Laptop WAS super traag

[Obsessed]

Packard Bell laptop van een vriendinnetje van de zoon.
Deze was enorm traag.

Ik heb eerst een heel pak overtollige software verwijderd.
Daarna heb ik AdwCleaner zijn werk laten doen, wat al heel wat snelheidswinst heeft opgeleverd.
Momenteel is het resultaat al vrij goed, maar ik vind dat het na opstarten nog zeer lang duurt voordat alles 'los' komt. Pas na een tiental minuten begint alles vlot te gaan

Wil je eens kijken of je nog iets 'slechts' in onderstaande logjes vind a.u.b.?
Alvast bedankt daarvoor.

MBAM:
Malwarebytes Anti-Malware
www.malwarebytes.org


Scandatum: 5/10/2015
Scantijd: 19:43
Logboekbestand: MBAM.txt
Beheerder: Ja


Versie: 2.1.8.1057
Malware-database: v2015.10.05.05
Rootkit-database: v2015.10.02.01
Licentie: Gratis
Malware-bescherming: Uitgeschakeld
Bescherming tegen kwaadaardige websites: Uitgeschakeld
Zelfbescherming: Uitgeschakeld


Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: gillian


Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten gescand: 431855
Verstreken tijd: 45 min, 10 sec


Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld


Processen: 0
(Geen kwaadaardige items gedetecteerd)


Modules: 0
(Geen kwaadaardige items gedetecteerd)


Registersleutels: 2
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Advanc edSystemProtector_RASAPI32, In quarantaine, [3821074c89024ceade7d7c67f50f19e7],
PUP.Optional.AdvancedSystemProtector, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\Advanc edSystemProtector_RASMANCS, In quarantaine, [5bfed0831774a78fed6e5f842adab24e],


Registerwaarden: 0
(Geen kwaadaardige items gedetecteerd)


Registerdata: 0
(Geen kwaadaardige items gedetecteerd)


Mappen: 0
(Geen kwaadaardige items gedetecteerd)


Bestanden: 0
(Geen kwaadaardige items gedetecteerd)


Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)




(end)

GMER:
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-10-05 20:51:31
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: ytug6rwg.exe; Driver: C:\Users\gillian\AppData\Local\Temp\pwlirfod.sys




