Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can someone check my mom's Farbar Recovery Scan Tool?


  • This topic is locked This topic is locked
12 replies to this topic

#1 Raymond1985

Raymond1985

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 23 July 2018 - 03:27 PM

Hi there,

 

I just scanned my mom's computer with Malwarebyte and AdwCleaner.

Now it's time for Fabar (?).

 

Can some please check this log and post a fixlog please? Would be great!

 

Thank you.

 

Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 21.07.2018
Gestart door gebruiker (Beheerder) op GEBRUIKER-PC (23-07-2018 21:50:59)
Gestart vanaf C:\Users\gebruiker\Downloads
Geladen Profielen: gebruiker (Beschikbare Profielen: gebruiker & UpdatusUser)
Platform: Microsoft Windows 10 Home Versie 1803 17134.165 (X86) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x86__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\Video.UI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(f.lux Software LLC) C:\Users\gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3754168 2018-07-13] (Dropbox, Inc.)
HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-06-23] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Run: [f.lux] => C:\Users\gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD [2014-11-29] ()
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist en een registeritem is, wordt het verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{2c546b76-0a93-4a2b-a147-213aaaa0cf49}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{86ae3ddf-abef-4925-baf0-1341ac9cdf3a}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{a2ab58b4-fb21-4ab0-b420-9a07a3c0475e}: [DhcpNameServer] 192.168.2.254
 
Internet Explorer:
==================
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/
 
FireFox:
========
FF DefaultProfile: cse4g4pv.default
FF ProfilePath: C:\Users\gebruiker\AppData\Roaming\TomTom\HOME\Profiles\ks7w2py0.default [2018-06-16]
FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2018-06-16] [Verouderd] [niet getekend]
FF ProfilePath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\cse4g4pv.default [2018-07-23]
FF Extension: (Geen Naam) - C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\cse4g4pv.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-06-16]
FF Extension: (Adblock Plus) - C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\cse4g4pv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-20]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-07] [Verouderd] [niet getekend]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default [2018-07-23]
CHR Extension: (Documenten) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-06-23] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6391272 2018-06-23] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Bestand niet getekend]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [43712 2018-07-13] (Dropbox, Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [353792 2018-03-19] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [238176 2017-01-18] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3345936 2018-07-01] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [81288 2018-07-01] (Microsoft Corporation)
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [159936 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [181240 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [157840 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [276712 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [50360 2018-06-23] (AVG Technologies CZ, s.r.o.)
S3 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [14848 2018-06-23] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35192 2018-06-23] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [126056 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [93440 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [64232 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [776504 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [387312 2018-07-23] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [155088 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [303168 2018-06-23] (AVG Technologies CZ, s.r.o.)
S3 b06diag; C:\WINDOWS\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation)
S3 BFNVis32; C:\WINDOWS\system32\drivers\XenoVx86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 IFCoEMP; C:\WINDOWS\system32\drivers\ifM60x32.sys [334096 2012-04-21] (Intel® Corporation)
S3 IFCoEVB; C:\WINDOWS\system32\drivers\ifP60X32.sys [69392 2012-04-21] (Intel® Corporation)
S3 ioatdma1; C:\WINDOWS\System32\Drivers\qd16032.sys [36552 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\WINDOWS\System32\Drivers\qd26032.sys [37576 2009-11-16] (Intel Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7522304 2011-10-31] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [38912 2018-07-01] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [279616 2018-07-01] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [45608 2018-07-01] (Microsoft Corporation)
U4 aspnet_state; geen ImagePath
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [31232 2018-04-11] (Microsoft Corporation)
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Gemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)
 
2018-07-23 21:50 - 2018-07-23 21:51 - 000013228 _____ C:\Users\gebruiker\Downloads\FRST.txt
2018-07-23 21:50 - 2018-07-23 21:50 - 000000000 ____D C:\FRST
2018-07-23 21:49 - 2018-07-23 21:50 - 001773056 _____ (Farbar) C:\Users\gebruiker\Downloads\FRST.exe
2018-07-23 21:30 - 2018-07-23 21:35 - 000000000 ____D C:\AdwCleaner
2018-07-23 19:58 - 2018-07-23 19:58 - 000000000 ___HD C:\$AV_AVG
2018-07-19 19:45 - 2018-07-19 19:46 - 000000000 ____D C:\Users\gebruiker\Desktop\Vernieuwen website 1e versie uitsorteren
2018-07-19 19:32 - 2018-07-19 19:44 - 000000000 ____D C:\Users\gebruiker\Desktop\Foto's van Eric v. website
2018-07-19 19:13 - 2018-07-19 20:51 - 000000000 ____D C:\Users\gebruiker\Desktop\Foto's selectie 2 website
2018-07-19 19:12 - 2018-07-19 19:12 - 000000000 ____D C:\Users\gebruiker\Desktop\Foto's selectie 1 website
2018-07-16 11:33 - 2018-07-16 11:33 - 001591787 _____ C:\Users\gebruiker\Downloads\Retmar drukwerk.zip
2018-07-15 11:22 - 2018-07-18 10:46 - 000000000 ____D C:\Users\gebruiker\Desktop\NIEUWE WEBSITE
2018-07-13 20:41 - 2018-07-13 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-13 04:01 - 2018-07-13 04:01 - 000043712 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-07-13 04:01 - 2018-07-13 04:01 - 000038968 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-07-13 04:01 - 2018-07-13 04:01 - 000035432 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-07-13 04:01 - 2018-07-13 04:01 - 000035408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-07-12 19:57 - 2018-07-12 19:57 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-07-12 19:57 - 2018-07-12 19:57 - 000002241 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-07-12 19:45 - 2018-07-12 19:45 - 022910079 _____ C:\Users\gebruiker\Downloads\Singh Kaur Crimson Vol. 6, Ardas [360p].mp4
2018-07-12 19:39 - 2018-07-12 19:40 - 028163721 _____ C:\Users\gebruiker\Downloads\Singh Kaur ~ Rakhe Rakhanhar [360p].mp4
2018-07-11 17:35 - 2018-06-29 03:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-07-11 17:35 - 2018-06-29 03:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-07-11 14:29 - 2018-07-06 09:14 - 006710176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-11 14:29 - 2018-07-06 09:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-11 14:29 - 2018-07-06 09:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-11 14:29 - 2018-07-06 08:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-11 14:29 - 2018-06-15 17:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-11 14:29 - 2018-06-15 17:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-11 14:29 - 2018-06-15 07:20 - 001020184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-11 14:29 - 2018-06-15 07:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-11 14:29 - 2018-06-15 06:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-11 14:29 - 2018-06-15 06:48 - 002805760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-11 14:29 - 2018-06-15 06:43 - 000980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 002712480 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 14:28 - 2018-07-06 14:28 - 001367968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000628120 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000563104 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000367512 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000254872 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000126360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 14:28 - 2018-07-06 14:28 - 000062360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-11 14:28 - 2018-07-06 14:09 - 000456600 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-11 14:28 - 2018-07-06 14:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-11 14:28 - 2018-07-06 13:57 - 003254272 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-11 14:28 - 2018-07-06 13:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-11 14:28 - 2018-07-06 13:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-11 14:28 - 2018-07-06 13:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-11 14:28 - 2018-07-06 13:53 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-11 14:28 - 2018-07-06 13:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-11 14:28 - 2018-07-06 13:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-11 14:28 - 2018-07-06 13:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-11 14:28 - 2018-07-06 13:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-11 14:28 - 2018-07-06 13:52 - 001082880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-11 14:28 - 2018-07-06 13:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-11 14:28 - 2018-07-06 13:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-11 14:28 - 2018-07-06 09:25 - 000030624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-11 14:28 - 2018-07-06 09:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-11 14:28 - 2018-07-06 09:24 - 000364960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 002139032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 002031008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 001618280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 001190600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-11 14:28 - 2018-07-06 09:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 001050584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-11 14:28 - 2018-07-06 09:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 000831624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-11 14:28 - 2018-07-06 09:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-11 14:28 - 2018-07-06 09:14 - 000802208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 000679728 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 000539792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 000220576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 000142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 000104888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-11 14:28 - 2018-07-06 08:58 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-11 14:28 - 2018-07-06 08:58 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-11 14:28 - 2018-07-06 08:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-11 14:28 - 2018-07-06 08:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-11 14:28 - 2018-07-06 08:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-11 14:28 - 2018-07-06 08:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-11 14:28 - 2018-07-06 08:57 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 001755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-11 14:28 - 2018-07-06 08:54 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 000879104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-11 14:28 - 2018-07-06 08:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-11 14:28 - 2018-06-15 17:42 - 000439040 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-11 14:28 - 2018-06-15 17:25 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-11 14:28 - 2018-06-15 17:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-11 14:28 - 2018-06-15 17:20 - 000316152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-11 14:28 - 2018-06-15 17:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-11 14:28 - 2018-06-15 17:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-11 14:28 - 2018-06-15 17:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-11 14:28 - 2018-06-15 17:05 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-11 14:28 - 2018-06-15 17:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-11 14:28 - 2018-06-15 17:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-11 14:28 - 2018-06-15 17:04 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-11 14:28 - 2018-06-15 17:04 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-11 14:28 - 2018-06-15 17:03 - 000958976 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-11 14:28 - 2018-06-15 17:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-11 14:28 - 2018-06-15 17:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-11 14:28 - 2018-06-15 17:03 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-11 14:28 - 2018-06-15 17:03 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-11 14:28 - 2018-06-15 17:03 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-11 14:28 - 2018-06-15 17:02 - 001075712 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 14:28 - 2018-06-15 17:02 - 001055232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-11 14:28 - 2018-06-15 17:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-11 14:28 - 2018-06-15 17:02 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-11 14:28 - 2018-06-15 17:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-11 14:28 - 2018-06-15 17:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-11 14:28 - 2018-06-15 17:01 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-11 14:28 - 2018-06-15 17:01 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-11 14:28 - 2018-06-15 09:01 - 000039840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-11 14:28 - 2018-06-15 08:54 - 000477592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-11 14:28 - 2018-06-15 08:54 - 000065440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-11 14:28 - 2018-06-15 07:19 - 000205208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-11 14:28 - 2018-06-15 07:18 - 000049568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-11 14:28 - 2018-06-15 07:17 - 000994368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-11 14:28 - 2018-06-15 07:15 - 000625520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-11 14:28 - 2018-06-15 07:15 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-11 14:28 - 2018-06-15 07:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-11 14:28 - 2018-06-15 07:05 - 001629616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-11 14:28 - 2018-06-15 07:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-11 14:28 - 2018-06-15 07:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 002359704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-11 14:28 - 2018-06-15 07:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 000493984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-11 14:28 - 2018-06-15 07:04 - 000359832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-11 14:28 - 2018-06-15 07:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001924000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000542616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000502704 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-11 14:28 - 2018-06-15 07:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-11 14:28 - 2018-06-15 07:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000054312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-11 14:28 - 2018-06-15 06:50 - 003245568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-11 14:28 - 2018-06-15 06:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-11 14:28 - 2018-06-15 06:48 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-11 14:28 - 2018-06-15 06:48 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-11 14:28 - 2018-06-15 06:47 - 001867776 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-11 14:28 - 2018-06-15 06:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-11 14:28 - 2018-06-15 06:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-11 14:28 - 2018-06-15 06:47 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-11 14:28 - 2018-06-15 06:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-11 14:28 - 2018-06-15 06:47 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000683520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-11 14:28 - 2018-06-15 06:46 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 002412032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 002198016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-11 14:28 - 2018-06-15 06:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-11 14:28 - 2018-06-15 06:44 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-11 14:28 - 2018-06-15 06:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-11 14:28 - 2018-06-15 06:44 - 001272832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-11 14:28 - 2018-06-15 06:44 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-11 14:28 - 2018-06-15 06:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 001413632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-11 14:28 - 2018-06-15 06:42 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-11 14:28 - 2018-06-08 04:14 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-11 14:19 - 2018-07-19 14:23 - 000000000 ____D C:\ProgramData\Packages
2018-07-10 14:31 - 2018-07-10 14:31 - 071691209 _____ C:\Users\gebruiker\Downloads\Eric 2 collages.zip
2018-07-03 12:30 - 2018-07-03 12:30 - 000073819 _____ C:\Users\gebruiker\Downloads\aanslag-waterschaps-gem-belastingen.pdf
2018-07-02 20:24 - 2018-06-23 13:43 - 000322800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-07-02 19:27 - 2018-07-03 13:50 - 000000000 ____D C:\Users\gebruiker\Desktop\Kundalini muziek
2018-06-27 14:04 - 2018-06-27 14:05 - 000010293 _____ C:\Users\gebruiker\Documents\Map1.xlsx
2018-06-24 13:03 - 2018-07-06 17:55 - 000000000 ____D C:\Users\gebruiker\Desktop\Bestanden voor USB-stick
2018-06-23 13:45 - 2018-06-23 13:43 - 000014848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgElam.sys
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, word de map of het bestand verplaatst.)
 
