Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
This topic is locked
New Member
Hi,
I'm having hard time with my PC. It rebooted a few days ago and I cannot make it boot.
Just a few minutes earlier I've managed to make it talk a little bit, and it looks like it's MBAMSwissArmy.sys related.
I've done FRST scan, and I've tried to go back to last copy of registry, but with no success, the system is still not booting.
I hope you can help me with this.
FRST.txt 53.86KB
523 downloads
Global Moderator
Welcome. 
Download the attached file and save it in the same location FRST64 is saved.
Please copy and paste its contents in your next reply.
Attempt to boot in Normal Mode.
New Member
Nailed it, system boots OK (and now it's installing some windows updates)
There also is one other thing, that crash happened somewhere in the middle of looking for a way to resolve different issue. I've noticed that on this PC, od system partition, there was that thing going - eating up any available free space, each time I've freed up any space, it was completely gone in a matter of minutes.
Some updates could be the reason, because the system was not updated for a few months, but either way it looked kinda strange.
fixlog.txt:
Rezultat naprawy Farbar Recovery Scan Tool (x64) Wersja: 23-04-2017 01
Uruchomiony przez SYSTEM (26-04-2017 08:05:18) Run:2
Uruchomiony z G:\
Tryb startu: Recovery
==============================================
fixlist - zawartość:
*****************
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [0 2017-04-24] () <==== UWAGA (zerobajtowy plik/folder)
S0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [0 2017-04-24] () <==== UWAGA (zerobajtowy plik/folder)
*****************
HKLM\System\ControlSet001\Services\MBAMProtection => klucz pomyślnie usunięto
MBAMProtection => serwis pomyślnie usunięto
HKLM\System\ControlSet001\Services\MBAMSwissArmy => klucz pomyślnie usunięto
MBAMSwissArmy => serwis pomyślnie usunięto
==== Koniec Fixlog 08:05:18 ====
(sorry for polish language, logs say that removal was successful)
Global Moderator
Lets take a deeper look.
Please download Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
New Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2017
Ran by Thrower (administrator) on THROWER-PC (27-04-2017 10:04:46)
Running from C:\Users\Thrower\Desktop
Loaded Profiles: Thrower (Available Profiles: Thrower & admin & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Thrower\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Thrower\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadgun Software) C:\Windows\SysWOW64\bgsmsnd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.5\Lightshot.exe
(Dropbox, Inc.) C:\Users\Thrower\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1573160 2008-08-14] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [IaNvSrv] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [33304 2009-07-13] (Intel Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [bgsmsnd.exe] => C:\Windows\SysWOW64\bgsmsnd.exe [214160 2010-03-19] (Broadgun Software)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [909744 2017-04-19] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [63432 2017-03-09] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1510979301-1719832773-2723577526-1000\...\Run: [Spotify Web Helper] => C:\Users\Thrower\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1431664 2016-10-30] (Spotify Ltd)
HKU\S-1-5-21-1510979301-1719832773-2723577526-1000\...\Run: [Dropbox Update] => C:\Users\Thrower\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-26] (Dropbox, Inc.)
Startup: C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-04-26]
ShortcutTarget: Dropbox.lnk -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346672 2010-05-21] (VMware, Inc.)
Winsock: Catalog9 13 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346672 2010-05-21] (VMware, Inc.)
Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446512 2010-05-21] (VMware, Inc.)
Winsock: Catalog9-x64 13 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446512 2010-05-21] (VMware, Inc.)
Tcpip\..\Interfaces\{2847A76D-419D-4371-A67D-3699644E9265}: [NameServer] 91.225.243.238
Tcpip\..\Interfaces\{567752AA-C029-4E7D-AC48-78B9D3CA310A}: [DhcpNameServer] 10.5.50.1 212.33.64.2 212.33.64.18
Tcpip\..\Interfaces\{71530B38-F3A3-425A-B8FA-3D4241AF07BD}: [DhcpNameServer] 91.225.243.238 8.8.8.8
Tcpip\..\Interfaces\{D3E1A25F-C1E4-45F8-BBF8-C9D36A886FDF}: [DhcpNameServer] 10.5.50.1 212.33.64.2 212.33.64.18
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: No Name -> {56CF4856-ECB4-4e46-A897-A378821F97B9} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: No Name -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> No File
Toolbar: HKLM-x32 - No Name - {56CF4856-ECB4-4e46-A897-A378821F97B9} - No File
DPF: HKLM-x32 {108D3206-846A-4A93-BACB-F0572D043ED7} hxxp://88.199.63.147/webrec.cab
DPF: HKLM-x32 {14E35D5F-DEBA-4DB3-B2ED-17542BA12D1F} hxxp://88.199.63.245:86/AV718.cab
DPF: HKLM-x32 {399A1382-00A3-4651-9A20-E7DACAA2924F} hxxp://91.225.241.205:81/7000TActiveX.cab
DPF: HKLM-x32 {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} hxxp://88.199.63.251/RemoteWeb.cab
DPF: HKLM-x32 {4DF118B4-5498-4EEA-9277-9EBC94B38114} hxxp://91.224.184.170:7100/STWWebViewer.cab
DPF: HKLM-x32 {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} hxxp://88.199.63.251/VideoViewer.cab
DPF: HKLM-x32 {64865E5A-E8D7-44C1-89E1-99A84F6E56D0} hxxp://77.252.147.10/VVTK_Plugin_Installer.exe
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553512000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F4ED0031-1408-434E-9428-7C45502F9447} hxxp://dvrlink.net/webdvr/XViewerWEB.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default [2017-04-27]
FF Extension: (Firebug) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\Extensions\[email protected] [2017-03-01]
FF Extension: (MEGA) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\Extensions\[email protected] [2017-04-27]
FF Extension: (RescueTime) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\Extensions\[email protected] [2016-12-05]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\Extensions\[email protected] [2017-04-21]
FF Extension: (Video AdBlock) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\Extensions\{068e178c-61a9-4a63-b74f-87404a6f5ea1} [2016-03-19]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2015-05-29]
FF Extension: (Adblock Edge) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-04-27]
FF Extension: (Disable TLS Certificate Transparency) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\features\{a03620c7-9ca5-4f18-b4b9-224d46723e1f}\[email protected] [2017-04-21]
FF Extension: (Disable Prefetch) - C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\features\{a03620c7-9ca5-4f18-b4b9-224d46723e1f}\[email protected] [2017-04-21]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-03-17] [not signed]
FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2017-03-17] [not signed]
FF Extension: (Site Deployment Checker) - C:\Program Files (x86)\Mozilla Firefox\browser\features\[email protected] [2017-03-30] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-15] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.1 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-07-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-12] (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2014-02-11] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: hbgk.net/WebDvrCtrl -> C:\Program Files (x86)\WebControl\npWebCtrl.dll [2013-10-23] (TODO: <公司名>)
FF Plugin HKU\S-1-5-21-1510979301-1719832773-2723577526-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Thrower\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-12-13] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Thrower\AppData\Roaming\mozilla\plugins\npatgpc.dll [2014-12-11] (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Thrower\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Thrower\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default [2017-04-22]
CHR Extension: (YouTube) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-10]
CHR Extension: (Youtube Playback Speed Control) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdannnflhlmdablckfkjpleikpphncik [2015-10-30]
CHR Extension: (Torrent Stream) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\icocmgpofpimcojhefbcfbdldkmndpgj [2015-12-20]
CHR Extension: (Search Assistant) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfelndikbdcohbdimnhdhhokfljdidgn [2015-03-23] [UpdateUrl: hxxp://ring-tools.info/addons/chrome/update.xml] <==== ATTENTION
CHR Extension: (Skype) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-03-10]
CHR Extension: (AirMirror) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\macmgoeeggnlnmpiojbcniblabkdjphe [2016-08-03]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR Extension: (Chrome Media Router) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-22]
CHR Profile: C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Guest Profile [2016-11-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1115552 2017-04-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [487432 2017-04-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [487432 2017-04-19] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1519136 2017-04-19] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [349560 2017-03-09] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10888944 2017-04-25] (TeamViewer GmbH)
S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-04-27] (VMware, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 adiusbaw; C:\Windows\System32\DRIVERS\adiusbawx64.sys [169496 2007-02-07] (Analog Devices Inc.)
