{00C70A10-5617-4544-894F-D1E3F3552A1F}] => C:\Users\pederZen\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [{8075BD76-BD09-4950-A0EF-E7A64BFDC0A5}] => C:\Users\pederZen\AppData\Local\Temp\andy-x64\Setup.exe
FirewallRules: [UDP Query User{42D1E7C0-E066-4CCE-9149-4D78CE096B99}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{552EEB2C-5163-428B-8CDC-CEEBEACBB0E3}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{E3EA3028-DCF7-4DDA-8B35-FEF03F799FDB}C:\borederlands\binaries\borderlands.exe] => C:\borederlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{9D9DAA1C-BC59-4360-B059-E7529327A4BC}C:\borederlands\binaries\borderlands.exe] => C:\borederlands\binaries\borderlands.exe
FirewallRules: [{ED41F380-F5F0-4C93-8E7D-9BBA1742D9F5}] => LPort=1688
FirewallRules: [UDP Query User{1540B2B1-351A-4096-8F4D-D6FA5EEF46C5}C:\borederlands\binaries\borderlands.exe] => C:\borederlands\binaries\borderlands.exe
FirewallRules: [TCP Query User{2F5A7587-C45B-4F5B-9A50-E20F0FF28C98}C:\borederlands\binaries\borderlands.exe] => C:\borederlands\binaries\borderlands.exe
FirewallRules: [{3DD4BFFB-A1D9-4400-B883-DD576024BF4F}] => C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{9DE9BA94-8E74-45FE-889F-B13ACC71AB8C}] => C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{77874E12-1B6E-483F-843B-62914B5C9092}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{3E1E1965-E96E-45F3-A92E-0CE438AC48A8}C:\program files (x86)\winamp\winamp.exe] => C:\program files (x86)\winamp\winamp.exe
FirewallRules: [{6E1A0EF5-02A2-4727-89E0-5693DF9E6EF6}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{A5746A78-C83B-47D7-B70D-63058A0FCBA9}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{200BBD2C-B246-4AD3-A5B9-5CC102BCB8E8}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95ECE3D6-CA5F-4397-B8D3-66A8D454E44E}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F36917BA-0E60-40EB-A1E1-F98144B671E5}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0E5561F2-C4AD-44B4-AC3E-5971C759C1FA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
13-12-2016 12:19:31 első
15-12-2016 19:38:21 Revo Uninstaller Pro's restore point - Traffic Exchange
17-12-2016 10:33:17 Revo Uninstaller Pro's restore point - SpyHunter
18-12-2016 10:46:32 Revo Uninstaller Pro's restore point - AntiLogger Free version 1.8.2.320
18-12-2016 13:14:19 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (12/18/2016 08:17:10 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) A rendszer nem találja a megadott fájlt.
Error: (12/18/2016 08:15:46 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 08:05:55 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 08:05:24 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 08:04:59 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 08:04:40 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 08:04:33 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 08:01:19 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 08:01:14 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
Error: (12/18/2016 08:01:09 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

System errors:
=============
Error: (12/18/2016 08:18:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: A(z) alkalmazásspecifikus engedélybeállítások nem biztosítanak a(z) Helyi számára Aktiválás engedélyt a COM-kiszolgálóalkalmazáshoz. CLSID:
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
, APPID:
{F72671A9-012C-4725-9D2F-2A4D32D65169}
, felhasználó: NT AUTHORITY\SYSTEM, SID: S-1-5-18, cím: LocalHost (helyi állomás, LRPC használatával), futtatási alkalmazástároló: Nem érhető el, SID: Nem érhető el. Ez a biztonsági engedély a Komponensszolgáltatások felügyeleti eszközzel módosítható.
Error: (12/18/2016 08:16:42 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9IRPQJS)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} kiszolgáló nem regisztrálta magát a DCOM-ban a megadott határidő lejárta előtt.
Error: (12/18/2016 08:16:39 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9IRPQJS)
Description: A(z) alkalmazásspecifikus engedélybeállítások nem biztosítanak a(z) Helyi számára Aktiválás engedélyt a COM-kiszolgálóalkalmazáshoz. CLSID:
{9E175B6D-F52A-11D8-B9A5-505054503030}
, APPID:
{9E175B9C-F52A-11D8-B9A5-505054503030}
, felhasználó: DESKTOP-9IRPQJS\pederZen, SID: S-1-5-21-3797189423-156461087-3773699883-1001, cím: LocalHost (helyi állomás, LRPC használatával), futtatási alkalmazástároló: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe, SID: S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194. Ez a biztonsági engedély a Komponensszolgáltatások felügyeleti eszközzel módosítható.
Error: (12/18/2016 08:16:32 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-9IRPQJS)
Description: A(z) alkalmazásspecifikus engedélybeállítások nem biztosítanak a(z) Helyi számára Aktiválás engedélyt a COM-kiszolgálóalkalmazáshoz. CLSID:
{9E175B6D-F52A-11D8-B9A5-505054503030}
, APPID:
{9E175B9C-F52A-11D8-B9A5-505054503030}
, felhasználó: DESKTOP-9IRPQJS\pederZen, SID: S-1-5-21-3797189423-156461087-3773699883-1001, cím: LocalHost (helyi állomás, LRPC használatával), futtatási alkalmazástároló: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe, SID: S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194. Ez a biztonsági engedély a Komponensszolgáltatások felügyeleti eszközzel módosítható.
Error: (12/18/2016 08:16:23 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: A szolgáltatásvezérlő kezelője megpróbált ellenintézkedést tenni (A szolgáltatás újraindítása)
a(z) Windows Search szolgáltatás váratlan leállása után, de a művelet a következő
hiba miatt sikertelen volt:
A szolgáltatás egy példánya már fut.
Error: (12/18/2016 08:15:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-9IRPQJS)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} kiszolgáló nem regisztrálta magát a DCOM-ban a megadott határidő lejárta előtt.
Error: (12/18/2016 08:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) Windows Search szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. 30000 milliszekundumon belül a következő ellenintézkedés történik: A szolgáltatás újraindítása.
Error: (12/18/2016 08:15:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: A(z) MB3Service szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő.
Error: (12/18/2016 08:15:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: A(z) TeamViewer 12 szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő. 2000 milliszekundumon belül a következő ellenintézkedés történik: A szolgáltatás újraindítása.
Error: (12/18/2016 08:15:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: A(z) Office Software Protection Platform szolgáltatás váratlanul leállt. Ez a(z) 1. alkalommal fordult elő.