2018-07-23 21:41 - 2018-06-13 21:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-23 21:40 - 2018-04-11 14:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-23 21:35 - 2018-06-13 21:10 - 000000000 ____D C:\Users\UpdatusUser
2018-07-23 21:35 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-07-23 21:35 - 2015-01-23 18:41 - 000000000 ____D C:\Program Files\TeamViewer
2018-07-23 20:45 - 2018-06-13 21:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-23 20:26 - 2018-04-11 22:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-23 20:26 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-23 20:26 - 2018-04-11 22:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-23 20:26 - 2018-01-08 21:12 - 000000000 ____D C:\Users\gebruiker\AppData\Local\Packages
2018-07-23 20:09 - 2018-04-11 22:31 - 000000000 ____D C:\WINDOWS\INF
2018-07-23 20:09 - 2015-02-13 15:33 - 000000000 ____D C:\Users\gebruiker\AppData\Local\CrashDumps
2018-07-23 19:40 - 2018-02-11 12:33 - 000387312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-07-22 16:05 - 2018-04-01 10:09 - 000000000 ____D C:\Users\gebruiker\AppData\LocalLow\Mozilla
2018-07-20 11:09 - 2015-03-11 16:04 - 000007987 _____ C:\WINDOWS\BRRBCOM.INI
2018-07-19 20:53 - 2015-12-13 11:11 - 000000000 ___RD C:\Users\gebruiker\Dropbox
2018-07-17 12:35 - 2018-06-13 21:10 - 000000000 ____D C:\Users\gebruiker
2018-07-17 10:56 - 2018-06-13 21:10 - 000002437 _____ C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-17 10:56 - 2015-12-24 11:00 - 000000000 ___RD C:\Users\gebruiker\OneDrive
2018-07-15 11:32 - 2015-05-24 12:46 - 000000000 ____D C:\Rosmarie
2018-07-13 20:42 - 2015-12-13 11:05 - 000000000 ____D C:\Program Files\Dropbox
2018-07-12 19:57 - 2015-01-23 18:40 - 000000000 ____D C:\Program Files\Google
2018-07-12 19:42 - 2018-06-16 17:47 - 000000000 ____D C:\Users\gebruiker\Desktop\Download Youtube
2018-07-12 16:19 - 2015-04-22 21:14 - 000000000 ___RD C:\Users\gebruiker\Documents\Scanned Documents
2018-07-11 17:40 - 2018-06-13 21:23 - 001676386 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 17:40 - 2018-04-12 07:16 - 000747742 _____ C:\WINDOWS\system32\perfh013.dat
2018-07-11 17:40 - 2018-04-12 07:16 - 000145902 _____ C:\WINDOWS\system32\perfc013.dat
2018-07-11 17:37 - 2018-06-13 21:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-11 17:35 - 2018-06-13 21:05 - 000346152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 17:34 - 2018-04-01 10:09 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-07-11 17:34 - 2018-04-01 10:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 17:32 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 17:32 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 17:32 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-11 14:38 - 2018-04-11 22:25 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-11 14:37 - 2018-04-11 22:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-09 11:26 - 2017-12-01 19:39 - 000002218 _____ C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-07 20:06 - 2018-04-01 10:09 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-02 20:26 - 2018-02-11 12:34 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2018-07-02 20:26 - 2018-02-11 12:34 - 000002067 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-07-02 20:24 - 2018-04-11 22:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-07-02 19:57 - 2015-01-23 18:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-07-02 19:41 - 2018-06-16 19:18 - 000001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-01 15:30 - 2018-04-11 22:36 - 000000000 ___RD C:\Program Files\Windows Defender
2018-07-01 15:30 - 2018-02-11 12:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 11:57 - 2015-01-23 18:40 - 000002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-23 13:43 - 2018-02-11 12:33 - 000776504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-06-23 13:43 - 2018-02-11 12:33 - 000303168 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-06-23 13:43 - 2018-02-11 12:33 - 000159936 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-06-23 13:43 - 2018-02-11 12:33 - 000155088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-06-23 13:43 - 2018-02-11 12:33 - 000126056 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-06-23 13:43 - 2018-02-11 12:33 - 000093440 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-06-23 13:43 - 2018-02-11 12:33 - 000064232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-06-23 13:43 - 2018-02-11 12:33 - 000035192 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-06-23 13:42 - 2018-02-11 12:33 - 000276712 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgblogx.sys
2018-06-23 13:42 - 2018-02-11 12:33 - 000181240 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdriverx.sys
2018-06-23 13:42 - 2018-02-11 12:33 - 000157840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidshx.sys
2018-06-23 13:42 - 2018-02-11 12:33 - 000050360 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbunivx.sys
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
LastRegBack: 2018-06-13 21:05
 
==================== Eind van FRST.txt ============================
 
Extra scanresultaten van Farbar Recovery Scan Tool (x86) Versie: 21.07.2018
Gestart door gebruiker (23-07-2018 21:54:03)
Gestart vanaf C:\Users\gebruiker\Downloads
Microsoft Windows 10 Home Versie 1803 17134.165 (X86) (2018-06-13 19:37:08)
Boot Modus: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4155000124-3328373255-628368411-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4155000124-3328373255-628368411-503 - Limited - Disabled)
Gast (S-1-5-21-4155000124-3328373255-628368411-501 - Limited - Disabled)
gebruiker (S-1-5-21-4155000124-3328373255-628368411-1001 - Administrator - Enabled) => C:\Users\gebruiker
HomeGroupUser$ (S-1-5-21-4155000124-3328373255-628368411-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-4155000124-3328373255-628368411-1003 - Limited - Enabled) => C:\Users\UpdatusUser
WDAGUtilityAccount (S-1-5-21-4155000124-3328373255-628368411-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Geïnstalleerde programma's ======================
 
(Alleen de adware-programma's met 'verborgen' vlag kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeïnstalleerd worden.)
 