S2 ALIWEHCD; C:\Windows\System32\Drivers\mfpec.sys [39552 2007-05-06] (None)
S3 AliWGP; C:\Windows\System32\DRIVERS\mfpcomp.sys [13184 2007-01-09] (None)
S3 athrusb6; C:\Windows\System32\DRIVERS\athrxu6.sys [1041920 2007-07-05] (Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [176968 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [148104 2017-03-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [35328 2017-03-03] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [78600 2017-03-03] (Avira Operations GmbH & Co. KG)
S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)
S3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12032 2010-04-19] (Razer (Asia-Pacific) Pte Ltd) [File not signed]
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] () [File not signed]
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [54320 2009-09-21] (Symantec Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [File not signed]
R0 iaNvStor; C:\Windows\System32\DRIVERS\iaNvStor.sys [344600 2009-07-01] (Intel Corporation)
S3 L6TPortA; C:\Windows\System32\Drivers\L6TPortA64.sys [772864 2013-07-11] (Line 6)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42224 2014-05-13] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35440 2014-05-13] (Visicom Media Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19912 2009-12-21] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13264 2009-12-21] ()
R3 tifm21; C:\Windows\System32\drivers\tifm21.sys [314368 2007-01-24] (Texas Instruments)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
R3 winbondcir; C:\Windows\System32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
R2 WinRing0_1_2_0; C:\Users\Thrower\AppData\Local\Microsoft\Windows Sidebar\Gadgets\IntelCoreSeries24.gadget\WinRing0x64.sys [14544 2010-05-21] (OpenLibSys.org)
S3 WUSBVBus; C:\Windows\System32\DRIVERS\mfpvbus.sys [12416 2006-10-20] (None)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [X]
S3 easytether; system32\DRIVERS\easytthr.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 SliceDisk5; \??\C:\Users\Thrower\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [X] <==== ATTENTION
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
U2 V2iMount; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-27 10:02 - 2017-04-27 10:03 - 00078914 _____ C:\Users\Thrower\Desktop\Addition.txt
2017-04-27 10:01 - 2017-04-27 10:04 - 00026094 _____ C:\Users\Thrower\Desktop\FRST.txt
2017-04-27 09:58 - 2017-04-27 09:58 - 02427392 _____ (Farbar) C:\Users\Thrower\Desktop\FRST64.exe
2017-04-26 23:01 - 2017-04-26 23:01 - 00000000 ____D C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-26 08:06 - 2017-04-26 08:06 - 00379176 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-25 21:06 - 2017-04-25 21:06 - 00000000 ____D C:\Windows\system32\config\HiveBackup
2017-04-25 20:58 - 2017-04-27 10:04 - 00000000 ____D C:\FRST
2017-04-25 20:10 - 2010-11-20 14:40 - 00383786 __RSH C:\bootmgr
2017-04-24 09:53 - 2017-04-24 09:53 - 00000000 _____ C:\Windows\system32\Drivers\59E264EA.sys
2017-04-23 14:44 - 2017-04-23 14:44 - 00088784 _____ C:\Users\Thrower\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-22 17:38 - 2017-04-24 09:54 - 00000898 _____ C:\Windows\ntbtlog.txt
2017-04-22 14:54 - 2017-04-22 14:54 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-04-22 14:23 - 2017-03-10 18:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-04-22 14:23 - 2017-03-10 18:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-04-22 14:23 - 2017-03-10 18:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-22 14:23 - 2017-03-10 18:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-04-22 14:23 - 2017-03-10 18:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-04-22 14:23 - 2017-03-10 18:19 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-22 14:23 - 2017-03-10 17:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-04-22 14:23 - 2017-03-10 17:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-04-22 14:23 - 2017-03-10 17:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-04-22 14:23 - 2017-03-09 18:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-22 14:23 - 2017-03-09 18:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-21 22:57 - 2017-04-21 22:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-21 22:06 - 2017-03-27 20:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-21 22:06 - 2017-03-27 19:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-21 22:06 - 2017-03-25 21:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-21 22:06 - 2017-03-25 21:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-21 22:06 - 2017-03-25 21:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-21 22:06 - 2017-03-25 20:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-21 22:06 - 2017-03-25 20:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-21 22:06 - 2017-03-25 20:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-21 22:06 - 2017-03-25 20:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-21 22:06 - 2017-03-25 20:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-21 22:06 - 2017-03-25 20:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-21 22:06 - 2017-03-25 20:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-21 22:06 - 2017-03-25 20:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-21 22:06 - 2017-03-25 20:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-21 22:06 - 2017-03-25 20:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-21 22:06 - 2017-03-25 20:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-21 22:06 - 2017-03-25 20:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-21 22:06 - 2017-03-25 20:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-21 22:06 - 2017-03-25 20:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-21 22:06 - 2017-03-25 20:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-21 22:06 - 2017-03-25 20:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-21 22:06 - 2017-03-25 20:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-21 22:06 - 2017-03-25 20:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-21 22:06 - 2017-03-25 20:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-21 22:06 - 2017-03-25 20:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-21 22:06 - 2017-03-25 20:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-21 22:06 - 2017-03-25 20:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-21 22:06 - 2017-03-25 20:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-21 22:06 - 2017-03-25 20:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-21 22:06 - 2017-03-25 20:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-21 22:06 - 2017-03-25 20:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-21 22:06 - 2017-03-25 20:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-21 22:06 - 2017-03-25 20:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-21 22:06 - 2017-03-25 20:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-21 22:06 - 2017-03-25 20:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-21 22:06 - 2017-03-25 20:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-21 22:06 - 2017-03-25 20:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-21 22:06 - 2017-03-25 20:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-21 22:06 - 2017-03-25 20:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-21 22:06 - 2017-03-25 19:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-21 22:06 - 2017-03-25 19:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-21 22:06 - 2017-03-25 19:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-21 22:06 - 2017-03-25 19:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-21 22:06 - 2017-03-25 19:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-21 22:06 - 2017-03-25 19:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-21 22:06 - 2017-03-25 19:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-21 22:06 - 2017-03-25 19:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-21 22:06 - 2017-03-25 19:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-21 22:06 - 2017-03-25 19:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-21 22:06 - 2017-03-25 19:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-21 22:06 - 2017-03-25 19:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-21 22:06 - 2017-03-25 19:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-21 22:06 - 2017-03-25 19:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-21 22:06 - 2017-03-25 19:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-21 22:06 - 2017-03-25 19:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-21 22:06 - 2017-03-25 19:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-21 22:06 - 2017-03-25 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-21 22:06 - 2017-03-25 19:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-21 22:06 - 2017-03-25 18:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-21 22:06 - 2017-03-25 18:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-21 22:06 - 2017-03-25 18:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-21 22:06 - 2017-03-25 18:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-21 22:06 - 2017-03-25 18:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-21 22:06 - 2017-03-25 18:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-21 22:06 - 2017-03-25 18:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-21 22:06 - 2017-03-25 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-21 22:06 - 2017-03-25 00:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-21 22:06 - 2017-03-25 00:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-21 22:06 - 2017-03-22 17:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-21 22:06 - 2017-03-22 17:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-21 22:06 - 2017-03-22 17:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-21 22:06 - 2017-03-22 17:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-21 22:06 - 2017-03-22 17:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-21 22:06 - 2017-03-22 17:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-21 22:06 - 2017-03-22 17:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-21 22:06 - 2017-03-22 17:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-21 22:06 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-21 22:06 - 2017-03-22 17:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-21 22:06 - 2017-03-22 17:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-21 22:06 - 2017-03-22 17:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-21 22:06 - 2017-03-22 17:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-21 22:06 - 2017-03-22 17:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-21 22:06 - 2017-03-22 17:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-21 22:06 - 2017-03-22 17:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-21 22:06 - 2017-03-14 17:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-21 22:06 - 2017-03-14 17:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-21 22:06 - 2017-03-14 17:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-21 22:06 - 2017-03-10 18:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-21 22:06 - 2017-03-10 18:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-21 22:06 - 2017-03-10 18:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-21 22:06 - 2017-03-10 18:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-21 22:06 - 2017-03-10 18:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-21 22:06 - 2017-03-10 18:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-21 22:06 - 2017-03-10 18:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-21 22:06 - 2017-03-10 18:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-21 22:06 - 2017-03-10 18:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-21 22:06 - 2017-03-10 18:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-21 22:06 - 2017-03-10 17:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-21 22:06 - 2017-03-08 22:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-21 22:06 - 2017-03-08 22:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-21 22:06 - 2017-03-08 06:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-21 22:06 - 2017-03-08 06:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-21 22:06 - 2017-03-08 06:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-21 22:06 - 2017-03-08 06:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-21 22:06 - 2017-03-08 06:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-21 22:06 - 2017-03-08 06:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-21 22:06 - 2017-03-08 06:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-21 22:06 - 2017-03-08 06:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-21 22:06 - 2017-03-08 06:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 06:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-21 22:06 - 2017-03-08 06:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-21 22:06 - 2017-03-08 06:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-21 22:06 - 2017-03-08 06:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-21 22:06 - 2017-03-08 06:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-21 22:06 - 2017-03-08 05:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-21 22:06 - 2017-03-08 05:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-21 22:06 - 2017-03-08 05:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-21 22:06 - 2017-03-08 05:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-21 22:06 - 2017-03-08 05:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-21 22:06 - 2017-03-08 05:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-21 22:06 - 2017-03-08 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-21 22:06 - 2017-03-08 05:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-21 22:06 - 2017-03-08 05:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-21 22:06 - 2017-03-08 05:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-21 22:06 - 2017-03-08 05:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-21 22:06 - 2017-03-08 05:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-21 22:06 - 2017-03-08 05:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 05:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 05:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-21 22:06 - 2017-03-08 05:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-21 22:06 - 2017-03-07 18:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-21 22:06 - 2017-03-07 18:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-21 22:06 - 2017-03-07 16:05 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2017-04-21 22:06 - 2017-03-04 03:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-21 22:06 - 2017-03-04 03:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-21 22:06 - 2017-03-04 03:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-21 22:06 - 2017-03-04 03:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-21 22:06 - 2017-02-14 18:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-21 22:06 - 2017-02-14 18:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-21 22:06 - 2017-02-09 18:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-21 22:06 - 2017-02-09 18:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-21 22:06 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-21 22:06 - 2017-01-18 17:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-21 22:06 - 2016-03-24 00:40 - 03181568 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-04-21 22:06 - 2016-03-24 00:40 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2017-04-21 20:53 - 2012-07-05 22:06 - 00772544 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2017-04-21 20:53 - 2012-07-05 22:06 - 00687544 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2017-04-19 23:49 - 2017-04-19 23:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-04-14 12:39 - 2017-04-14 12:39 - 05648984 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-27 09:58 - 2017-03-17 10:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-04-27 09:58 - 2015-06-17 07:30 - 00001170 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1510979301-1719832773-2723577526-1000UA.job