CodeIntegrity:
===================================
  Date: 2016-12-18 15:55:25.204
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2016-12-18 09:56:34.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-18 08:23:41.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.977
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.862
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:49.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:48.662
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.
  Date: 2016-12-17 22:11:48.550
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll that did not meet the Store signing level requirements.

==================== Memory info ===========================
Processor: AMD FX™-8120 Eight-Core Processor
Percentage of memory in use: 28%
Total physical RAM: 6104.73 MB
Available physical RAM: 4379.73 MB
Total Virtual: 8920.73 MB
Available Virtual: 7090.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.34 GB) (Free:69.1 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (TITÁN) (Fixed) (Total:931.5 GB) (Free:68.45 GB) NTFS
Drive f: (Letölt) (Fixed) (Total:111.79 GB) (Free:101.48 GB) NTFS
Drive g: (Program) (Fixed) (Total:74.5 GB) (Free:64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: AAAAAAAA)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 011D45E7)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 6D30CC90)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: DE6BA41E)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================

 

 

I have reset chrome but, i need some help with

'go to Google Sync and sign into your account scroll down until you see the ‘Stop and Clear’ button and click on it'

I opened sync i see that it is already signed in with one of my google accounts.

I hit the button in left upper corner with the 9 little squares and go to my account but, find no such thing as ‘Stop and Clear’.

Am i looking at the wrong place?



#9 satchfan

satchfan

  • Malware Response Team
  • 2,847 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:35 PM

Posted 18 December 2016 - 05:20 PM

Sorry about the misleading instructions but I’m not a fan of Chrome and don’t use it so can’t give you guidance there but let’s try uninstalling/re-installing it.

Uninstall/Reinstall Google Chrome

First save all your bookmarks/favourites.

  • open Chrome, click on the 3 bars in the top right hand corner, select Bookmarks and then Bookmarks Manager
  • click on Organise and then select Export Bookmarks to HTML file, then choose Desktop to save it
  • again, click on the three bars in the top right hand corner and select Settings
  • in the list of Settings under “Sign in” click on Disconnect your Google Account – (if “Disconnect your Google Account” is not there, you will have to sign in using your Chrome username and password first to make it visible)
  • in the text of the next window click on “Google Dashboard” then, at the “Chrome sync” screen, click on Stop and Clear at the bottom
  • a box will open and ask for confirmation, click on OK (wait for this to complete before doing the next step)
  • when confirmation appears close that page and then click on Disconnect account
  • shut Google Chrome, click on Start > Control Panel > Programs and Features (or Add/Remove Programs in XP) and uninstall Google Chrome. Select Everything for removal if asked.

Reboot the system and then reinstall Google Chrome from here

Repeat the process to reinstate your bookmarks by going to Bookmarks > Bookmarks Manager > Organise and select Import Bookmarks.

Let me know if that has solved the problem.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 pederZen

pederZen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 20 December 2016 - 03:25 AM

Dear Satchfan,

 

it worked, thank you so much!

I have struggled with this for like 2 weeks already and was about re-installing Windows.

You are a real hero!

No other site like this, thank you for your valuable help!

 

All the best, pederZen



#11 satchfan

satchfan

  • Malware Response Team
  • 2,847 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:35 PM

Posted 20 December 2016 - 04:05 AM

You’re very welcome and I’m pleased that your computer is now running well.

Please do the following to clear up the tools we’ve used.

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 pederZen

pederZen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 21 December 2016 - 07:26 AM

It is done, thanks again :)

 

pederZen



#13 satchfan

satchfan

  • Malware Response Team
  • 2,847 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:35 PM

Posted 21 December 2016 - 07:29 AM

You're welcome. :hello:


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 satchfan

satchfan

  • Malware Response Team
  • 2,847 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:35 PM

Posted 21 December 2016 - 07:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users