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
Brother MFL-Pro Suite DCP-J152W (HKLM\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Dropbox (HKLM\...\Dropbox) (Version: 53.4.67 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM\...\{2BD9B33B-CCB0-35B3-BD30-C4F263E53414}) (Version: 67.0.3396.99 - Google, Inc.)
Google Earth Pro (HKLM\...\{026258D5-B4DA-4BAA-AE33-D7F6E110AF45}) (Version: 7.3.2.5487 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 61.0.1 (x86 nl)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{89FD914D-4472-4E4F-8638-69E857E82DC9}) (Version: 4.11.9775 - Apache Software Foundation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
TomTom HOME (HKLM\...\{A9ECD2CC-CFC1-4537-88F8-3B540822FD67}) (Version: 2.11.2 - Uw bedrijfsnaam)
 
==================== Aangepaste CLSID (gefilterd): ==========================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-06-23] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> Geen bestand
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Geen bestand
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-06-23] (AVG Technologies CZ, s.r.o.)
 
==================== Geplande Taken (gefilterd) =============
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
Task: {0A051FD5-AC0C-443A-BCE3-11F1778EF88C} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-07-01] (AVG Technologies CZ, s.r.o.)
Task: {0A891675-5ADB-4F57-8804-9F671004FACC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0B0894B5-A6D5-4F4A-993C-EC5B1AFFE153} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {0C89B6FC-C88A-4600-AE5F-38714EE2645D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
Task: {0F803521-40EB-4ECB-94EB-FD6FD34BE20A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-12-13] (Dropbox, Inc.)
Task: {10296CF3-E8A2-4BAE-8BA5-123D57A6A87A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1618CE61-C370-4E5E-8544-6834D85A15AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {184AF2A2-5D84-4A9D-811A-EF62B496E359} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19EAF44C-662A-4DE1-989C-6297890988BB} - \Microsoft\Windows\UNP\RunCampaignManager -> Geen bestand <==== AANDACHT
Task: {1AB55668-4EF9-48C6-8226-DE6D8DA1F46A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {1BEAFA85-1941-431C-A714-702B45410FE5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {1C041317-98E8-4094-B98A-0E9251B93D8E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {23DDBC94-7459-49C3-9C7C-081A85B73670} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Geen bestand <==== AANDACHT
Task: {27B7BB18-0053-4E1E-8942-E2D80CD54B55} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {324547A0-BF67-446F-9444-82024572BB36} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34D56CC7-2FE8-47F3-B832-855937266917} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CFD0B00-8DC0-4A5C-9B41-BC4AAC09D2FD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {41E8C1B2-5686-48BA-96A4-BB62B195D985} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4797EAB0-9521-4042-B0D3-76204D80291A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Geen bestand <==== AANDACHT
Task: {47A8DBC5-5983-4CC0-B87A-26080D9BF472} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {481E08A3-B572-48D7-B9AE-5DD8CD933F96} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {502AE224-4168-4A64-BD00-024EEF8DF496} - \Microsoft\Windows\Media Center\StartRecording -> Geen bestand <==== AANDACHT
Task: {50725473-F3CF-4A41-9208-42DFBA5E4458} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {54F9222D-DCD8-4AF2-912C-7D1C9F893F35} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-12-13] (Dropbox, Inc.)
Task: {59F60C52-BD7F-40F0-87A3-25C1181FE7EC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5DE58B05-F4A4-477A-AA6F-810523AEFCF5} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {5F76C6BA-C61B-4FEA-B9D2-02961A735825} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {64FD07EB-5569-4357-996C-127ACE580CB0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
Task: {84301A5C-9FB1-4EC5-A666-F361E8E44F9A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8432CD51-4037-4A0E-9921-C7C1F22E526C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D0D80AD-F499-4466-A394-38EA8A6A780B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {9D6B0568-2986-458D-B048-5E23D1D2C033} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A5C308C9-D133-4A09-808E-34B5331F2230} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {A97F84F1-569C-47D7-A0C8-FB4F48AD2300} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0B6561F-AEB8-4E51-8B7F-145DA8115E82} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C213EF7B-5958-4F69-B15B-D4F929D4FE7C} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {CC9715BF-15B8-4264-910C-0FC86FA0A397} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {CE6C630D-4FFA-45F2-82E7-F54DF77133FC} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-06-23] (AVG Technologies CZ, s.r.o.)
Task: {CFE041D3-ECF4-496F-872F-6B4EF44734E6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC71F724-34DA-42C3-B1E2-369468B0EEBF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DD14D260-ED40-42D6-ADC1-781B5BD596BA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {DEFB2F38-74FA-4FC3-B9C9-599F43B6B487} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E0F496C8-7587-44C8-B9D6-0CC243C2089D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EAAA1DA0-F8E2-4AEE-9530-4B2351411307} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F721B41C-074A-450A-AFCD-88528370586B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {FD41A2D8-E78A-4EC9-8260-E539CAD2B8E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
 
(Als een item is opgenomen in de fixlist, wordt de taak (job) bestand verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
 
==================== Snelkoppelingen & WMI ========================
 
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
 
 
==================== Geladen Modules (gefilterd) ==============
 
2017-08-06 15:40 - 2016-11-14 13:00 - 000123448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-03-11 16:03 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2018-04-11 22:29 - 2018-04-11 22:29 - 000364200 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 22:29 - 2018-04-11 22:29 - 000308224 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 22:29 - 2018-04-11 22:29 - 001670656 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 001609216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-11 14:16 - 2018-07-11 14:19 - 001428144 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x86__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-07-17 15:08 - 2018-07-17 15:09 - 000075264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 15:08 - 2018-07-17 15:09 - 000166400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 15:08 - 2018-07-17 15:09 - 016200704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 15:08 - 2018-07-17 15:09 - 001812480 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\skypert.dll
2018-07-17 15:08 - 2018-07-17 15:08 - 017163264 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\Video.UI.exe
2018-07-17 15:08 - 2018-07-17 15:08 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\SharedUI.dll
2018-07-17 15:08 - 2018-07-17 15:08 - 004832768 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 16:14 - 2017-09-26 16:15 - 002890664 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-17 15:08 - 2018-07-17 15:08 - 006758400 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\EntPlat.dll
2015-03-11 16:04 - 2017-11-07 19:55 - 000137728 _____ () C:\Program Files\ControlCenter4\BrCcAssoc.dll
2018-05-15 11:30 - 2017-11-07 19:55 - 000440832 _____ () C:\Program Files\ControlCenter4\Track.dll
2018-03-15 12:03 - 2018-03-15 12:03 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-06-23 13:43 - 2018-06-23 13:43 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
2015-03-11 16:04 - 2017-11-07 20:04 - 000092672 _____ () C:\Program Files\ControlCenter4\BrCcLDut.dll
2015-03-11 16:04 - 2017-08-18 11:23 - 000087552 _____ () C:\Program Files\ControlCenter4\BrCcDlgRc.dll
2015-03-11 16:04 - 2017-08-18 11:23 - 017974784 _____ () C:\Program Files\ControlCenter4\BrCcGrImg.dll
 
==================== Alternate Data Streams (gefilterd) =========
 
(Als een item is opgenomen in de fixlist, wordt alleen de ADS verwijderd.)
 
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:com.dropbox.attributes [324]
 
==================== Veilige Modus (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. De waarde van "AlternateShell" wordt hersteld.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Bestandskoppeling (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, zal het registeritem worden teruggezet naar de standaardwaarden of verwijderd.)
 
 
==================== Internet Explorer vertrouwde/beperkte toegang ===============
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd.)
 
 
==================== Hosts Inhoud: ===============================
 
(Indien nodig kan Hosts:-opdracht worden opgenomen in de fixlist om Hosts te resetten.)
 
2009-07-14 04:04 - 2018-07-01 15:18 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Andere gebieden ============================
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is ingeschakeld.
 
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
 
HKLM\...\StartupApproved\Run: => "Dropbox"
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== Firewall regels (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, wordt het uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
FirewallRules: [UDP Query User{1F5368E5-4B9C-4181-A561-5DC4C6C1903E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D72E19EC-4B34-434A-A07E-2B717F803A3B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{D132C1EF-A7FE-41FA-863F-37F735DD0843}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B93098F4-F2A2-4AB4-B9BF-78F67EB424D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5158F31F-A095-4E44-9926-FDA522A88EE6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3E87EF1B-B280-40FB-9061-5290AFDFD48B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{12BF33EB-5230-4247-B1C0-90B8947B03C7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B9FD709D-010A-40D0-8C59-876A52D5F9D9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{1FB190B9-529E-4F81-9598-2E1DCE511732}] => (Allow) LPort=54925
FirewallRules: [{F54765D9-AD0B-4A69-82C6-895B10C5BEDF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CF000B4E-F9E8-4991-A5A0-713FCDB7EE5F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{5854BDC4-4121-4F66-88B4-D18F1E23E9D4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{DAA59944-4144-4820-9561-08FAE1A2A036}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4FD4338B-0F30-493F-8BB6-DB63659E7730}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3BA549BE-DD55-407B-8EB9-77387C5E28DA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2443BEA9-D5C7-4B31-8577-8EB494AFEE47}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8C49E98A-35D0-4577-BA4E-636E5DDB2A09}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8F0DF8DD-56B7-4062-B231-A68B18956396}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{3EB1FF0E-9EDF-4F83-8F9F-89D7ABB9B78A}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{2704EF4B-EFAE-484A-8F23-CBC63F691DFA}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
 
==================== Herstelpunten =========================
 
02-07-2018 17:17:41 Installatieprogramma voor Windows-modules
11-07-2018 14:27:06 Windows Update
18-07-2018 18:23:04 Gepland controlepunt
 