2017-04-27 09:57 - 2016-11-16 12:44 - 00000000 ____D C:\Users\Thrower\AppData\LocalLow\Mozilla
2017-04-27 08:58 - 2015-06-17 07:30 - 00001118 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1510979301-1719832773-2723577526-1000Core.job
2017-04-27 08:41 - 2009-07-14 07:13 - 00786722 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-27 08:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-04-27 08:40 - 2011-10-11 22:13 - 00000392 _____ C:\Windows\Tasks\update-sys.job
2017-04-27 08:39 - 2015-03-23 09:18 - 00069679 _____ C:\Users\Thrower\IP_Log_Data.js
2017-04-27 08:39 - 2015-03-23 09:13 - 00000000 ___RD C:\Users\Thrower\Documents\My Dropbox
2017-04-27 08:36 - 2010-05-30 13:25 - 00000000 ____D C:\ProgramData\VMware
2017-04-27 08:36 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-27 08:27 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-27 08:27 - 2009-07-14 06:45 - 00020704 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-27 08:22 - 2015-03-23 09:13 - 00000029 _____ C:\Users\Thrower\AppData\Roaming\Network Meter_Usage.ini
2017-04-27 07:55 - 2011-10-11 22:13 - 00000392 _____ C:\Windows\Tasks\update-S-1-5-21-1510979301-1719832773-2723577526-1000.job
2017-04-27 04:21 - 2016-01-13 18:21 - 00002161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-27 04:18 - 2010-06-04 15:23 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-27 04:17 - 2017-01-05 12:31 - 00000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-04-27 00:00 - 2015-03-23 09:18 - 00000076 _____ C:\Users\Thrower\Network_Meter_Data.js
2017-04-26 23:01 - 2015-03-23 09:11 - 00000000 ____D C:\Users\Thrower\AppData\Roaming\Dropbox
2017-04-26 21:42 - 2014-12-25 12:19 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-26 21:41 - 2015-11-08 20:03 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-26 08:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\spool
2017-04-25 10:08 - 2015-03-22 22:10 - 00000000 ____D C:\Users\admin\AppData\Roaming\Macromedia
2017-04-25 10:08 - 2011-05-25 09:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2017-04-25 10:07 - 2010-01-02 23:43 - 00000000 ____D C:\Windows\PCHEALTH
2017-04-25 09:48 - 2015-03-23 08:50 - 00000000 ____D C:\Users\Thrower
2017-04-25 09:48 - 2015-03-22 22:10 - 00000000 ____D C:\Users\admin
2017-04-25 09:48 - 2011-05-25 09:48 - 00000000 ____D C:\Users\Guest
2017-04-25 01:56 - 2015-03-23 09:18 - 00000000 ____D C:\Users\Thrower\temp
2017-04-24 09:54 - 2015-10-18 15:45 - 00000000 ____D C:\Users\Thrower\AppData\LocalLow\uTorrent
2017-04-24 09:54 - 2015-03-23 09:13 - 00000000 ____D C:\Users\Thrower\AppData\Roaming\uTorrent
2017-04-23 03:07 - 2013-07-14 00:06 - 00000000 ____D C:\Windows\system32\MRT
2017-04-23 03:00 - 2010-01-02 23:19 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-22 14:56 - 2015-03-23 09:11 - 00000000 ____D C:\Users\Thrower\AppData\Roaming\Media Player Classic
2017-04-22 14:36 - 2011-10-10 10:24 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-22 03:03 - 2010-01-08 21:22 - 00771032 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-21 22:50 - 2012-04-25 12:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-04-21 22:41 - 2015-03-23 09:09 - 00007599 _____ C:\Users\Thrower\AppData\Local\Resmon.ResmonCfg
2017-04-21 20:55 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-04-21 20:53 - 2015-03-23 09:11 - 00000000 ____D C:\Users\Thrower\AppData\Roaming\gnupg
2017-04-21 20:52 - 2016-05-15 23:07 - 00000000 ____D C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GORDIUS
2017-04-21 20:52 - 2014-08-14 08:23 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-21 20:52 - 2014-04-08 17:57 - 00000450 _____ C:\Windows\FCB1010.INI
2017-04-21 20:52 - 2010-01-16 02:27 - 00000000 ____D C:\ProgramData\Apple
2017-04-21 20:51 - 2010-11-04 18:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-19 23:49 - 2015-03-23 09:09 - 00001589 _____ C:\Users\Thrower\AppData\Local\UserProducts.xml
2017-04-19 23:49 - 2011-10-11 22:13 - 00003270 _____ C:\Windows\System32\Tasks\update-S-1-5-21-1510979301-1719832773-2723577526-1000
2017-04-19 19:33 - 2013-02-20 08:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-04-19 19:22 - 2011-10-11 22:13 - 00003288 _____ C:\Windows\System32\Tasks\update-sys
2017-04-16 01:43 - 2015-03-23 09:09 - 00000600 _____ C:\Users\Thrower\AppData\Local\PUTTY.RND
2017-04-14 12:39 - 2011-10-06 09:37 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-14 12:39 - 2010-01-02 23:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-12 03:14 - 2010-02-17 15:20 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-12 03:14 - 2010-02-17 15:20 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-30 21:17 - 2015-03-23 09:12 - 00000000 ____D C:\Users\Thrower\AppData\Roaming\TeamViewer
==================== Files in the root of some directories =======
2016-03-05 16:20 - 2016-03-05 16:20 - 0000033 _____ () C:\Users\Thrower\AppData\Roaming\.pgbias
2016-05-16 16:23 - 2016-03-16 23:07 - 0000030 _____ () C:\Users\Thrower\AppData\Roaming\.pgbiasfx
2015-03-23 09:13 - 2014-05-25 08:45 - 0001381 _____ () C:\Users\Thrower\AppData\Roaming\Network Meter_Settings.ini
2015-03-23 09:13 - 2017-04-27 08:22 - 0000029 _____ () C:\Users\Thrower\AppData\Roaming\Network Meter_Usage.ini
2015-03-23 09:13 - 2016-10-11 13:06 - 0013030 _____ () C:\Users\Thrower\AppData\Roaming\PDOXUSRS.NET
2016-01-15 14:03 - 2017-02-07 11:48 - 0000600 _____ () C:\Users\Thrower\AppData\Roaming\winscp.rnd
2015-03-23 09:09 - 2017-04-16 01:43 - 0000600 _____ () C:\Users\Thrower\AppData\Local\PUTTY.RND
2015-03-23 09:09 - 2017-04-21 22:41 - 0007599 _____ () C:\Users\Thrower\AppData\Local\Resmon.ResmonCfg
2015-03-23 09:09 - 2011-10-11 22:13 - 0000003 _____ () C:\Users\Thrower\AppData\Local\updater.log
2015-03-23 09:09 - 2017-04-19 23:49 - 0001589 _____ () C:\Users\Thrower\AppData\Local\UserProducts.xml
2015-03-23 09:09 - 2011-10-22 04:46 - 0000000 _____ () C:\Users\Thrower\AppData\Local\{82624FAC-91C3-4E7A-806A-1D5CD44128BA}
2010-05-13 09:18 - 2012-06-11 14:02 - 0003140 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-12-26 13:58 - 2014-12-26 13:58 - 0003072 _____ () C:\ProgramData\wtwLicensing.db
Files to move or delete:
====================
C:\Users\Thrower\en_res.dll
C:\Users\Thrower\es_res.dll
C:\Users\Thrower\fr_res.dll
C:\Users\Thrower\grm_res.dll
C:\Users\Thrower\IP_Log_Data.js
C:\Users\Thrower\it_res.dll
C:\Users\Thrower\jp_res.dll
C:\Users\Thrower\mfc80u.dll
C:\Users\Thrower\msvcr80.dll
C:\Users\Thrower\Network_Meter_Data.js
C:\Users\Thrower\PCPE Setup.exe
C:\Users\Thrower\pt_res.dll
C:\Users\Thrower\ResourceReader.dll
C:\Users\Thrower\ru_res.dll
C:\Users\Thrower\zh_res.dll
Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\59E264EA.sys
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
default {current}
displayorder {current}
timeout 30
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7 Ultimate (odzyskano)
locale en-US
osdevice partition=C:
systemroot \Windows
resumeobject {6ce75ac6-2a46-11e7-9ef4-806e6f6e6963}
Resume from Hibernate
---------------------
identifier {6ce75ac6-2a46-11e7-9ef4-806e6f6e6963}
device partition=C:
path \Windows\system32\winresume.exe
description Windows 7 Ultimate (odzyskano)
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
LastRegBack: 2017-04-23 00:20
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2017
Ran by Thrower (27-04-2017 10:05:17)
Running from C:\Users\Thrower\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2010-01-02 21:08:06)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
admin (S-1-5-21-1510979301-1719832773-2723577526-1015 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-1510979301-1719832773-2723577526-500 - Administrator - Disabled)
Guest (S-1-5-21-1510979301-1719832773-2723577526-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1510979301-1719832773-2723577526-1014 - Limited - Enabled)
Thrower (S-1-5-21-1510979301-1719832773-2723577526-1000 - Administrator - Enabled) => C:\Users\Thrower
__vmware_user__ (S-1-5-21-1510979301-1719832773-2723577526-1012 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-1510979301-1719832773-2723577526-1000\...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Aktualizacja produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{04E205D6-88B1-4652-B162-42DF2C3B1228}) (Version: - Microsoft)
Aktualizacja produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{442ECBCF-94A7-48CC-8CD9-D31FFFD5FA86}) (Version: - Microsoft)
Aktualizacja produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{128A36ED-21BE-4547-9FFE-5B85AEC735DD}) (Version: - Microsoft)
Archiwizator WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Avery Wizard 3.1 (HKLM-x32\...\{77077FFF-8831-470F-9627-E86F06A50CCD}) (Version: 3.1.8 - Avery)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.25.172 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{0b46d918-af4f-4612-8076-5c0ae67cb2aa}) (Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.81.41506 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
Citrix XenCenter (HKLM-x32\...\{59FA4194-D2C3-4D19-AF0D-BCE63C391B1D}) (Version: 6.2.0 - Citrix Systems, Inc.)
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DolbyFiles (x32 Version: 2.0 - Nero AG) Hidden
Dropbox (HKU\S-1-5-21-1510979301-1719832773-2723577526-1000\...\Dropbox) (Version: 24.4.17 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Matrix Storage Manager and Intel® Turbo Memory (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Intel® Turbo Memory (HKLM\...\{31423F74-36B2-4d24-B10D-CD00BFB7C118}) (Version: - Intel Corporation)
IPMIView (HKLM-x32\...\7b22a4882850672b90d3153f64d71c3e) (Version: - )
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Komunikator WTW (HKLM\...\{1DF5019A-68B5-4ba1-8E59-E185C7B7FF11}) (Version: 0.8.0.2090 - K2T.eu)
League of Legends (x32 Version: 1.0020 - Riot Games) Hidden
LibreOffice 5.2.3.3 (HKLM-x32\...\{30605C95-A3A0-4A08-AD58-9AE7ABA47B70}) (Version: 5.2.3.3 - The Document Foundation)
Lightshot-5.4.0.5 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.5 - Skillbrains)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version: - Line 6)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Menu Templates - Starter Kit (x32 Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Compact Framework 2.0 SP2 (HKLM-x32\...\{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}) (Version: 2.0.7045 - Microsoft Corporation)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Mozilla Firefox 52.0.2 (x86 pl) (HKLM-x32\...\Mozilla Firefox 52.0.2 (x86 pl)) (Version: 52.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.0.2.6291 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 pl) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 pl)) (Version: 45.8.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - )
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Nero 9 Trial (HKLM-x32\...\{39f249d3-9ce2-460f-aee7-f0dcf33d1982}) (Version: - Nero AG)
NetStork (HKLM-x32\...\{0F607548-37AE-4C61-8FC3-4BE6822BA04F}) (Version: 1.0.0 - Globema)
Neverwinter Nights (HKLM-x32\...\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}) (Version: - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Nozbe (HKLM-x32\...\Nozbe) (Version: 3.4.2 - Nozbe Michael Sliwinski)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.1.0 - Prolific Technology INC)
Power Tab Editor 1.7 (HKLM-x32\...\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}) (Version: 1.7.0 - Power Tab Software)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.9 - Power Software Ltd)
PuTTY Session Manager 0.40.161.0 (HKLM-x32\...\PuTTY Session Manager) (Version: 0.40.161.0 - David Riseley)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1510979301-1719832773-2723577526-1000\...\Spotify) (Version: 1.0.41.375.g040056ca - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.4.0 - Synaptics)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.77242 - TeamViewer)
TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.0.7572 - TeamViewer GmbH)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM-x32\...\InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}) (Version: 2.00.0001 - Texas Instruments Inc.)
The Dude (HKLM-x32\...\Dude) (Version: - )
TIPCI (x32 Version: 2.00.0001 - Texas Instruments Inc.) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.33.64 - TOSHIBA Corporation)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Urania Trial (x32 Version: 1.104 - AstroSfera, Bogdan Krusinski) Hidden
VMware vSphere Client 4.0 (HKLM-x32\...\{C40698F9-A861-4531-9F8C-FA7F8961375B}) (Version: 4.0.0.10021 - VMware, Inc.)
VMware vSphere Client 4.1 (HKLM-x32\...\{A0B433B1-941D-46F5-AE59-286263534232}) (Version: 4.1.0.17435 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3838 - VMware, Inc.)
VMware vSphere Host Update Utility 4.0 (HKLM-x32\...\{9BC51C0F-DA8E-4370-9997-899B3435A647}) (Version: 4.0.0.10021 - VMware, Inc.)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.1.0.12623 - VMware, Inc)
VMware Workstation (x32 Version: 7.1.0.12623 - VMware, Inc.) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
Windows Driver Package - TOSHIBA (FwLnk) System (11/19/2006 1.0.0.3) (HKLM\...\D27D7E9318CFA89EDDE8D448B507A8EB725F5A52) (Version: 11/19/2006 1.0.0.3 - TOSHIBA)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.2 - The Wireshark developer community, hxxp://www.wireshark.org)
X-Lite (HKLM-x32\...\{A079B78F-A69B-449B-A7EE-C65CC9615955}) (Version: 49.8.1564 - CounterPath Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1510979301-1719832773-2723577526-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Thrower\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {32964DFA-2C18-4FA7-8057-41B943707716} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-15] (Adobe Systems Incorporated)
Task: {42F88E50-28A1-45E4-845C-A4F1517701B3} - System32\Tasks\{D34D4E2B-6F38-4CC5-982E-0616A38E5206} => d:\Program Files\Skype\Phone\Skype.exe
Task: {4391FCFA-32B6-454F-9E10-9F10228A5E4E} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {5049921C-EE07-4F3C-B01F-818FCE05858E} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-03-02] ()
Task: {6C4C913A-1F21-4DE7-A8BB-3EAAD3324E48} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {7B149381-7CC5-49DA-96DA-058CA14A120E} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1510979301-1719832773-2723577526-1000Core => C:\Users\Thrower\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {8403F03F-461C-4917-9A68-703644FCCD3D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {843287B5-E447-4058-A8AB-8263D4B53B09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9204DCD9-56A4-4357-A339-E59D8164D2BC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1510979301-1719832773-2723577526-1000UA => C:\Users\Thrower\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {A62F7778-B467-4E70-8919-DF0EED9898CA} - System32\Tasks\{E68E6CC6-A23C-4CEA-8B42-093D53ABED53} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/pl/abandoninstall?page=tsBing
Task: {C1C21AAE-3F5D-496A-9CEF-1114CA0BAAC1} - System32\Tasks\update-S-1-5-21-1510979301-1719832773-2723577526-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {CD7E10FF-B1C8-437E-9FDA-F3F29FC9C61A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {CE9B0B15-81F1-4C74-AAD0-C60FB1820AA5} - System32\Tasks\{C130A7A4-BAC7-4463-91E0-D6E00DC85A03} => pcalua.exe -a "d:\Program Files\MetaTrader 5\Uninstall.exe"
Task: {EF5B45A4-F8F6-4023-9DA0-2AC768238B41} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1510979301-1719832773-2723577526-1000Core.job => C:\Users\Thrower\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1510979301-1719832773-2723577526-1000UA.job => C:\Users\Thrower\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1510979301-1719832773-2723577526-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Forum.lnk -> hxxp://forum.k2t.eu
Shortcut: C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Zgłoś błąd.lnk -> hxxp://bugtraq.k2t.eu
Shortcut: C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\K2T\WTW\Zgłoś propozycję.lnk -> hxxp://bugtraq.k2t.eu
ShortcutWithArgument: C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Program uruchamiający aplikacje Chrome.lnk -> C:\Users\Thrower\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Program uruchamiający aplikacje Chrome.lnk -> C:\Users\Thrower\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\AirMirror.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=macmgoeeggnlnmpiojbcniblabkdjphe
ShortcutWithArgument: C:\Users\Thrower\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikacje Chrome\Torrent Stream.lnk -> C:\Users\Thrower\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=icocmgpofpimcojhefbcfbdldkmndpgj
ShortcutWithArgument: C:\Users\Thrower\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\254498c2a75be104\Nozbe.lnk -> C:\Program Files (x86)\Nozbe\Nozbe.exe (Nozbe Michael Sliwinski) -> --user-data-dir="C:\Users\Thrower\AppData\Local\Nozbe\User Data" --profile-directory=Default --app-id=klemjaeoeladppgbolfcdpeaieohpdof
==================== Loaded Modules (Whitelisted) ==============
2010-05-11 14:17 - 2010-03-19 11:09 - 00065168 _____ () C:\Windows\System32\bgspm64.dll
2012-01-26 22:17 - 2010-06-26 00:03 - 00037888 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOB__J_1.DLL
2013-10-17 15:27 - 2013-10-17 15:27 - 00166912 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2010-05-21 00:55 - 2010-05-21 00:55 - 00970288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2010-05-21 00:56 - 2010-05-21 00:56 - 00068656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll
2017-04-26 23:01 - 2017-04-26 19:59 - 00870720 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2015-12-12 10:23 - 2017-03-29 01:54 - 00035792 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 10:23 - 2017-03-29 01:54 - 00100296 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 10:23 - 2017-03-29 01:54 - 00018888 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 10:23 - 2017-04-26 20:02 - 00019776 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00020824 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 10:23 - 2017-03-29 01:54 - 00123856 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-12 10:23 - 2017-03-29 01:54 - 00694224 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 01729360 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00020816 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-04-26 23:01 - 2017-03-29 01:54 - 00145864 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-04-26 23:01 - 2017-03-29 01:54 - 00019408 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-04-26 23:01 - 2017-03-29 01:54 - 00116688 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 10:23 - 2017-03-29 01:56 - 00105928 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-05 19:30 - 2017-04-26 20:02 - 00022864 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00060736 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00038712 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00024528 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-04-26 23:01 - 2017-03-29 01:54 - 00392656 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-04-26 23:01 - 2017-03-29 01:56 - 00020936 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00116176 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 10:23 - 2017-04-26 20:02 - 00392512 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00124880 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-05 19:30 - 2017-04-26 20:02 - 00026456 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00024016 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00175560 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00030160 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00043472 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00048592 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00057808 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00024016 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00246608 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00027488 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-05 19:30 - 2017-03-29 01:55 - 00241104 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00022336 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 10:23 - 2017-04-26 20:02 - 00025432 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00028616 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 01826104 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 10:23 - 2017-03-29 01:54 - 00083912 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\sip.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 01972024 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 03928896 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00171336 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00042816 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00531264 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00133432 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00224064 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00207680 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00060880 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-02-27 21:27 - 2017-04-26 20:02 - 00054608 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-01-20 21:30 - 2017-04-26 20:02 - 00022864 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-01-20 21:30 - 2017-04-26 20:02 - 00022872 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-20 21:30 - 2017-04-26 20:02 - 00021848 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-20 21:30 - 2017-04-26 20:02 - 00022872 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-12 10:23 - 2017-03-29 01:56 - 00349128 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-12 04:10 - 2017-04-26 20:02 - 00023896 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00025936 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-04-26 23:01 - 2017-03-29 01:52 - 00036296 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\librsync.dll
2017-04-26 23:01 - 2017-04-26 20:02 - 00084288 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-18 01:42 - 2017-04-26 20:02 - 00030536 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-04-26 23:01 - 2017-03-29 02:00 - 00017864 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-04-26 23:01 - 2017-03-29 02:00 - 01631184 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-04-26 23:01 - 2017-04-26 20:02 - 00357688 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-08-05 19:30 - 2017-04-26 20:02 - 00026456 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-26 23:01 - 2017-04-26 20:02 - 00546104 _____ () C:\Users\Thrower\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0E08FC17 [100]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2013-10-22 12:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1510979301-1719832773-2723577526-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 91.225.243.238
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: PSI_SVC_2 => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer5 => 2
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Corel File Shell Monitor => c:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe
MSCONFIG\startupreg: GG => "C:\Users\Thrower\AppData\Local\GG\Application\gghub.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Thrower\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: hostsvr => C:\Windows\hostsvr\hostsvr.exe