==================== Defecte Apparaatbeheer Apparaten =============
 
 
==================== Eventlog fouten: =========================
 
Applicatiefouten:
==================
Error: (07/18/2018 06:23:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (07/16/2018 11:23:46 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: gebruiker-PC)
Description: brave hendrikbrave hendrik-2147467263
 
Error: (07/11/2018 02:27:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (07/05/2018 04:01:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Microsoft.Photos.exe, versie: 2018.18041.15530.0, tijdstempel: 0x5b08a852
Naam van module met fout: Windows.UI.Xaml.dll, versie: 10.0.17134.112, tijdstempel: 0x2ea8fbd7
Uitzonderingscode: 0xc000027b
Foutmarge: 0x00617249
Id van proces met fout: 0x22d8
Starttijd van toepassing met fout: 0x01d4145d299d738b
Pad naar toepassing met fout: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
Pad naar module met fout: C:\Windows\System32\Windows.UI.Xaml.dll
Rapport-id: f8d64b3a-565a-42bf-802a-5399dbb1cd44
Volledige pakketnaam met fout: Microsoft.Windows.Photos_2018.18041.15530.0_x86__8wekyb3d8bbwe
Relatieve toepassings-id van pakket met fout: App
 
Error: (07/02/2018 05:17:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (06/26/2018 02:03:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (06/16/2018 07:07:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: SystemSettings.exe, versie: 10.0.17134.112, tijdstempel: 0xcfcc0a2d
Naam van module met fout: Windows.UI.Xaml.dll, versie: 10.0.17134.112, tijdstempel: 0x2ea8fbd7
Uitzonderingscode: 0xc000027b
Foutmarge: 0x0084e69c
Id van proces met fout: 0x1b00
Starttijd van toepassing met fout: 0x01d405940eb9677e
Pad naar toepassing met fout: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Pad naar module met fout: C:\Windows\System32\Windows.UI.Xaml.dll
Rapport-id: cc984516-d729-4675-9c8f-cce834422af4
Volledige pakketnaam met fout: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Relatieve toepassings-id van pakket met fout: microsoft.windows.immersivecontrolpanel
 
Error: (06/16/2018 06:48:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
 
Systeemfouten:
=============
Error: (07/23/2018 09:48:40 PM) (Source: DCOM) (EventID: 10016) (User: gebruiker-PC)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker gebruiker-PC\gebruiker SID (S-1-5-21-4155000124-3328373255-628368411-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (07/23/2018 09:46:52 PM) (Source: DCOM) (EventID: 10016) (User: gebruiker-PC)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker gebruiker-PC\gebruiker SID (S-1-5-21-4155000124-3328373255-628368411-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (07/23/2018 09:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De BrYNSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/23/2018 09:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De DbxSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/23/2018 09:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De NVIDIA Display Driver Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/23/2018 09:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De SynTPEnh Caller Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/23/2018 09:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De TomTomHOMEService-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/23/2018 09:35:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De DbxSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
 
CodeIntegrity:
===================================
 
Date: 2018-07-12 15:36:52.009
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.963
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.911
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.769
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.729
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.695
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:49.491
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:48.870
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
==================== Geheugen info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage geheugen in gebruik: 46%
Totaal fysiek RAM-geheugen: 3069.98 MB
Beschikbaar fysiek RAM-geheugen: 1632.55 MB
Totaal Virtueel geheugen: 6141.98 MB
Beschikbaar Virtueel geheugen: 4645.64 MB
 
==================== Schijven ================================
 
Drive c: () (Fixed) (Total:297.16 GB) (Free:220.68 GB) NTFS
 
\\?\Volume{e5a3893f-a307-11e4-90f2-806e6f6e6963}\ (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{1a0f93cd-0000-0000-0000-c0504a000000}\ () (Fixed) (Total:0.83 GB) (Free:0.44 GB) NTFS
 
==================== MBR & Partitietabel ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 1A0F93CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=848 MB) - (Type=27)
 
==================== Eind van Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 AM

Posted 25 July 2018 - 11:29 AM

Raymond1985:



:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Assistance Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

 

I apologize but I do not understand the language (Dutch, German?) of the FRST scan logs.  I would prefer to work with English logs, which is my native language.  Would you be so kind as to rename FRST.exe to FRSTEnglish.exe?  This will produce the scan logs in the English language.

 

Once you have renamed the file to FRSTEnglish.exe, please re-run the FRST scan.  Right click the FRSTEnglish.exe file and select "Run as Administrator".  Please copy and paste the contents of the both the new "FRST.txt" file and the "Addition.txt" file into your next reply.

I will need some time to review your FRST logs, once I receive the new logs. That could take a day or two, but I do hope to respond within 24 hours with an initial FRST "fixlist" script.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

 

May I also ask why you think the computer is infected?  What are the symptoms, if any; or, do you just want to make sure that there is no malware on the computer?

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#3 Raymond1985

Raymond1985
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 25 July 2018 - 12:19 PM

Hi Phil,

 

My name is Raymond. Sorry for my Dutch reports. Below I post both reports in English. The main reason is do double check if there is no malware (anymore) on my mom's computer. 

Many thanks for now.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21.07.2018
Ran by gebruiker (administrator) on GEBRUIKER-PC (25-07-2018 19:05:03)
Running from C:\Users\gebruiker\Downloads
Loaded Profiles: gebruiker & UpdatusUser (Available Profiles: gebruiker & UpdatusUser)
Platform: Microsoft Windows 10 Home Version 1803 17134.165 (X86) Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(f.lux Software LLC) C:\Users\gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MpCmdRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\gebruiker\Downloads\FRSTEnglish.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3754168 2018-07-13] (Dropbox, Inc.)
HKLM\...\Run: [BrHelp] => C:\Program Files\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1803976 2016-12-09] (NVIDIA Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291568 2018-06-23] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [486816 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Run: [f.lux] => C:\Users\gebruiker\AppData\Local\FluxSoftware\Flux\flux.exe [1806344 2018-07-03] (f.lux Software LLC)
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [13594584 2018-06-24] (Piriform Ltd)
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-4155000124-3328373255-628368411-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2018-04-11] (Microsoft Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD [2014-11-29] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{2c546b76-0a93-4a2b-a147-213aaaa0cf49}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{86ae3ddf-abef-4925-baf0-1341ac9cdf3a}: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{a2ab58b4-fb21-4ab0-b420-9a07a3c0475e}: [DhcpNameServer] 192.168.2.254
 
Internet Explorer:
==================
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.nl/
 