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightShot => C:\Users\Thrower\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: MFP Manager => "C:\Program Files (x86)\MFP Server Utilities\MFPAgent.exe" -CheckAutoRun
MSCONFIG\startupreg: NokiaMServer => C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Standby => "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: vmware-tray => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [TCP Query User{C4B23F38-4C05-4E3C-939E-F1FA243AC644}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [UDP Query User{0D4942DF-BBD9-4A0F-8177-60E3CA6C6F00}C:\totalcmd\totalcmd.exe] => (Allow) C:\totalcmd\totalcmd.exe
FirewallRules: [TCP Query User{2BA734B3-A963-489C-964C-E4234DE62710}C:\program files (x86)\tlen7\tlen7.exe] => (Allow) C:\program files (x86)\tlen7\tlen7.exe
FirewallRules: [UDP Query User{B5827684-23CA-41C9-B07C-6FC184F2AB92}C:\program files (x86)\tlen7\tlen7.exe] => (Allow) C:\program files (x86)\tlen7\tlen7.exe
FirewallRules: [TCP Query User{F94BE6AF-1EE4-4119-A2E5-9F680045E36C}C:\program files (x86)\tlen.pl\tlen.exe] => (Allow) C:\program files (x86)\tlen.pl\tlen.exe
FirewallRules: [UDP Query User{F5F62351-D14D-40F2-A38C-D512F933087D}C:\program files (x86)\tlen.pl\tlen.exe] => (Allow) C:\program files (x86)\tlen.pl\tlen.exe
FirewallRules: [TCP Query User{84F2C9F3-23B3-49E3-A1F4-D0221F2150CF}C:\program files (x86)\gadu-gadu 10\gg.exe] => (Allow) C:\program files (x86)\gadu-gadu 10\gg.exe
FirewallRules: [UDP Query User{3AC501F3-028F-44AE-840F-412BA4F42E75}C:\program files (x86)\gadu-gadu 10\gg.exe] => (Allow) C:\program files (x86)\gadu-gadu 10\gg.exe
FirewallRules: [TCP Query User{FCF90772-B425-40F7-B857-5B1B5E4E64AC}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [UDP Query User{F2455BB2-8780-4DB5-8A71-F863F1FC91A9}C:\program files (x86)\java\jre6\bin\java.exe] => (Allow) C:\program files (x86)\java\jre6\bin\java.exe
FirewallRules: [TCP Query User{13A654CA-2E9A-4AFF-B0B0-907869AC2FBA}C:\program files (x86)\dude\dude.exe] => (Allow) C:\program files (x86)\dude\dude.exe
FirewallRules: [UDP Query User{F3CCB0BA-B139-4EA0-B3CD-C3EB3EC8BD40}C:\program files (x86)\dude\dude.exe] => (Allow) C:\program files (x86)\dude\dude.exe
FirewallRules: [TCP Query User{69A12552-5173-4E5F-B260-5C788424C1F4}C:\users\thrower\desktop\winbox.exe] => (Allow) C:\users\thrower\desktop\winbox.exe
FirewallRules: [UDP Query User{9420AD19-92F5-46E7-A831-D3618FB97A47}C:\users\thrower\desktop\winbox.exe] => (Allow) C:\users\thrower\desktop\winbox.exe
FirewallRules: [{BF710F73-5C80-4E32-A5CC-1FBA8DE67395}] => (Allow) C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe
FirewallRules: [{7586338C-C5ED-4D10-8966-5F8E7EDA2268}] => (Allow) C:\Program Files (x86)\Panasonic\TrapMonitor\Trapmnnt.exe
FirewallRules: [TCP Query User{B0152FCA-A53F-4834-B073-BAC083B41AB7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{C3AF924A-CBC1-4F8B-BF7A-2BDDAC016715}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{545A4D2B-E4A0-4B8C-A6F2-1340E3B5A04C}C:\users\thrower\desktop\btest.exe] => (Allow) C:\users\thrower\desktop\btest.exe
FirewallRules: [UDP Query User{F39F13FB-BA46-4B79-B3ED-85AFEDE94773}C:\users\thrower\desktop\btest.exe] => (Allow) C:\users\thrower\desktop\btest.exe
FirewallRules: [{4DE5874A-DD9A-4C87-82BF-898C4758795E}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{C09802FC-F07A-4D26-B931-B4FA28B271F2}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{10021BA8-4052-4094-AB2D-5E9F7CEE609E}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{F5E02837-5C97-44A5-93A2-F0C1C1200EEE}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [UDP Query User{5AEDA5CD-750B-4757-9124-FA3D56040012}C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe] => (Allow) C:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe
FirewallRules: [TCP Query User{009C4243-F200-4ED2-BFBF-D06A392B9FE5}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe] => (Allow) C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [UDP Query User{38ED63E8-9D8D-4897-9C0C-937E34794062}C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe] => (Allow) C:\program files (x86)\nokia\nokia ovi suite\nokiaovisuite.exe
FirewallRules: [{2E6FC58B-9159-46CD-9908-0E390CC1FFF4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{782D9338-1432-4E6F-9E0F-644EA307FEA0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{740B8C32-EA9A-42AF-B647-3555AB954FF1}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{592FCA17-48AD-4B0F-AD81-EF6F6E8CB1D6}F:\polish\utility\ezwizard.exe] => (Allow) F:\polish\utility\ezwizard.exe
FirewallRules: [UDP Query User{7ACA120D-18F1-43EE-9510-B459502370DB}F:\polish\utility\ezwizard.exe] => (Allow) F:\polish\utility\ezwizard.exe
FirewallRules: [{2461F44B-7694-480E-828F-C3132D6279DA}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{D6FD8BEE-A193-49DB-87F9-6E756210B7AD}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{5D78E5A8-FFD5-443A-9565-C46A218D5504}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{139A31AD-CBF6-4E5C-B4A0-CD2D8C03352A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
FirewallRules: [{42A4D83F-6055-4790-BE2C-B890DE5AC4E9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{E1BF6476-30A7-4A7A-8E66-0E70489A4822}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{817ACE73-F4B6-4210-8D6D-9B353C05BD49}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{5EF9F15B-3190-49DD-B2DC-52F77111FD81}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [TCP Query User{84D64E3B-B852-4040-A9B7-AFC9E3BBF36E}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [UDP Query User{F0A35EBC-3607-49F6-9F60-D265B676AEC7}C:\program files (x86)\counterpath\x-lite\x-lite.exe] => (Allow) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{17648505-CD57-458E-BE60-94CEB25FBBE7}] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [{41BB4007-F20E-4287-88DE-DD6600DB88C7}] => (Block) C:\program files (x86)\counterpath\x-lite\x-lite.exe
FirewallRules: [TCP Query User{4520D305-629A-42D1-A518-A84344F12F39}C:\program files (x86)\supermicro\ipmiview\_jvm\bin\java.exe] => (Allow) C:\program files (x86)\supermicro\ipmiview\_jvm\bin\java.exe
FirewallRules: [UDP Query User{D1D4594B-D710-44FD-8CC2-425D662654D5}C:\program files (x86)\supermicro\ipmiview\_jvm\bin\java.exe] => (Allow) C:\program files (x86)\supermicro\ipmiview\_jvm\bin\java.exe
FirewallRules: [{DF5F4C35-679B-45F3-8B83-278DD51A15B8}] => (Block) C:\program files (x86)\supermicro\ipmiview\_jvm\bin\java.exe
FirewallRules: [{EC793221-5E32-46CF-947D-35DC623BB8BA}] => (Block) C:\program files (x86)\supermicro\ipmiview\_jvm\bin\java.exe
FirewallRules: [TCP Query User{F8474F79-B03F-4E3E-9121-9EB1B47B206E}C:\program files (x86)\dude3.6\dude.exe] => (Allow) C:\program files (x86)\dude3.6\dude.exe
FirewallRules: [UDP Query User{416AFB29-4A12-4416-A5C3-10A9FC3DCEAE}C:\program files (x86)\dude3.6\dude.exe] => (Allow) C:\program files (x86)\dude3.6\dude.exe
FirewallRules: [{BB5E63A8-1E5D-466D-B8A7-FC2407EA93B5}] => (Block) C:\program files (x86)\dude3.6\dude.exe
FirewallRules: [{C3B4C0EA-B27F-465A-B810-6AEB7E05CFA0}] => (Block) C:\program files (x86)\dude3.6\dude.exe
FirewallRules: [TCP Query User{03284782-9A1B-47F8-9E07-4C344959590A}E:\downloads\jdownloader_portable\commonfiles\java\bin\javaw.exe] => (Allow) E:\downloads\jdownloader_portable\commonfiles\java\bin\javaw.exe
FirewallRules: [UDP Query User{7AD3F859-4F88-4030-B01C-23DD82A8FFE3}E:\downloads\jdownloader_portable\commonfiles\java\bin\javaw.exe] => (Allow) E:\downloads\jdownloader_portable\commonfiles\java\bin\javaw.exe
FirewallRules: [{934DEEB8-1F5A-4A98-AC00-C5C379766E85}] => (Block) E:\downloads\jdownloader_portable\commonfiles\java\bin\javaw.exe
FirewallRules: [{AC04064E-604C-4D85-A63A-B7AEFD2FAD67}] => (Block) E:\downloads\jdownloader_portable\commonfiles\java\bin\javaw.exe
FirewallRules: [TCP Query User{883FBBB8-B757-4FB8-AB87-990CF4DC1338}E:\thrower\backup new\firmware\rtlapconf.exe] => (Allow) E:\thrower\backup new\firmware\rtlapconf.exe
FirewallRules: [UDP Query User{D804C20B-7E49-41D4-9C88-437226903DC7}E:\thrower\backup new\firmware\rtlapconf.exe] => (Allow) E:\thrower\backup new\firmware\rtlapconf.exe
FirewallRules: [TCP Query User{0244DC2B-016D-4A7D-9B9A-0FE1F318313F}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{F3477682-4132-4722-A159-CE361E7B3715}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{9E1E4B28-D72E-48C9-BAB5-CB8C607EEF3F}] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{ACF28849-DDF4-4E2A-9AC9-243E5D2E158E}] => (Block) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [TCP Query User{E034E901-609D-4F38-AD0C-185CED9F605D}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{E128E0C9-3104-47B5-805C-94A939271C78}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{3F25838D-666D-4E14-AB62-D40DEF369FCA}] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{D94C8B7C-AA80-4658-9B2F-B6C944AA75AF}] => (Block) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{7D83C2D1-A531-46E3-8590-A2D1E031EDD2}E:\thrower\backup new\ut\system\unrealtournament.exe] => (Allow) E:\thrower\backup new\ut\system\unrealtournament.exe
FirewallRules: [UDP Query User{3B1C32DE-D96E-4D04-B2AF-25061F50F557}E:\thrower\backup new\ut\system\unrealtournament.exe] => (Allow) E:\thrower\backup new\ut\system\unrealtournament.exe
FirewallRules: [{11B5122C-6A73-4A7D-B934-C8E642BB72D4}] => (Allow) E:\thrower\backup new\UT\System\UnrealTournament.exe
FirewallRules: [{3CB42C40-BE03-4F38-9CE2-138206538DC1}] => (Allow) E:\thrower\backup new\UT\System\UnrealTournament.exe
FirewallRules: [TCP Query User{E4A594C6-EF0B-4D50-A315-2258155428DB}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [UDP Query User{B1A55AC2-2FF1-4C41-ABA9-91984AC842D8}C:\program files (x86)\flashget network\flashget 3\flashget3.exe] => (Allow) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [{A893BE4C-AD6E-4EC3-8325-7125C9DBC96E}] => (Block) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [{DF7A0BF2-9135-4D60-9126-9B4EE9071998}] => (Block) C:\program files (x86)\flashget network\flashget 3\flashget3.exe
FirewallRules: [{C30B2BAD-C463-4CE0-A2F8-32FCF55C593A}] => (Allow) LPort=443
FirewallRules: [{9411C819-CAE8-4C1D-90AF-82DB18A0713B}] => (Allow) LPort=443
FirewallRules: [{6F0C2BD8-B519-4436-94AF-A489540008B8}] => (Allow) LPort=37674
FirewallRules: [{1C45C12C-0C8B-4629-B7BE-2A974D17A2A7}] => (Allow) LPort=37674
FirewallRules: [{AE961EDB-268D-4A0F-933E-BA45112754FF}] => (Allow) LPort=37675
FirewallRules: [{E2113FF6-631A-4E56-A411-E485AC1A6E33}] => (Allow) LPort=8394
FirewallRules: [{29D419D5-04E8-45BA-8C3A-CF97314180E2}] => (Allow) LPort=8394
FirewallRules: [{8832A270-13FB-4E92-8662-209755B32992}] => (Allow) LPort=6966
FirewallRules: [{415A5B58-B9DE-4B42-A53C-40AF70E26B0D}] => (Allow) LPort=6966
FirewallRules: [{D2C8EAE7-7418-4EB3-B0A6-DB87FCDD72AB}] => (Allow) LPort=6972
FirewallRules: [{E4E53EBF-9981-4F20-8464-E814D8289820}] => (Allow) LPort=6972
FirewallRules: [{90F05312-1128-41D4-B2E5-0BF33CA04716}] => (Allow) LPort=6887
FirewallRules: [{41674CC4-E4CC-4674-B36F-FD79B39F25CD}] => (Allow) LPort=6887
FirewallRules: [{5DB29934-39C6-481D-B670-B7FA3502E0B2}] => (Allow) LPort=6947
FirewallRules: [{849EA92F-EA92-4C48-9BDC-708D43BBE501}] => (Allow) LPort=6947
FirewallRules: [{EDE50BB0-7E30-4D51-9D80-EDE67CD2D191}] => (Allow) LPort=8395
FirewallRules: [{4A504241-4F1C-4BF6-8C2F-5CDE7EB598B9}] => (Allow) LPort=8395
FirewallRules: [{09586407-258C-4A77-9DEE-0652B28DDF19}] => (Allow) LPort=6891
FirewallRules: [{09F6E64A-17ED-42EA-8EA8-133FCA5686C1}] => (Allow) LPort=6891
FirewallRules: [{123D0CE4-B8C9-4C2D-BD1B-422A77951843}] => (Allow) LPort=6901
FirewallRules: [{FB4CF2C8-67EA-43DF-978D-1FCE89480935}] => (Allow) LPort=6901
FirewallRules: [TCP Query User{C0B5B5AE-01BB-44DB-B9D4-215F4E732B15}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{FDF67608-B27D-4813-AB04-B567A58489B1}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{21521873-11C6-4E88-9B31-0F7536B84B08}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CA596255-25AF-4A09-BC8D-31B0A9B51B12}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{44391130-D1D9-4208-AA6C-B6C863BDE3A8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0CEBD48C-58BF-4CCC-96FC-5A307B752FF8}] => (Allow) C:\Users\Thrower\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{D881AA78-7489-4FCF-9755-B3A947398829}] => (Allow) C:\Users\Thrower\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{86DB4E73-5683-40E8-AD6C-9DFCED2E21D1}] => (Allow) C:\Users\Thrower\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EC16A179-FD99-49C3-9B89-21A9F8A5EA95}] => (Allow) C:\Users\Thrower\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6AF3854D-ECA3-45DB-9AF9-72A7779CF533}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe
FirewallRules: [{13F3B180-CF86-4389-8A37-16D6063784BA}] => (Allow) C:\Program Files\K2T\WTW\wtw.exe
FirewallRules: [TCP Query User{F53AAB45-9213-424C-9263-36D4B42CF45A}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{CC18FB6A-0902-4EB5-8E35-553ECE9F12E3}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{A6D5C358-A38F-4713-9730-E287C8D09371}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{42855F55-5E16-44CE-B106-BC3362EA7FFC}] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9DFB9726-70D8-444C-91B8-9432FBC2B687}] => (Allow) %ProgramFiles% (x86)\TeamViewer\Version6\TeamViewer.exe
FirewallRules: [TCP Query User{EE0A1BCB-A238-4E2F-B9B8-4935A4E19CD1}C:\users\thrower\desktop\spa2102-5-2-12\upg-spa2102-5-2-12.exe] => (Allow) C:\users\thrower\desktop\spa2102-5-2-12\upg-spa2102-5-2-12.exe
FirewallRules: [UDP Query User{B25D96C8-361F-4B79-BE80-A3887A74E103}C:\users\thrower\desktop\spa2102-5-2-12\upg-spa2102-5-2-12.exe] => (Allow) C:\users\thrower\desktop\spa2102-5-2-12\upg-spa2102-5-2-12.exe
FirewallRules: [{0777DE29-62E2-40D8-BE12-85572EB95561}] => (Block) C:\users\thrower\desktop\spa2102-5-2-12\upg-spa2102-5-2-12.exe
FirewallRules: [{50171E1F-9E65-4E61-B002-88ED8626B0A9}] => (Block) C:\users\thrower\desktop\spa2102-5-2-12\upg-spa2102-5-2-12.exe
FirewallRules: [TCP Query User{912335E0-87DD-45C8-9AB1-1039A7B2486B}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{26D7DC14-318D-4516-8DF2-BA9F7C5A05FB}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [{1491EBD5-806F-4F11-AD5F-7880DF44372A}] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [{BEEBDAE0-8E67-4346-812F-84F3D29BF9CC}] => (Block) C:\windows\system32\ftp.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [TCP Query User{1BD12326-0434-4846-A294-F22088B62313}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{FC90C5BE-92E1-478B-9901-D5914244F982}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{40428DCA-EC43-432A-90CF-5CFAD6F3EACD}] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{F3715E7E-D99A-4F30-8327-14CBEE131E97}] => (Block) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{FF298CFA-D9A9-4B2E-8BB7-54CAF5732D28}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{5EE01C3F-F1A7-4A16-B5C8-76B5765627B7}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{B6A1C149-D440-4956-B4B2-CCC090A00F1F}] => (Allow) LPort=26675
FirewallRules: [TCP Query User{41B09089-5928-457F-AF65-03AE1560E4E8}C:\users\thrower\desktop\tftpd64.351\tftpd64.exe] => (Allow) C:\users\thrower\desktop\tftpd64.351\tftpd64.exe
FirewallRules: [UDP Query User{5B7D1F37-2C8B-44F3-AF63-7C25150A8CEB}C:\users\thrower\desktop\tftpd64.351\tftpd64.exe] => (Allow) C:\users\thrower\desktop\tftpd64.351\tftpd64.exe
FirewallRules: [{3F641DBE-59F8-4E35-870E-C7AA5BC70FC5}] => (Block) C:\users\thrower\desktop\tftpd64.351\tftpd64.exe
FirewallRules: [{4AA89FDB-9857-4F27-A1B3-583A0B04A6EE}] => (Block) C:\users\thrower\desktop\tftpd64.351\tftpd64.exe
FirewallRules: [TCP Query User{BBA03FD9-218E-4188-AD64-D07A11523211}E:\thrower\backup new\firmware\pap2t_v5.1.6_fw\upg-pap2t-5-1-6.exe] => (Allow) E:\thrower\backup new\firmware\pap2t_v5.1.6_fw\upg-pap2t-5-1-6.exe
FirewallRules: [UDP Query User{CDD6DF02-3344-484F-B8C0-7ABE7433146E}E:\thrower\backup new\firmware\pap2t_v5.1.6_fw\upg-pap2t-5-1-6.exe] => (Allow) E:\thrower\backup new\firmware\pap2t_v5.1.6_fw\upg-pap2t-5-1-6.exe
FirewallRules: [{F953CF5A-9F37-4189-A75E-4B607418863D}] => (Block) E:\thrower\backup new\firmware\pap2t_v5.1.6_fw\upg-pap2t-5-1-6.exe
FirewallRules: [{9CEA4BEB-308B-4CDD-96CA-A04E1978B807}] => (Block) E:\thrower\backup new\firmware\pap2t_v5.1.6_fw\upg-pap2t-5-1-6.exe
FirewallRules: [{0D7CC2D5-9A21-4F93-8811-E813EF8FC2D4}] => (Allow) LPort=14135
FirewallRules: [{D475C76C-E390-4C02-A901-2CB9D9EE8AF2}] => (Allow) LPort=14135
FirewallRules: [TCP Query User{5C935528-F4C4-4931-ACFF-FDB98BAC6906}C:\users\thrower\downloads\netinstall-4.17\netinstall.exe] => (Allow) C:\users\thrower\downloads\netinstall-4.17\netinstall.exe
FirewallRules: [UDP Query User{470EDF0B-6674-46C5-9A61-B76B499C23E3}C:\users\thrower\downloads\netinstall-4.17\netinstall.exe] => (Allow) C:\users\thrower\downloads\netinstall-4.17\netinstall.exe
FirewallRules: [{F85A77A9-E599-4006-BDF4-9A506865FDF3}] => (Block) C:\users\thrower\downloads\netinstall-4.17\netinstall.exe
FirewallRules: [{D16AFF5F-2311-4521-8CB6-59477B472A51}] => (Block) C:\users\thrower\downloads\netinstall-4.17\netinstall.exe
FirewallRules: [TCP Query User{DFB0891F-0068-494A-81D1-27C1380E5AEE}E:\thrower\backup new\firmware\netinstall-4.17\netinstall.exe] => (Allow) E:\thrower\backup new\firmware\netinstall-4.17\netinstall.exe
FirewallRules: [UDP Query User{48B141AD-4762-4C8C-965E-22011772E823}E:\thrower\backup new\firmware\netinstall-4.17\netinstall.exe] => (Allow) E:\thrower\backup new\firmware\netinstall-4.17\netinstall.exe
FirewallRules: [TCP Query User{540EDB0A-D469-448E-A85A-18411E74FA43}E:\thrower\backup new\firmware\netinstall-5.6\netinstall.exe] => (Allow) E:\thrower\backup new\firmware\netinstall-5.6\netinstall.exe
FirewallRules: [UDP Query User{5C58460A-7795-42F7-B0DF-9758A91DE641}E:\thrower\backup new\firmware\netinstall-5.6\netinstall.exe] => (Allow) E:\thrower\backup new\firmware\netinstall-5.6\netinstall.exe
FirewallRules: [{BD29FCDC-D7A5-4B60-89DD-77CE31F2F8D4}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{D94ADD58-ABA6-48BF-A807-9DC4A823779F}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
FirewallRules: [{8CF20ACB-A921-491C-8838-AC0F154548FA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{67BE39A5-80EC-41ED-923A-F07447B4F4C4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{05096075-EC44-4D58-BEA3-8552D93F8192}] => (Allow) D:\Steam\steamapps\common\alien swarm\srcds.exe
FirewallRules: [{E32D07A9-C36B-4264-B4AB-60A8D51940E3}] => (Allow) D:\Steam\steamapps\common\alien swarm\srcds.exe
FirewallRules: [{C41BC85B-E5CA-4D3C-9B71-C86B43F91FEB}] => (Allow) C:\Users\Thrower\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{6ACEC700-A801-4958-A411-EA37373BF0E0}] => (Allow) C:\Users\Thrower\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [TCP Query User{4705B1FA-7143-4C08-84E2-3E3AA9C2AF48}C:\users\thrower\appdata\local\temp\temp1_mux_ip.zip\mux_ip.exe] => (Allow) C:\users\thrower\appdata\local\temp\temp1_mux_ip.zip\mux_ip.exe
FirewallRules: [UDP Query User{1AB0A32B-C2B5-47E4-89A8-712E5409CE1C}C:\users\thrower\appdata\local\temp\temp1_mux_ip.zip\mux_ip.exe] => (Allow) C:\users\thrower\appdata\local\temp\temp1_mux_ip.zip\mux_ip.exe
FirewallRules: [TCP Query User{145C5EE4-2FA7-4D20-9C60-C2C22B965614}C:\users\thrower\appdata\local\temp\temp1_mux_ip (1).zip\mux_ip.exe] => (Allow) C:\users\thrower\appdata\local\temp\temp1_mux_ip (1).zip\mux_ip.exe
FirewallRules: [UDP Query User{994AD45F-7012-4364-96D3-B7CE5374BABF}C:\users\thrower\appdata\local\temp\temp1_mux_ip (1).zip\mux_ip.exe] => (Allow) C:\users\thrower\appdata\local\temp\temp1_mux_ip (1).zip\mux_ip.exe
FirewallRules: [TCP Query User{D15B0D18-725F-41D8-B7BA-2B79120A8A10}C:\users\thrower\desktop\iperf-2.0.5-cygwin\iperf.exe] => (Allow) C:\users\thrower\desktop\iperf-2.0.5-cygwin\iperf.exe
FirewallRules: [UDP Query User{D61A4474-C57A-4AE4-802E-1370DDA81C67}C:\users\thrower\desktop\iperf-2.0.5-cygwin\iperf.exe] => (Allow) C:\users\thrower\desktop\iperf-2.0.5-cygwin\iperf.exe
FirewallRules: [TCP Query User{45E6A39B-084A-4ACB-B175-C652D41BC724}C:\users\thrower\appdata\local\temp\flashfig.exe] => (Block) C:\users\thrower\appdata\local\temp\flashfig.exe
FirewallRules: [UDP Query User{5C8E21D8-3CD7-47A5-98C4-575A1413EE01}C:\users\thrower\appdata\local\temp\flashfig.exe] => (Block) C:\users\thrower\appdata\local\temp\flashfig.exe
FirewallRules: [{202AFE99-A0B8-4E31-867B-59BA07166300}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{8DB9EF8B-DC8D-4533-8F28-1BF7152A531C}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [TCP Query User{83F36863-1860-42D9-BE06-3C2EB26D3A54}D:\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) D:\cisco packet tracer 5.3.3\bin\packettracer5.exe
FirewallRules: [UDP Query User{4187CD5A-7E70-45D3-9450-DC8FA94937CE}D:\cisco packet tracer 5.3.3\bin\packettracer5.exe] => (Allow) D:\cisco packet tracer 5.3.3\bin\packettracer5.exe
FirewallRules: [{ADA34D71-AA11-439D-A9DF-16ED09124FCF}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{3280FE67-FFAC-44FD-B159-F738FE6AD3D4}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F341F0AF-A63B-4CE9-84F3-F52A51F95F44}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{72400D69-9473-4970-9EE4-995A7ABEDF30}] => (Allow) C:\Windows\SysWOW64\javaw.exe
FirewallRules: [{17F525E8-D829-4CF7-9817-20E3F588F231}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [{91F528FB-5561-4B20-AE22-54AA85F844C7}] => (Allow) C:\Program Files (x86)\Java\jre7\bin\java.exe