FireFox:
========
FF DefaultProfile: cse4g4pv.default
FF ProfilePath: C:\Users\gebruiker\AppData\Roaming\TomTom\HOME\Profiles\ks7w2py0.default [2018-06-16]
FF Extension: (Map status indicator) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2018-06-16] [Legacy] [not signed]
FF ProfilePath: C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\cse4g4pv.default [2018-07-23]
FF Extension: (No Name) - C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\cse4g4pv.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2018-06-16]
FF Extension: (Adblock Plus) - C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\cse4g4pv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-07-20]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-07] [Legacy] [not signed]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default [2018-07-23]
CHR Extension: (Documenten) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-15]
CHR HKLM\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [323512 2018-06-23] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6391272 2018-06-23] (AVG Technologies CZ, s.r.o.)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [43712 2018-07-13] (Dropbox, Inc.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [353792 2018-03-19] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [238176 2017-01-18] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3345936 2018-07-01] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [81288 2018-07-01] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [159936 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdriverx.sys [181240 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidshx.sys [157840 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgblogx.sys [276712 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbunivx.sys [50360 2018-06-23] (AVG Technologies CZ, s.r.o.)
S3 avgElam; C:\WINDOWS\System32\drivers\avgElam.sys [14848 2018-06-23] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [35192 2018-06-23] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [126056 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [93440 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [64232 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [776504 2018-06-23] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [387312 2018-07-23] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [155088 2018-06-23] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [303168 2018-06-23] (AVG Technologies CZ, s.r.o.)
S3 b06diag; C:\WINDOWS\system32\drivers\bxdiagx.sys [75816 2012-03-08] (Broadcom Corporation)
S3 BFNVis32; C:\WINDOWS\system32\drivers\XenoVx86.sys [130152 2012-02-22] (Bigfoot Networks, Inc.)
S3 IFCoEMP; C:\WINDOWS\system32\drivers\ifM60x32.sys [334096 2012-04-21] (Intel® Corporation)
S3 IFCoEVB; C:\WINDOWS\system32\drivers\ifP60X32.sys [69392 2012-04-21] (Intel® Corporation)
S3 ioatdma1; C:\WINDOWS\System32\Drivers\qd16032.sys [36552 2009-11-16] (Intel Corporation)
S3 ioatdma2; C:\WINDOWS\System32\Drivers\qd26032.sys [37576 2009-11-16] (Intel Corporation)
R3 NETwNs32; C:\WINDOWS\System32\drivers\NETwNs32.sys [7522304 2011-10-31] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [38912 2018-07-01] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [279616 2018-07-01] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [45608 2018-07-01] (Microsoft Corporation)
U4 aspnet_state; no ImagePath
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [31232 2018-04-11] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-23 22:07 - 2018-07-23 22:07 - 000024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-07-23 22:06 - 2018-07-23 22:40 - 000000000 ____D C:\ProgramData\RogueKiller
2018-07-23 22:05 - 2018-07-23 22:05 - 000001070 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-07-23 22:03 - 2018-07-23 22:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-07-23 22:02 - 2018-07-23 22:05 - 000000000 ____D C:\Program Files\RogueKiller
2018-07-23 22:00 - 2018-07-23 22:00 - 036753816 _____ (Adlice Software ) C:\Users\gebruiker\Downloads\RogueKiller_setup_ref3.exe
2018-07-23 21:54 - 2018-07-23 21:57 - 000033533 _____ C:\Users\gebruiker\Downloads\Addition.txt
2018-07-23 21:50 - 2018-07-25 19:06 - 000013897 _____ C:\Users\gebruiker\Downloads\FRST.txt
2018-07-23 21:50 - 2018-07-25 19:05 - 000000000 ____D C:\FRST
2018-07-23 21:49 - 2018-07-23 21:50 - 001773056 _____ (Farbar) C:\Users\gebruiker\Downloads\FRSTEnglish.exe
2018-07-23 21:30 - 2018-07-23 21:35 - 000000000 ____D C:\AdwCleaner
2018-07-23 19:58 - 2018-07-23 19:58 - 000000000 ___HD C:\$AV_AVG
2018-07-19 19:45 - 2018-07-19 19:46 - 000000000 ____D C:\Users\gebruiker\Desktop\Vernieuwen website 1e versie uitsorteren
2018-07-19 19:32 - 2018-07-19 19:44 - 000000000 ____D C:\Users\gebruiker\Desktop\Foto's van Eric v. website
2018-07-19 19:13 - 2018-07-19 20:51 - 000000000 ____D C:\Users\gebruiker\Desktop\Foto's selectie 2 website
2018-07-19 19:12 - 2018-07-19 19:12 - 000000000 ____D C:\Users\gebruiker\Desktop\Foto's selectie 1 website
2018-07-16 11:33 - 2018-07-16 11:33 - 001591787 _____ C:\Users\gebruiker\Downloads\Retmar drukwerk.zip
2018-07-15 11:22 - 2018-07-18 10:46 - 000000000 ____D C:\Users\gebruiker\Desktop\NIEUWE WEBSITE
2018-07-13 20:41 - 2018-07-13 20:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-13 04:01 - 2018-07-13 04:01 - 000043712 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-07-13 04:01 - 2018-07-13 04:01 - 000038968 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-07-13 04:01 - 2018-07-13 04:01 - 000035432 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-07-13 04:01 - 2018-07-13 04:01 - 000035408 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-07-12 19:57 - 2018-07-12 19:57 - 000002253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-07-12 19:57 - 2018-07-12 19:57 - 000002241 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-07-12 19:45 - 2018-07-12 19:45 - 022910079 _____ C:\Users\gebruiker\Downloads\Singh Kaur Crimson Vol. 6, Ardas [360p].mp4
2018-07-12 19:39 - 2018-07-12 19:40 - 028163721 _____ C:\Users\gebruiker\Downloads\Singh Kaur ~ Rakhe Rakhanhar [360p].mp4
2018-07-11 17:35 - 2018-06-29 03:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-07-11 17:35 - 2018-06-29 03:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-07-11 14:29 - 2018-07-06 09:14 - 006710176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-11 14:29 - 2018-07-06 09:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-11 14:29 - 2018-07-06 09:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-11 14:29 - 2018-07-06 08:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-11 14:29 - 2018-06-15 17:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-11 14:29 - 2018-06-15 17:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-11 14:29 - 2018-06-15 07:20 - 001020184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-11 14:29 - 2018-06-15 07:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-11 14:29 - 2018-06-15 07:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-11 14:29 - 2018-06-15 06:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-11 14:29 - 2018-06-15 06:48 - 002805760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-11 14:29 - 2018-06-15 06:43 - 000980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 002712480 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 14:28 - 2018-07-06 14:28 - 001367968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000628120 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000563104 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000520088 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000367512 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000254872 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 14:28 - 2018-07-06 14:28 - 000126360 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 14:28 - 2018-07-06 14:28 - 000062360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-11 14:28 - 2018-07-06 14:09 - 000456600 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-11 14:28 - 2018-07-06 14:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-11 14:28 - 2018-07-06 13:57 - 003254272 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-11 14:28 - 2018-07-06 13:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-11 14:28 - 2018-07-06 13:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-11 14:28 - 2018-07-06 13:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-11 14:28 - 2018-07-06 13:53 - 000623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-11 14:28 - 2018-07-06 13:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-11 14:28 - 2018-07-06 13:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-11 14:28 - 2018-07-06 13:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-11 14:28 - 2018-07-06 13:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-11 14:28 - 2018-07-06 13:52 - 001082880 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-11 14:28 - 2018-07-06 13:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-11 14:28 - 2018-07-06 13:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-11 14:28 - 2018-07-06 09:25 - 000030624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-11 14:28 - 2018-07-06 09:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-11 14:28 - 2018-07-06 09:24 - 000364960 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 002139032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 002031008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 001618280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 001190600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-11 14:28 - 2018-07-06 09:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 001050584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-11 14:28 - 2018-07-06 09:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 000831624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-11 14:28 - 2018-07-06 09:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-11 14:28 - 2018-07-06 09:14 - 000802208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 000679728 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 000539792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 000220576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-11 14:28 - 2018-07-06 09:14 - 000142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-11 14:28 - 2018-07-06 09:14 - 000104888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-11 14:28 - 2018-07-06 08:58 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-11 14:28 - 2018-07-06 08:58 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-11 14:28 - 2018-07-06 08:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-11 14:28 - 2018-07-06 08:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-11 14:28 - 2018-07-06 08:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-11 14:28 - 2018-07-06 08:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-11 14:28 - 2018-07-06 08:57 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-11 14:28 - 2018-07-06 08:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-11 14:28 - 2018-07-06 08:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 001755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-11 14:28 - 2018-07-06 08:54 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 001127424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-11 14:28 - 2018-07-06 08:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 000879104 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 000651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-11 14:28 - 2018-07-06 08:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-11 14:28 - 2018-06-15 17:42 - 000439040 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-11 14:28 - 2018-06-15 17:25 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-11 14:28 - 2018-06-15 17:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-11 14:28 - 2018-06-15 17:20 - 000316152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-11 14:28 - 2018-06-15 17:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-11 14:28 - 2018-06-15 17:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-11 14:28 - 2018-06-15 17:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-11 14:28 - 2018-06-15 17:05 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-11 14:28 - 2018-06-15 17:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-11 14:28 - 2018-06-15 17:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-11 14:28 - 2018-06-15 17:04 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-11 14:28 - 2018-06-15 17:04 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-11 14:28 - 2018-06-15 17:03 - 000958976 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-11 14:28 - 2018-06-15 17:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-11 14:28 - 2018-06-15 17:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-11 14:28 - 2018-06-15 17:03 - 000186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-11 14:28 - 2018-06-15 17:03 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-11 14:28 - 2018-06-15 17:03 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-11 14:28 - 2018-06-15 17:02 - 001075712 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 14:28 - 2018-06-15 17:02 - 001055232 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-11 14:28 - 2018-06-15 17:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-11 14:28 - 2018-06-15 17:02 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-11 14:28 - 2018-06-15 17:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-11 14:28 - 2018-06-15 17:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-11 14:28 - 2018-06-15 17:01 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-11 14:28 - 2018-06-15 17:01 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-11 14:28 - 2018-06-15 09:01 - 000039840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-11 14:28 - 2018-06-15 08:54 - 000477592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-11 14:28 - 2018-06-15 08:54 - 000065440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-11 14:28 - 2018-06-15 07:19 - 000205208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-11 14:28 - 2018-06-15 07:18 - 000049568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-11 14:28 - 2018-06-15 07:17 - 000994368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-11 14:28 - 2018-06-15 07:15 - 000625520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-11 14:28 - 2018-06-15 07:15 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-11 14:28 - 2018-06-15 07:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-11 14:28 - 2018-06-15 07:05 - 001629616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-11 14:28 - 2018-06-15 07:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-11 14:28 - 2018-06-15 07:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 002359704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-11 14:28 - 2018-06-15 07:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 000493984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-11 14:28 - 2018-06-15 07:04 - 000359832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-11 14:28 - 2018-06-15 07:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-11 14:28 - 2018-06-15 07:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001924000 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000542616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000502704 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-11 14:28 - 2018-06-15 07:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-11 14:28 - 2018-06-15 07:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-11 14:28 - 2018-06-15 07:03 - 000054312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-11 14:28 - 2018-06-15 06:50 - 003245568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-11 14:28 - 2018-06-15 06:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-11 14:28 - 2018-06-15 06:48 - 000193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-11 14:28 - 2018-06-15 06:48 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-11 14:28 - 2018-06-15 06:48 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-11 14:28 - 2018-06-15 06:47 - 001867776 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-11 14:28 - 2018-06-15 06:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-11 14:28 - 2018-06-15 06:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-11 14:28 - 2018-06-15 06:47 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-11 14:28 - 2018-06-15 06:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-11 14:28 - 2018-06-15 06:47 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000683520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-11 14:28 - 2018-06-15 06:46 - 000269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-11 14:28 - 2018-06-15 06:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 002412032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 002198016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 001751040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 001388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-11 14:28 - 2018-06-15 06:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-11 14:28 - 2018-06-15 06:45 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-11 14:28 - 2018-06-15 06:44 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-11 14:28 - 2018-06-15 06:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-11 14:28 - 2018-06-15 06:44 - 001272832 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-11 14:28 - 2018-06-15 06:44 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-11 14:28 - 2018-06-15 06:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 001413632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000700928 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-11 14:28 - 2018-06-15 06:43 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-11 14:28 - 2018-06-15 06:42 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-11 14:28 - 2018-06-08 04:14 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-11 14:19 - 2018-07-19 14:23 - 000000000 ____D C:\ProgramData\Packages
2018-07-10 14:31 - 2018-07-10 14:31 - 071691209 _____ C:\Users\gebruiker\Downloads\Eric 2 collages.zip
2018-07-03 12:30 - 2018-07-03 12:30 - 000073819 _____ C:\Users\gebruiker\Downloads\aanslag-waterschaps-gem-belastingen.pdf
2018-07-02 20:24 - 2018-06-23 13:43 - 000322800 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-07-02 19:27 - 2018-07-03 13:50 - 000000000 ____D C:\Users\gebruiker\Desktop\Kundalini muziek
2018-06-27 14:04 - 2018-06-27 14:05 - 000010293 _____ C:\Users\gebruiker\Documents\Map1.xlsx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-25 19:03 - 2018-04-11 22:36 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-25 19:03 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-25 19:01 - 2018-04-11 22:36 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-25 19:01 - 2015-01-23 17:06 - 000480888 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-23 21:41 - 2018-06-13 21:35 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-23 21:40 - 2018-04-11 14:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-23 21:35 - 2018-06-13 21:10 - 000000000 ____D C:\Users\UpdatusUser
2018-07-23 21:35 - 2017-09-29 13:55 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-07-23 21:35 - 2015-01-23 18:41 - 000000000 ____D C:\Program Files\TeamViewer
2018-07-23 20:45 - 2018-06-13 21:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-23 20:26 - 2018-01-08 21:12 - 000000000 ____D C:\Users\gebruiker\AppData\Local\Packages
2018-07-23 20:09 - 2018-04-11 22:31 - 000000000 ____D C:\WINDOWS\INF
2018-07-23 20:09 - 2015-02-13 15:33 - 000000000 ____D C:\Users\gebruiker\AppData\Local\CrashDumps
2018-07-23 19:40 - 2018-02-11 12:33 - 000387312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-07-22 16:05 - 2018-04-01 10:09 - 000000000 ____D C:\Users\gebruiker\AppData\LocalLow\Mozilla
2018-07-20 11:09 - 2015-03-11 16:04 - 000007987 _____ C:\WINDOWS\BRRBCOM.INI
2018-07-19 20:53 - 2015-12-13 11:11 - 000000000 ___RD C:\Users\gebruiker\Dropbox
2018-07-17 12:35 - 2018-06-13 21:10 - 000000000 ____D C:\Users\gebruiker
2018-07-17 10:56 - 2018-06-13 21:10 - 000002437 _____ C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-17 10:56 - 2015-12-24 11:00 - 000000000 ___RD C:\Users\gebruiker\OneDrive
2018-07-15 11:32 - 2015-05-24 12:46 - 000000000 ____D C:\Rosmarie
2018-07-13 20:42 - 2015-12-13 11:05 - 000000000 ____D C:\Program Files\Dropbox
2018-07-12 19:57 - 2015-01-23 18:40 - 000000000 ____D C:\Program Files\Google
2018-07-12 19:42 - 2018-06-16 17:47 - 000000000 ____D C:\Users\gebruiker\Desktop\Download Youtube
2018-07-12 16:19 - 2015-04-22 21:14 - 000000000 ___RD C:\Users\gebruiker\Documents\Scanned Documents
2018-07-11 17:40 - 2018-06-13 21:23 - 001676386 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 17:40 - 2018-04-12 07:16 - 000747742 _____ C:\WINDOWS\system32\perfh013.dat
2018-07-11 17:40 - 2018-04-12 07:16 - 000145902 _____ C:\WINDOWS\system32\perfc013.dat
2018-07-11 17:37 - 2018-06-13 21:38 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-11 17:35 - 2018-06-13 21:05 - 000346152 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 17:34 - 2018-04-01 10:09 - 000000000 ____D C:\Program Files\Mozilla Maintenance Service
2018-07-11 17:34 - 2018-04-01 10:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 17:32 - 2018-04-12 07:17 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 17:32 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 17:32 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 17:32 - 2018-04-11 22:36 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-11 14:38 - 2018-04-11 22:25 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-11 14:37 - 2018-04-11 22:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-09 11:26 - 2017-12-01 19:39 - 000002218 _____ C:\Users\gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-07-07 20:06 - 2018-04-01 10:09 - 000001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-06 17:55 - 2018-06-24 13:03 - 000000000 ____D C:\Users\gebruiker\Desktop\Bestanden voor USB-stick
2018-07-02 20:26 - 2018-02-11 12:34 - 000002079 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2018-07-02 20:26 - 2018-02-11 12:34 - 000002067 _____ C:\Users\Public\Desktop\AVG AntiVirus FREE.lnk
2018-07-02 20:24 - 2018-04-11 22:36 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-07-02 19:57 - 2015-01-23 18:42 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-07-02 19:41 - 2018-06-16 19:18 - 000001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-01 15:30 - 2018-04-11 22:36 - 000000000 ___RD C:\Program Files\Windows Defender
2018-07-01 15:30 - 2018-02-11 12:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 11:57 - 2015-01-23 18:40 - 000002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
 
Some files in TEMP:
====================
2018-07-23 22:06 - 2018-07-06 09:14 - 001618280 _____ (Microsoft Corporation) C:\Users\gebruiker\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-13 21:05
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by gebruiker (25-07-2018 19:07:02)
Running from C:\Users\gebruiker\Downloads
Microsoft Windows 10 Home Version 1803 17134.165 (X86) (2018-06-13 19:37:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4155000124-3328373255-628368411-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4155000124-3328373255-628368411-503 - Limited - Disabled)
Gast (S-1-5-21-4155000124-3328373255-628368411-501 - Limited - Disabled)
gebruiker (S-1-5-21-4155000124-3328373255-628368411-1001 - Administrator - Enabled) => C:\Users\gebruiker
HomeGroupUser$ (S-1-5-21-4155000124-3328373255-628368411-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-4155000124-3328373255-628368411-1003 - Limited - Enabled) => C:\Users\UpdatusUser
WDAGUtilityAccount (S-1-5-21-4155000124-3328373255-628368411-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Disabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Disabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AVG AntiVirus FREE (HKLM\...\AVG Antivirus) (Version: 18.5.3059 - AVG Technologies)
Brother MFL-Pro Suite DCP-J152W (HKLM\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Dropbox (HKLM\...\Dropbox) (Version: 53.4.67 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM\...\{2BD9B33B-CCB0-35B3-BD30-C4F263E53414}) (Version: 67.0.3396.99 - Google, Inc.)
Google Earth Pro (HKLM\...\{026258D5-B4DA-4BAA-AE33-D7F6E110AF45}) (Version: 7.3.2.5487 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 61.0.1 (x86 nl) (HKLM\...\Mozilla Firefox 61.0.1 (x86 nl)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM\...\{89FD914D-4472-4E4F-8638-69E857E82DC9}) (Version: 4.11.9775 - Apache Software Foundation)
RogueKiller version 12.12.28.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.28.0 - Adlice Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.1.3.6 - Synaptics Incorporated)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
TomTom HOME (HKLM\...\{A9ECD2CC-CFC1-4537-88F8-3B540822FD67}) (Version: 2.11.2 - Uw bedrijfsnaam)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-06-23] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files\Dropbox\Client\DropboxExt.22.0.dll [2018-07-13] (Dropbox, Inc.)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2018-06-23] (AVG Technologies CZ, s.r.o.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A051FD5-AC0C-443A-BCE3-11F1778EF88C} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [2018-07-01] (AVG Technologies CZ, s.r.o.)
Task: {0A891675-5ADB-4F57-8804-9F671004FACC} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0B0894B5-A6D5-4F4A-993C-EC5B1AFFE153} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {0C89B6FC-C88A-4600-AE5F-38714EE2645D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0F803521-40EB-4ECB-94EB-FD6FD34BE20A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-12-13] (Dropbox, Inc.)
Task: {10296CF3-E8A2-4BAE-8BA5-123D57A6A87A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1618CE61-C370-4E5E-8544-6834D85A15AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {184AF2A2-5D84-4A9D-811A-EF62B496E359} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {19EAF44C-662A-4DE1-989C-6297890988BB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1AB55668-4EF9-48C6-8226-DE6D8DA1F46A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1BEAFA85-1941-431C-A714-702B45410FE5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1C041317-98E8-4094-B98A-0E9251B93D8E} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {23DDBC94-7459-49C3-9C7C-081A85B73670} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {27B7BB18-0053-4E1E-8942-E2D80CD54B55} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {324547A0-BF67-446F-9444-82024572BB36} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34D56CC7-2FE8-47F3-B832-855937266917} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3CFD0B00-8DC0-4A5C-9B41-BC4AAC09D2FD} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {41E8C1B2-5686-48BA-96A4-BB62B195D985} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4797EAB0-9521-4042-B0D3-76204D80291A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {47A8DBC5-5983-4CC0-B87A-26080D9BF472} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {481E08A3-B572-48D7-B9AE-5DD8CD933F96} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {502AE224-4168-4A64-BD00-024EEF8DF496} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {50725473-F3CF-4A41-9208-42DFBA5E4458} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {54F9222D-DCD8-4AF2-912C-7D1C9F893F35} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2015-12-13] (Dropbox, Inc.)
Task: {59F60C52-BD7F-40F0-87A3-25C1181FE7EC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5DE58B05-F4A4-477A-AA6F-810523AEFCF5} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {5F76C6BA-C61B-4FEA-B9D2-02961A735825} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {64FD07EB-5569-4357-996C-127ACE580CB0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {84301A5C-9FB1-4EC5-A666-F361E8E44F9A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8432CD51-4037-4A0E-9921-C7C1F22E526C} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D0D80AD-F499-4466-A394-38EA8A6A780B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9D6B0568-2986-458D-B048-5E23D1D2C033} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A5C308C9-D133-4A09-808E-34B5331F2230} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A97F84F1-569C-47D7-A0C8-FB4F48AD2300} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C0B6561F-AEB8-4E51-8B7F-145DA8115E82} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C213EF7B-5958-4F69-B15B-D4F929D4FE7C} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {CC9715BF-15B8-4264-910C-0FC86FA0A397} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {CE6C630D-4FFA-45F2-82E7-F54DF77133FC} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-06-23] (AVG Technologies CZ, s.r.o.)
Task: {CFE041D3-ECF4-496F-872F-6B4EF44734E6} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DC71F724-34DA-42C3-B1E2-369468B0EEBF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {DD14D260-ED40-42D6-ADC1-781B5BD596BA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DEFB2F38-74FA-4FC3-B9C9-599F43B6B487} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E0F496C8-7587-44C8-B9D6-0CC243C2089D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EAAA1DA0-F8E2-4AEE-9530-4B2351411307} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F721B41C-074A-450A-AFCD-88528370586B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {FD41A2D8-E78A-4EC9-8260-E539CAD2B8E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-03-11 16:03 - 2009-02-27 17:38 - 000139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2017-08-06 15:40 - 2016-11-14 13:00 - 000123448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2018-04-11 22:29 - 2018-04-11 22:29 - 000364200 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 22:29 - 2018-04-11 22:29 - 000308224 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 22:29 - 2018-04-11 22:29 - 001670656 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 14:28 - 2018-07-06 08:53 - 001609216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 15:08 - 2018-07-17 15:09 - 000075264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 15:08 - 2018-07-17 15:09 - 000166400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 15:08 - 2018-07-17 15:09 - 016200704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 15:08 - 2018-07-17 15:09 - 001812480 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x86__kzf8qxf38zg5c\skypert.dll
2018-07-17 15:08 - 2018-07-17 15:08 - 017163264 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\Video.UI.exe
2018-07-17 15:08 - 2018-07-17 15:08 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\SharedUI.dll
2018-07-17 15:08 - 2018-07-17 15:08 - 004832768 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 16:14 - 2017-09-26 16:15 - 002890664 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-17 15:08 - 2018-07-17 15:08 - 006758400 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x86__8wekyb3d8bbwe\EntPlat.dll
2015-03-11 16:04 - 2017-11-07 19:55 - 000137728 _____ () C:\Program Files\ControlCenter4\BrCcAssoc.dll
2018-05-15 11:30 - 2017-11-07 19:55 - 000440832 _____ () C:\Program Files\ControlCenter4\Track.dll
2015-03-11 16:04 - 2017-11-07 20:04 - 000092672 _____ () C:\Program Files\ControlCenter4\BrCcLDut.dll
2015-03-11 16:04 - 2017-08-18 11:23 - 000087552 _____ () C:\Program Files\ControlCenter4\BrCcDlgRc.dll
2015-03-11 16:04 - 2017-08-18 11:23 - 017974784 _____ () C:\Program Files\ControlCenter4\BrCcGrImg.dll
2018-03-15 12:03 - 2018-03-15 12:03 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-06-23 13:43 - 2018-06-23 13:43 - 000481520 _____ () C:\Program Files\AVG\Antivirus\streamback.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\OEMLOGO.BMP:com.dropbox.attributes [324]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2018-07-01 15:18 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-4155000124-3328373255-628368411-1003\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Dropbox"
HKU\S-1-5-21-4155000124-3328373255-628368411-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{1F5368E5-4B9C-4181-A561-5DC4C6C1903E}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D72E19EC-4B34-434A-A07E-2B717F803A3B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{D132C1EF-A7FE-41FA-863F-37F735DD0843}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B93098F4-F2A2-4AB4-B9BF-78F67EB424D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5158F31F-A095-4E44-9926-FDA522A88EE6}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3E87EF1B-B280-40FB-9061-5290AFDFD48B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{12BF33EB-5230-4247-B1C0-90B8947B03C7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B9FD709D-010A-40D0-8C59-876A52D5F9D9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{1FB190B9-529E-4F81-9598-2E1DCE511732}] => (Allow) LPort=54925
FirewallRules: [{F54765D9-AD0B-4A69-82C6-895B10C5BEDF}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{CF000B4E-F9E8-4991-A5A0-713FCDB7EE5F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{5854BDC4-4121-4F66-88B4-D18F1E23E9D4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{DAA59944-4144-4820-9561-08FAE1A2A036}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4FD4338B-0F30-493F-8BB6-DB63659E7730}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3BA549BE-DD55-407B-8EB9-77387C5E28DA}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2443BEA9-D5C7-4B31-8577-8EB494AFEE47}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8C49E98A-35D0-4577-BA4E-636E5DDB2A09}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{8F0DF8DD-56B7-4062-B231-A68B18956396}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{3EB1FF0E-9EDF-4F83-8F9F-89D7ABB9B78A}] => (Allow) C:\Program Files\AVG\Antivirus\AvEmUpdate.exe
FirewallRules: [{2704EF4B-EFAE-484A-8F23-CBC63F691DFA}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
02-07-2018 17:17:41 Installatieprogramma voor Windows-modules
11-07-2018 14:27:06 Windows Update
18-07-2018 18:23:04 Gepland controlepunt
 