FirewallRules: [TCP Query User{087B20F5-9344-47C9-BA6D-B5487FEDDB72}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{76817032-6BEB-48DE-A78F-5015EF83EDA4}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{C35C4BED-679D-4483-BAF0-43A6428A6EA9}] => (Allow) C:\Program Files\MetaTrader 5\metatester64.exe
FirewallRules: [TCP Query User{B34C9591-0A30-40A0-98A5-3F6FAC42DEE4}C:\users\thrower\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\thrower\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{6A9AA5AB-A7E1-4068-9D36-64B2873F0489}C:\users\thrower\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\thrower\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{F231D401-F15A-4790-B5A3-F3495168E5B0}E:\thrower\backup new\firmware\winbox.exe] => (Allow) E:\thrower\backup new\firmware\winbox.exe
FirewallRules: [UDP Query User{137217C3-8FDE-4440-837B-175D17EC9889}E:\thrower\backup new\firmware\winbox.exe] => (Allow) E:\thrower\backup new\firmware\winbox.exe
FirewallRules: [{3CEE2CA9-F281-4B6D-833B-E4B87526AFB8}] => (Allow) C:\Users\Thrower\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0F918EFB-9A7F-4909-B715-4C3746B6506E}] => (Allow) C:\Users\Thrower\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{2FB15928-A129-48F9-BAE5-DF37AC335B33}E:\thrower\backup new\firmware\netinstall-6.7\netinstall.exe] => (Allow) E:\thrower\backup new\firmware\netinstall-6.7\netinstall.exe
FirewallRules: [UDP Query User{231CA07E-C894-4F80-842B-C97FDEC11B18}E:\thrower\backup new\firmware\netinstall-6.7\netinstall.exe] => (Allow) E:\thrower\backup new\firmware\netinstall-6.7\netinstall.exe
FirewallRules: [TCP Query User{53AD631F-F7DE-4883-862D-72E0723AEDB2}C:\users\thrower\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thrower\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FD725E2B-807E-4121-B4C3-C26699CC6307}C:\users\thrower\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\thrower\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{9FAFD11F-43BF-465D-BB7A-82405F4CB259}E:\downloads\sieciowe\mikrotik\winbox.exe] => (Allow) E:\downloads\sieciowe\mikrotik\winbox.exe
FirewallRules: [UDP Query User{D95AB792-F005-4E6B-8133-9E1B79690228}E:\downloads\sieciowe\mikrotik\winbox.exe] => (Allow) E:\downloads\sieciowe\mikrotik\winbox.exe
FirewallRules: [TCP Query User{65A7DB5D-7232-4D9E-9085-6C7A019DC15E}E:\downloads\sieciowe\mikrotik\netinstall\netinstall.exe] => (Allow) E:\downloads\sieciowe\mikrotik\netinstall\netinstall.exe
FirewallRules: [UDP Query User{E2983DDA-C243-4DF8-81A7-EB12D13CF495}E:\downloads\sieciowe\mikrotik\netinstall\netinstall.exe] => (Allow) E:\downloads\sieciowe\mikrotik\netinstall\netinstall.exe
FirewallRules: [{91A4F10D-A09A-45AD-A0A5-D497DB0F3E03}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{C5B63552-9B96-4393-BDC6-A26F2FAD7E3D}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{1726BB3F-0B85-4CA8-8798-E0091B694858}] => (Allow) C:\Users\Thrower\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AED8EAD9-AEF4-4B4F-89A5-DBCDD3C83268}] => (Allow) C:\Users\Thrower\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{18DECFA0-C950-4D2A-9FDB-B057B5FE77E5}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [UDP Query User{4C191DD0-0078-42F3-86C8-B67A81D438B0}C:\program files (x86)\java\jre7\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre7\bin\jp2launcher.exe
FirewallRules: [TCP Query User{4645994D-2BEC-4EB8-9BF9-81FED267AB09}C:\users\thrower\downloads\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\users\thrower\downloads\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [UDP Query User{15B1FE63-969F-413D-B316-66AAE3307BF3}C:\users\thrower\downloads\utorrentportable\app\utorrent\utorrent.exe] => (Allow) C:\users\thrower\downloads\utorrentportable\app\utorrent\utorrent.exe
FirewallRules: [TCP Query User{057CF7F1-B5B1-4FD3-9BE2-DD8CBB2A1902}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [UDP Query User{52C98CF5-AB81-4E73-9736-9E1136651505}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe
FirewallRules: [{CBD04EB5-E9EE-4C47-B269-BEC46675E54C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E497B8FE-2D03-4B2F-B0EC-778192EE6C1B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{390AC01C-7E45-447E-B778-B409519ADD5F}C:\users\thrower\downloads\utorrentportable\app\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\thrower\downloads\utorrentportable\app\utorrent\updates\3.4.3_40298.exe
FirewallRules: [UDP Query User{37A8074A-0FE8-4DDC-A536-523471D9980B}C:\users\thrower\downloads\utorrentportable\app\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\thrower\downloads\utorrentportable\app\utorrent\updates\3.4.3_40298.exe
FirewallRules: [{7D197E4F-E341-40FE-8045-3AE002DF79FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{306C2A19-F9D8-4CB1-9959-6FA5D8153177}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{AB42DB47-57F5-46C6-9793-9EC6A4A3634D}C:\users\thrower\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\thrower\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{FFE38261-2567-41AA-9D78-F47F30D80B7F}C:\users\thrower\appdata\local\popcorn time offical\node-webkit\popcorn time.exe] => (Allow) C:\users\thrower\appdata\local\popcorn time offical\node-webkit\popcorn time.exe
FirewallRules: [{97886850-694F-497D-A5B9-0F823BD5BFC6}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{E3BE2423-F38C-4CFC-BC0E-0D050F998232}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [TCP Query User{A283D796-E03F-4447-B3E9-2EA65F8D20BD}E:\downloads\sieciowe\mikrotik\btest.exe] => (Allow) E:\downloads\sieciowe\mikrotik\btest.exe
FirewallRules: [UDP Query User{763DE4C5-1470-47F6-8CEA-8F21E6686C56}E:\downloads\sieciowe\mikrotik\btest.exe] => (Allow) E:\downloads\sieciowe\mikrotik\btest.exe
FirewallRules: [TCP Query User{1F370995-CE15-4258-9796-8CC2EAAE5EE3}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{F8BB6AC1-F6CA-4203-BE78-CAD8CEE57854}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{68AD4A5D-DA49-4A8B-A85B-4545411D55E6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{87372E59-A2D0-4869-A7ED-138BCCD0537B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6148065B-4294-4BA5-9B03-6245197EC303}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{057D2A55-CDB9-40D2-A7F8-487416CC85B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0FCE6C1E-074B-4051-B11E-D47AFF99752B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2017 09:16:51 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (04/27/2017 08:54:59 AM) (Source: MsiInstaller) (EventID: 1013) (User: Thrower-PC)
Description: Internal MSI error. Installer terminated prematurely.
Error: (04/27/2017 08:49:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (04/27/2017 08:27:25 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Internal MSI error. Installer terminated prematurely.
Error: (04/27/2017 08:22:03 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (04/27/2017 03:05:37 AM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Internal MSI error. Installer terminated prematurely.
Error: (04/27/2017 03:00:10 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
Error: (04/27/2017 12:00:02 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Error: (04/26/2017 06:14:39 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Internal MSI error. Installer terminated prematurely.
Error: (04/26/2017 06:09:14 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
System errors:
=============
Error: (04/27/2017 08:56:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Winbond Electronics Corporation - Other hardware - Winbond CIR Transceiver.
Error: (04/27/2017 08:56:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Realtek - Network - Realtek PCIe FE Family Controller.
Error: (04/27/2017 08:56:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Synaptics - Input - Synaptics PS/2 Port TouchPad.
Error: (04/27/2017 08:56:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB4017094).
Error: (04/27/2017 08:49:36 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: AuthenTec driver update for TouchChip Fingerprint Coprocessor (WBF advanced mode).
Error: (04/27/2017 08:37:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (04/27/2017 08:36:38 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
Error: (04/27/2017 08:36:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MFP Server Enhanced Controller service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (04/27/2017 08:27:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB4017094).
Error: (04/27/2017 03:08:06 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Silverlight (KB4017094).
CodeIntegrity:
===================================
Date: 2013-10-22 12:05:11.789
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-22 12:05:11.727
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-19 14:48:48.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-19 14:48:48.068
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-19 14:48:45.920
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-19 14:48:45.814
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-19 14:48:43.663
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-19 14:48:43.554
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-19 14:48:41.417
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sy_ because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-02-19 14:48:41.307
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core™2 Duo CPU T9300 @ 2.50GHz
Percentage of memory in use: 50%
Total physical RAM: 4086.43 MB
Available physical RAM: 2029.51 MB
Total Virtual: 8171.04 MB
Available Virtual: 5667.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:61.46 GB) (Free:11.93 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:32.15 GB) (Free:9.25 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:204.32 GB) (Free:48.44 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 513.6 MB) (Disk ID: A10E3174)
Partition 1: (Not Active) - (Size=513 MB) - (Type=1B)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 7503FE32)
Partition 1: (Not Active) - (Size=165 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=61.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=32.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=204.3 GB) - (Type=05)
==================== End of Addition.txt ============================
Global Moderator
Just a few orphaned entries.
Download the attached file and save it in the same directory FRST64 is saved.
Please copy and paste its contents in your next reply.
Please download Junkware Removal Tool to your Desktop.
Download AdwCleaner from here. Save the file to the desktop.
NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.
Close all open windows and browsers.