==================== Faulty Device Manager Devices =============
 
Name: Onbekend USB-apparaat (verzoek voor apparaatdescriptor is mislukt)
Description: Onbekend USB-apparaat (verzoek voor apparaatdescriptor is mislukt)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standaard USB Host Controller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/18/2018 06:23:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (07/16/2018 11:23:46 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: gebruiker-PC)
Description: brave hendrikbrave hendrik-2147467263
 
Error: (07/11/2018 02:27:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (07/05/2018 04:01:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: Microsoft.Photos.exe, versie: 2018.18041.15530.0, tijdstempel: 0x5b08a852
Naam van module met fout: Windows.UI.Xaml.dll, versie: 10.0.17134.112, tijdstempel: 0x2ea8fbd7
Uitzonderingscode: 0xc000027b
Foutmarge: 0x00617249
Id van proces met fout: 0x22d8
Starttijd van toepassing met fout: 0x01d4145d299d738b
Pad naar toepassing met fout: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
Pad naar module met fout: C:\Windows\System32\Windows.UI.Xaml.dll
Rapport-id: f8d64b3a-565a-42bf-802a-5399dbb1cd44
Volledige pakketnaam met fout: Microsoft.Windows.Photos_2018.18041.15530.0_x86__8wekyb3d8bbwe
Relatieve toepassings-id van pakket met fout: App
 
Error: (07/02/2018 05:17:53 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (06/26/2018 02:03:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
Error: (06/16/2018 07:07:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: SystemSettings.exe, versie: 10.0.17134.112, tijdstempel: 0xcfcc0a2d
Naam van module met fout: Windows.UI.Xaml.dll, versie: 10.0.17134.112, tijdstempel: 0x2ea8fbd7
Uitzonderingscode: 0xc000027b
Foutmarge: 0x0084e69c
Id van proces met fout: 0x1b00
Starttijd van toepassing met fout: 0x01d405940eb9677e
Pad naar toepassing met fout: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Pad naar module met fout: C:\Windows\System32\Windows.UI.Xaml.dll
Rapport-id: cc984516-d729-4675-9c8f-cce834422af4
Volledige pakketnaam met fout: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Relatieve toepassings-id van pakket met fout: microsoft.windows.immersivecontrolpanel
 
Error: (06/16/2018 06:48:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: De service Cryptografische services is mislukt tijdens het verwerken van aanroep OnIdentity() op het object System Writer.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Toegang geweigerd.
.
 
 
System errors:
=============
Error: (07/23/2018 10:40:34 PM) (Source: DCOM) (EventID: 10016) (User: gebruiker-PC)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker gebruiker-PC\gebruiker SID (S-1-5-21-4155000124-3328373255-628368411-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (07/23/2018 10:06:44 PM) (Source: DCOM) (EventID: 10016) (User: gebruiker-PC)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker gebruiker-PC\gebruiker SID (S-1-5-21-4155000124-3328373255-628368411-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (07/23/2018 09:59:34 PM) (Source: DCOM) (EventID: 10016) (User: gebruiker-PC)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker gebruiker-PC\gebruiker SID (S-1-5-21-4155000124-3328373255-628368411-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (07/23/2018 09:48:40 PM) (Source: DCOM) (EventID: 10016) (User: gebruiker-PC)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker gebruiker-PC\gebruiker SID (S-1-5-21-4155000124-3328373255-628368411-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (07/23/2018 09:46:52 PM) (Source: DCOM) (EventID: 10016) (User: gebruiker-PC)
Description: In de machtigingsinstellingen toepassingsspecifiek wordt de machtiging Activeren niet verleend aan Lokaal voor de COM-servertoepassing met CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 en APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 aan de gebruiker gebruiker-PC\gebruiker SID (S-1-5-21-4155000124-3328373255-628368411-1001) met het adres LocalHost (via LRPC) die wordt uitgevoerd in de toepassingscontainer Niet beschikbaar SID (Niet beschikbaar). Deze beveiligingsmachtiging kan worden gewijzigd met het beheerprogramma van Component Services.
 
Error: (07/23/2018 09:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De BrYNSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/23/2018 09:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De DbxSvc-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
Error: (07/23/2018 09:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De NVIDIA Display Driver Service-service is onverwacht beëindigd. Dit is nu 1 keer gebeurd.
 
 
CodeIntegrity:
===================================
 
Date: 2018-07-12 15:36:52.009
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.963
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.911
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.769
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.729
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:51.695
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:49.491
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-07-12 15:36:48.870
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 49%
Total physical RAM: 3069.98 MB
Available physical RAM: 1565.29 MB
Total Virtual: 6141.98 MB
Available Virtual: 4642.76 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:297.16 GB) (Free:220.19 GB) NTFS
 
\\?\Volume{e5a3893f-a307-11e4-90f2-806e6f6e6963}\ (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{1a0f93cd-0000-0000-0000-c0504a000000}\ () (Fixed) (Total:0.83 GB) (Free:0.44 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 1A0F93CD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=848 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 AM

Posted 25 July 2018 - 12:27 PM

Raymond:

 

Thank you for your post, for the fresh FRST scan logs in English, and for permission to address you by your first name.  :thumbup2:

 

I will start analyzing the FRST scan logs today, but it will probably be tomorrow before I post back with an initial FRST "fixlist" script.  I have friends coming over in about an hour, so there goes me evening! :)

 

Thank you for your patience.  Have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#5 Raymond1985

Raymond1985
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 25 July 2018 - 12:29 PM

Well, sounds good. Enjoy your evening and I'm looking forward to your reply.

 

Thanks.



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 AM

Posted 25 July 2018 - 12:31 PM

:thumbup2:


Member of the Unified Network of Instructors and Trusted Eliminators


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 AM

Posted 25 July 2018 - 01:27 PM

Raymond:


Thank you for your patience while I analyzed your FRST logs. My guests are late and your logs were relatively brief, so I managed to analyze them today.

Before we start dealing with any problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

The FRST scan logs did not show any active malware on the computer. :thumbup2: I did find some "orphans" that I am deleting and also a couple of files that I want to obtain more information about.

.

:step1: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD;C:\Program Files\ControlCenter4\Track.dll
U4 aspnet_state; no ImagePath
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {0C89B6FC-C88A-4600-AE5F-38714EE2645D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1618CE61-C370-4E5E-8544-6834D85A15AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {19EAF44C-662A-4DE1-989C-6297890988BB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1AB55668-4EF9-48C6-8226-DE6D8DA1F46A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1BEAFA85-1941-431C-A714-702B45410FE5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {23DDBC94-7459-49C3-9C7C-081A85B73670} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {27B7BB18-0053-4E1E-8942-E2D80CD54B55} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4797EAB0-9521-4042-B0D3-76204D80291A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {502AE224-4168-4A64-BD00-024EEF8DF496} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {50725473-F3CF-4A41-9208-42DFBA5E4458} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {64FD07EB-5569-4357-996C-127ACE580CB0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8D0D80AD-F499-4466-A394-38EA8A6A780B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A5C308C9-D133-4A09-808E-34B5331F2230} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD14D260-ED40-42D6-ADC1-781B5BD596BA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRSTEnglish.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRSTEnglish.exe program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Once I have reviewed the content "fixlog.txt" file, we will move on to run some standard anti-malware scans. FRST generally targets more serious malware, so we want to ensure that your mother's computer is completely clean of all types and classes of malware.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#8 Raymond1985

Raymond1985
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 25 July 2018 - 02:16 PM

Awesome. I followed the steps like you said. Below the fixlog report:

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 21.07.2018
Ran by gebruiker (25-07-2018 20:51:25) Run:1
Running from C:\Users\gebruiker\Downloads
Loaded Profiles: gebruiker & UpdatusUser (Available Profiles: gebruiker & UpdatusUser)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
File: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD;C:\Program Files\ControlCenter4\Track.dll
U4 aspnet_state; no ImagePath
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
Task: {0C89B6FC-C88A-4600-AE5F-38714EE2645D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1618CE61-C370-4E5E-8544-6834D85A15AF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {19EAF44C-662A-4DE1-989C-6297890988BB} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {1AB55668-4EF9-48C6-8226-DE6D8DA1F46A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1BEAFA85-1941-431C-A714-702B45410FE5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {23DDBC94-7459-49C3-9C7C-081A85B73670} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {27B7BB18-0053-4E1E-8942-E2D80CD54B55} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4797EAB0-9521-4042-B0D3-76204D80291A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {502AE224-4168-4A64-BD00-024EEF8DF496} - \Microsoft\Windows\Media Center\StartRecording -> No File <==== ATTENTION
Task: {50725473-F3CF-4A41-9208-42DFBA5E4458} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {64FD07EB-5569-4357-996C-127ACE580CB0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8D0D80AD-F499-4466-A394-38EA8A6A780B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A5C308C9-D133-4A09-808E-34B5331F2230} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD14D260-ED40-42D6-ADC1-781B5BD596BA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
 
========================= File: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD;C:\Program Files\ControlCenter4\Track.dll ========================
 
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RUN.CMD
File not signed
MD5: 4C89D06C12B5B71E88696CB3ECDEF666
Creation and modification date: 2015-01-23 17:15 - 2014-11-29 23:04
Size: 000009338
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
 
C:\Program Files\ControlCenter4\Track.dll
File not signed
MD5: 6D1E23DFF49568042CB6D4DCEFE7F453
Creation and modification date: 2018-05-15 11:30 - 2017-11-07 19:55
Size: 000440832
Attributes: ----A
Company Name: 
Internal Name: Track.dll
Original Name: Track.dll
Product: Track
Description: Track
File Version: 1.0.3.1
Product Version: 1.0.3.1
Copyright: 
 
====== End of File: ======
 
"HKLM\System\CurrentControlSet\Services\aspnet_state" => removed successfully.
aspnet_state => service removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg" => removed successfully.
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets" => removed successfully.
HKLM\Software\Classes\CLSID\{6B9228DA-9C15-419e-856C-19E768A13BDC} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C89B6FC-C88A-4600-AE5F-38714EE2645D}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C89B6FC-C88A-4600-AE5F-38714EE2645D}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1618CE61-C370-4E5E-8544-6834D85A15AF}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1618CE61-C370-4E5E-8544-6834D85A15AF}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19EAF44C-662A-4DE1-989C-6297890988BB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19EAF44C-662A-4DE1-989C-6297890988BB}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AB55668-4EF9-48C6-8226-DE6D8DA1F46A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AB55668-4EF9-48C6-8226-DE6D8DA1F46A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BEAFA85-1941-431C-A714-702B45410FE5}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BEAFA85-1941-431C-A714-702B45410FE5}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23DDBC94-7459-49C3-9C7C-081A85B73670}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23DDBC94-7459-49C3-9C7C-081A85B73670}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27B7BB18-0053-4E1E-8942-E2D80CD54B55}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27B7BB18-0053-4E1E-8942-E2D80CD54B55}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4797EAB0-9521-4042-B0D3-76204D80291A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4797EAB0-9521-4042-B0D3-76204D80291A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{502AE224-4168-4A64-BD00-024EEF8DF496}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{502AE224-4168-4A64-BD00-024EEF8DF496}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\StartRecording" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50725473-F3CF-4A41-9208-42DFBA5E4458}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50725473-F3CF-4A41-9208-42DFBA5E4458}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64FD07EB-5569-4357-996C-127ACE580CB0}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64FD07EB-5569-4357-996C-127ACE580CB0}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D0D80AD-F499-4466-A394-38EA8A6A780B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D0D80AD-F499-4466-A394-38EA8A6A780B}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5C308C9-D133-4A09-808E-34B5331F2230}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5C308C9-D133-4A09-808E-34B5331F2230}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD14D260-ED40-42D6-ADC1-781B5BD596BA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD14D260-ED40-42D6-ADC1-781B5BD596BA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully.
 
 
The system needed a reboot.
 
==== End of Fixlog 20:52:25 ====


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 AM

Posted 26 July 2018 - 09:21 AM

Raymond:
 
Thank you for running the FRST "fixlist" script.  That all looks good! :thumbup2:

Now let's move on and run some standard anti-malware scans. We will run two now, and two in a subsequent post.

.

:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#10 Raymond1985

Raymond1985
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:02 PM

Posted 27 July 2018 - 12:27 PM

Did run ESET scan and MWB. Both scans didn't find any threads. 

The report of MWB is in Dutch, but it says the scan is okay. No threats deleted.

 

Some more scans? 

 

Have a nice weekend!



#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 AM

Posted 27 July 2018 - 01:02 PM

Raymond:
 
Thank you for your post.  That is great news that both the ESET and MBAM scans came back clean! :thumbup2:
 
Let's run two more scans just to be thorough! :)
 
.

:step1: zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop.
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so.
  • After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.

.

:step2: RogueKiller Scan

  • I know that you have RogueKiller installed on your computer.
  • Please locate the main executable file in your Program Files, RogueKiller folder, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Click on the Start Scan button in the right panel, which will bring up another tab, and click on it again (this time it'll be in the bottom right corner).
  • Wait for the scan to complete.
  • On the completion of the scan, the results will be displayed.
  • Check every single entry (threat found), and click on the Remove Selected button.
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner).
  • This will open the report in Notepad. Please copy and paste the contents of the report into your next reply.

.

Thank you and have a great weekend.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 AM

Posted 31 July 2018 - 12:49 PM

Raymond:

 
Are you still there?  Do you still require assistance?  It has been four days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another day, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,727 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:09:02 AM

Posted 01 August 2018 - 09:28 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users