New Member
Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Thrower (27-04-2017 17:56:38) Run:3
Running from C:\Users\Thrower\Desktop
Loaded Profiles: Thrower (Available Profiles: Thrower & admin & Guest)
Boot Mode: Normal
==============================================
fixlist content:
*****************
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Search Assistant) - C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfelndikbdcohbdimnhdhhokfljdidgn [2015-03-23] [UpdateUrl: hxxp://ring-tools.info/addons/chrome/update.xml] <==== ATTENTION
S3 SliceDisk5; \??\C:\Users\Thrower\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [X] <==== ATTENTION
ShellIconOverlayIdentifiers: [GGDriveOverlay1] -> {E68D0A50-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay2] -> {E68D0A51-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay3] -> {E68D0A52-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> No File
ShellIconOverlayIdentifiers: [GGDriveOverlay4] -> {E68D0A53-3C40-4712-B90D-DCFA93FF2534} => C:\ProgramData\GG\ggdrive\ggdrive-overlay.dll -> No File
BHO-x32: No Name -> {56CF4856-ECB4-4e46-A897-A378821F97B9} -> No File
BHO-x32: No Name -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> No File
Toolbar: HKLM-x32 - No Name - {56CF4856-ECB4-4e46-A897-A378821F97B9} - No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
S3 SliceDisk5; \??\C:\Users\Thrower\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [X] <==== ATTENTION
C:\Users\Thrower\en_res.dll
C:\Users\Thrower\es_res.dll
C:\Users\Thrower\fr_res.dll
C:\Users\Thrower\grm_res.dll
C:\Users\Thrower\IP_Log_Data.js
C:\Users\Thrower\it_res.dll
C:\Users\Thrower\jp_res.dll
C:\Users\Thrower\mfc80u.dll
C:\Users\Thrower\msvcr80.dll
C:\Users\Thrower\Network_Meter_Data.js
C:\Users\Thrower\PCPE Setup.exe
C:\Users\Thrower\pt_res.dll
C:\Users\Thrower\ResourceReader.dll
C:\Users\Thrower\ru_res.dll
C:\Users\Thrower\zh_res.dll
C:\Windows\System32\Drivers\59E264EA.sys
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
*****************
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfelndikbdcohbdimnhdhhokfljdidgn <==== ATTENTION => not found
HKLM\System\CurrentControlSet\Services\SliceDisk5 => key removed successfully
SliceDisk5 => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay1 => key removed successfully
HKCR\CLSID\{E68D0A50-3C40-4712-B90D-DCFA93FF2534} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay2 => key removed successfully
HKCR\CLSID\{E68D0A51-3C40-4712-B90D-DCFA93FF2534} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay3 => key removed successfully
HKCR\CLSID\{E68D0A52-3C40-4712-B90D-DCFA93FF2534} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GGDriveOverlay4 => key removed successfully
HKCR\CLSID\{E68D0A53-3C40-4712-B90D-DCFA93FF2534} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CF4856-ECB4-4e46-A897-A378821F97B9} => key removed successfully
HKCR\Wow6432Node\CLSID\{56CF4856-ECB4-4e46-A897-A378821F97B9} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} => key removed successfully
HKCR\Wow6432Node\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{56CF4856-ECB4-4e46-A897-A378821F97B9} => value removed successfully
HKCR\Wow6432Node\CLSID\{56CF4856-ECB4-4e46-A897-A378821F97B9} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => key removed successfully
SliceDisk5 => service not found.
C:\Users\Thrower\en_res.dll => moved successfully
C:\Users\Thrower\es_res.dll => moved successfully
C:\Users\Thrower\fr_res.dll => moved successfully
C:\Users\Thrower\grm_res.dll => moved successfully
C:\Users\Thrower\IP_Log_Data.js => moved successfully
C:\Users\Thrower\it_res.dll => moved successfully
C:\Users\Thrower\jp_res.dll => moved successfully
C:\Users\Thrower\mfc80u.dll => moved successfully
C:\Users\Thrower\msvcr80.dll => moved successfully
C:\Users\Thrower\Network_Meter_Data.js => moved successfully
C:\Users\Thrower\PCPE Setup.exe => moved successfully
C:\Users\Thrower\pt_res.dll => moved successfully
C:\Users\Thrower\ResourceReader.dll => moved successfully
C:\Users\Thrower\ru_res.dll => moved successfully
C:\Users\Thrower\zh_res.dll => moved successfully
C:\Windows\System32\Drivers\59E264EA.sys => moved successfully
========= netsh advfirewall reset =========
Ok.
========= End of CMD: =========
========= netsh advfirewall set allprofiles state ON =========
Ok.
========= End of CMD: =========
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset catalog =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ip reset C:\resettcpip.txt =========
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Reseting Route, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
========= End of CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
{A8E9CC53-AF69-4692-96E5-C824AE2260D9} canceled.
1 out of 1 jobs canceled.
========= End of CMD: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3949255 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 10912368 B
Edge => 0 B
Chrome => 4328614 B
Firefox => 135588973 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 33125 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128394 B
systemprofile32 => 5685164 B
LocalService => 66228 B
NetworkService => 66228 B
Thrower => 4304187 B
admin => 290 B
Guest => 65826 B
RecycleBin => 0 B
EmptyTemp: => 165.5 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 17:57:29 ====
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x64
Ran by Thrower (Administrator) on 2017-04-27 at 18:52:12,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 18
Successfully deleted: C:\ProgramData\emailnotifier (Folder)
Successfully deleted: C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fjbbjfdilbioabojmcplalojlmdngbjl (Folder)
Successfully deleted: C:\Users\Thrower\AppData\Local\packageaware (Folder)
Successfully deleted: C:\Users\Thrower\AppData\Roaming\download manager (Folder)
Successfully deleted: C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\Invalidprefs.js (File)
Successfully deleted: C:\Users\Thrower\Documents\add-in express (Folder)
Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-1510979301-1719832773-2723577526-1000 (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-1510979301-1719832773-2723577526-1000.job (Task)
Successfully deleted: C:\Windows\Tasks\update-sys.job (Task)
Successfully deleted: C:\Users\Thrower\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WSGG0VS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Thrower\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMPUDGEJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Thrower\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O6AF7HEC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Thrower\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POX3JXPT (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0WSGG0VS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DMPUDGEJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O6AF7HEC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\POX3JXPT (Temporary Internet Files Folder)
Registry: 2
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017-04-27 at 18:55:09,19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v6.046 - Logfile created 27/04/2017 at 19:01:58
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-25.1 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Thrower - THROWER-PC
# Running from : C:\Users\Thrower\Desktop\adwcleaner_6.046.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Thrower\AppData\Roaming\Mozilla\Firefox\Profiles\0kgtejgc.default\extensions\{068e178c-61a9-4a63-b74f-87404a6f5ea1}
***** [ Files ] *****
[-] File deleted: C:\Windows\unins000.dat
[-] File deleted: C:\Windows\unins000.exe
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
[-] Key deleted: HKLM\SOFTWARE\Email Notifier
[-] Key deleted: HKLM\SOFTWARE\Trymedia Systems
***** [ Web browsers ] *****
[-] [C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bknbnapaddjdnbilpmlacdkjdkjmbjhd
[-] [C:\Users\Thrower\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fjbbjfdilbioabojmcplalojlmdngbjl
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1718 Bytes] - [27/04/2017 19:01:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [1955 Bytes] - [27/04/2017 18:59:13]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1864 Bytes] ##########
Global Moderator
Wow.
Remove Malwarebytes Antimalware. Run the cleanup tool as explained here.
Please download Zemana AntiMalware and save it to your Desktop.
New Member
Hi, sorry for such long time with no reply - I was sick for several days.
Here's the report:
Zemana AntiMalware 2.72.2.388 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017-5-4
Operating System : Windows 7 64-bit
Processor : 2X Intel® Core™2 Duo CPU T9300 @ 2.50GHz
BIOS Mode : Legacy
CUID : 12C565E019EA7B29B5846A
Scan Type : System Scan
Duration : 12m 36s
Scanned Objects : 92744
Detected Objects : 4
Excluded Objects : 0
Read Level : Normal
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Search Assistant
Status : Scanned
Object : %localappdata%\google\chrome\user data\default\extensions\jfelndikbdcohbdimnhdhhokfljdidgn
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Repair
Related Objects :
Browser Extension - Search Assistant
mcaudrv_x64.sys
Status : Scanned
Object : %systemroot%\system32\drivers\mcaudrv_x64.sys
MD5 : 4C017AF4CBC57A36C75A270184CC86CB
Publisher : Visicom Media Inc.
Size : 35440
Version : 4.0.0.0
Detection : Adware:Win32/VisicomToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\system32\drivers\mcaudrv_x64.sys
Registry Entry - HKLM\System\CurrentControlSet\Services\mcaudrv_simple\ImagePath = system32\drivers\mcaudrv_x64.sys
mcvidrv.sys
Status : Scanned
Object : %systemroot%\system32\drivers\mcvidrv.sys
MD5 : C2FD47A6CA255F97A992844B1FDCD5B4
Publisher : Visicom Media Inc.
Size : 42224
Version : 4.0.0.0
Detection : Adware:Win32/VisicomToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %systemroot%\system32\drivers\mcvidrv.sys
Registry Entry - HKLM\System\CurrentControlSet\Services\ManyCam\ImagePath = system32\DRIVERS\mcvidrv.sys
{e68e6cc6-a23c-4cea-8b42-093d53abed53}
Status : Scanned
Object : NE->c:\windows\system32\tasks\{e68e6cc6-a23c-4cea-8b42-093d53abed53}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FF.TASKSCHD.GEN.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
Cleaning Result
-------------------------------------------------------
Cleaned : 4
Reported as safe : 0
Failed : 0
Global Moderator
How is the computer doing?
New Member
To be honest, I'm pretty amazed, feels almost as good as new
Global Moderator
Congratulations.
Lets clean the computer from diagnostics tools:
Please download DelFix by Xplode and save to your Desktop.
Always keep the computer with an active and updated antivirus.
Best regards. 
New Member
# DelFix v1.013 - Logfile created 05/05/2017 at 10:54:05
# Updated 17/04/2016 by Xplode
# Username : Thrower - THROWER-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Thrower\Desktop\Addition.txt
Deleted : C:\Users\Thrower\Desktop\AdwCleaner[C0].txt
Deleted : C:\Users\Thrower\Desktop\adwcleaner_6.046.exe
Deleted : C:\Users\Thrower\Desktop\Fixlog.txt
Deleted : C:\Users\Thrower\Desktop\FRST.txt
Deleted : C:\Users\Thrower\Desktop\FRST64.exe
Deleted : C:\Users\Thrower\Desktop\JRT.txt
Deleted : C:\Windows\grep.exe
Deleted : C:\Windows\PEV.exe
Deleted : C:\Windows\NIRCMD.exe
Deleted : C:\Windows\MBR.exe
Deleted : C:\Windows\SED.exe
Deleted : C:\Windows\SWREG.exe
Deleted : C:\Windows\SWSC.exe
Deleted : C:\Windows\SWXCACLS.exe
Deleted : C:\Windows\Zip.exe
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
~ Creating registry backup ... OK
########## - EOF - ##########
Thank you very much for your time and for your help
Best regards
Global Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