---- User code sections - GMER 2.1 ----


.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776a1401 2 bytes JMP 75bdb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776a1419 2 bytes JMP 75bdb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776a1431 2 bytes JMP 75c58f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776a144a 2 bytes CALL 75bb4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776a14dd 2 bytes JMP 75c58832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000776a14f5 2 bytes JMP 75c58a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776a150d 2 bytes JMP 75c58728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 00000000776a1525 2 bytes JMP 75c58af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776a153d 2 bytes JMP 75bcfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776a1555 2 bytes JMP 75bd68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776a156d 2 bytes JMP 75c58ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776a1585 2 bytes JMP 75c58b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776a159d 2 bytes JMP 75c586ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776a15b5 2 bytes JMP 75bcfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776a15cd 2 bytes JMP 75bdb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000776a16b2 2 bytes JMP 75c58eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe[2132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000776a16bd 2 bytes JMP 75c58681 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000071e117fa 2 bytes CALL 75bb11a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071e11860 2 bytes CALL 75bb11a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071e11942 2 bytes JMP 75347089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2180] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000071e1194d 2 bytes JMP 7534cba6 C:\Windows\syswow64\WS2_32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776a1401 2 bytes JMP 75bdb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776a1419 2 bytes JMP 75bdb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776a1431 2 bytes JMP 75c58f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776a144a 2 bytes CALL 75bb4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776a14dd 2 bytes JMP 75c58832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000776a14f5 2 bytes JMP 75c58a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776a150d 2 bytes JMP 75c58728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 00000000776a1525 2 bytes JMP 75c58af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776a153d 2 bytes JMP 75bcfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776a1555 2 bytes JMP 75bd68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776a156d 2 bytes JMP 75c58ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776a1585 2 bytes JMP 75c58b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776a159d 2 bytes JMP 75c586ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776a15b5 2 bytes JMP 75bcfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776a15cd 2 bytes JMP 75bdb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000776a16b2 2 bytes JMP 75c58eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Popcorn Time\Updater.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000776a16bd 2 bytes JMP 75c58681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776a1401 2 bytes JMP 75bdb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776a1419 2 bytes JMP 75bdb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776a1431 2 bytes JMP 75c58f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776a144a 2 bytes CALL 75bb4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776a14dd 2 bytes JMP 75c58832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000776a14f5 2 bytes JMP 75c58a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776a150d 2 bytes JMP 75c58728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 00000000776a1525 2 bytes JMP 75c58af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776a153d 2 bytes JMP 75bcfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776a1555 2 bytes JMP 75bd68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776a156d 2 bytes JMP 75c58ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776a1585 2 bytes JMP 75c58b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776a159d 2 bytes JMP 75c586ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776a15b5 2 bytes JMP 75bcfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776a15cd 2 bytes JMP 75bdb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000776a16b2 2 bytes JMP 75c58eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe[4736] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000776a16bd 2 bytes JMP 75c58681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776a1401 2 bytes JMP 75bdb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776a1419 2 bytes JMP 75bdb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776a1431 2 bytes JMP 75c58f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776a144a 2 bytes CALL 75bb4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776a14dd 2 bytes JMP 75c58832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000776a14f5 2 bytes JMP 75c58a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776a150d 2 bytes JMP 75c58728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 00000000776a1525 2 bytes JMP 75c58af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776a153d 2 bytes JMP 75bcfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776a1555 2 bytes JMP 75bd68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776a156d 2 bytes JMP 75c58ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776a1585 2 bytes JMP 75c58b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776a159d 2 bytes JMP 75c586ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776a15b5 2 bytes JMP 75bcfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776a15cd 2 bytes JMP 75bdb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000776a16b2 2 bytes JMP 75c58eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Launch Manager\LManager.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000776a16bd 2 bytes JMP 75c58681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776a1401 2 bytes JMP 75bdb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776a1419 2 bytes JMP 75bdb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776a1431 2 bytes JMP 75c58f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776a144a 2 bytes CALL 75bb4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776a14dd 2 bytes JMP 75c58832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000776a14f5 2 bytes JMP 75c58a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776a150d 2 bytes JMP 75c58728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 00000000776a1525 2 bytes JMP 75c58af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776a153d 2 bytes JMP 75bcfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776a1555 2 bytes JMP 75bd68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776a156d 2 bytes JMP 75c58ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776a1585 2 bytes JMP 75c58b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776a159d 2 bytes JMP 75c586ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776a15b5 2 bytes JMP 75bcfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776a15cd 2 bytes JMP 75bdb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000776a16b2 2 bytes JMP 75c58eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4536] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000776a16bd 2 bytes JMP 75c58681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776a1401 2 bytes JMP 75bdb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776a1419 2 bytes JMP 75bdb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776a1431 2 bytes JMP 75c58f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776a144a 2 bytes CALL 75bb4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776a14dd 2 bytes JMP 75c58832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000776a14f5 2 bytes JMP 75c58a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776a150d 2 bytes JMP 75c58728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 00000000776a1525 2 bytes JMP 75c58af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776a153d 2 bytes JMP 75bcfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776a1555 2 bytes JMP 75bd68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776a156d 2 bytes JMP 75c58ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776a1585 2 bytes JMP 75c58b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776a159d 2 bytes JMP 75c586ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776a15b5 2 bytes JMP 75bcfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776a15cd 2 bytes JMP 75bdb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000776a16b2 2 bytes JMP 75c58eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[6016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000776a16bd 2 bytes JMP 75c58681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000776a1401 2 bytes JMP 75bdb20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000776a1419 2 bytes JMP 75bdb336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000776a1431 2 bytes JMP 75c58f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000776a144a 2 bytes CALL 75bb4885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000776a14dd 2 bytes JMP 75c58832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameA + 17 00000000776a14f5 2 bytes JMP 75c58a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000776a150d 2 bytes JMP 75c58728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseN ameW + 17 00000000776a1525 2 bytes JMP 75c58af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000776a153d 2 bytes JMP 75bcfc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000776a1555 2 bytes JMP 75bd68df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000776a156d 2 bytes JMP 75c58ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000776a1585 2 bytes JMP 75c58b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000776a159d 2 bytes JMP 75c586ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000776a15b5 2 bytes JMP 75bcfd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000776a15cd 2 bytes JMP 75bdb2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 20 00000000776a16b2 2 bytes JMP 75c58eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe[5860] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileN ameW + 31 00000000776a16bd 2 bytes JMP 75c58681 C:\Windows\syswow64\kernel32.dll
? C:\Windows\system32\mssprxy.dll [5860] entry point in ".rdata" section 00000000749b71e6


---- Threads - GMER 2.1 ----


Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [6072:848] 00000000751b7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [6072:5440] 0000000069338aa6
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [6072:1436] 000000007770c557
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [6072:2560] 00000000777227c1
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe [6072:4112] 00000000777227c1
Thread C:\Windows\System32\svchost.exe [5920:5564] 000007fef0bc9688
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [5972:5580] 000007fefb6b2ae8


---- EOF - GMER 2.1 ----


DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18015 BrowserJavaVersion: 11.60.2
Run by gillian at 20:55:05 on 2015-10-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3948.1564 [GMT 2:00]
.
AV: F-Secure Client Security 12.00 *Disabled/Updated* {0F70A6C4-76E4-6A3B-2695-519F428B1C20}
SP: F-Secure Client Security 12.00 *Disabled/Updated* {B4114720-50DE-65B5-1C25-6AED390C569D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\F-Secure\Anti-Virus\fsgk32st.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\F-Secure\Common\FSMA32.EXE
C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL32.EXE
C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Popcorn Time\Updater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Advantage 9.10\Server\ADS.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\F-Secure\Anti-Virus\fssm32.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\F-Secure\Common\FSHDLL64.EXE
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\F-Secure\Common\FNRB32.EXE
C:\Program Files (x86)\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\Devic eDetector.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\F-Secure\Common\FIH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\NTI\Packard Bell MyBackup\BackupManagerTray.exe
C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\F-Secure\Common\FSM32.EXE
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\gillian\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\gillian\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Users\gillian\AppData\Local\Google\Chrome\Appli cation\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/?trackid=sp-006
uSearch Bar = hxxps://www.google.com/?trackid=sp-006
uSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mStart Page = hxxps://www.google.com/?trackid=sp-006
mSearch Bar = hxxps://www.google.com/?trackid=sp-006
mSearch Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\gillian\AppData\Local\Google\Update\Goog leUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\gillian\AppData\Local\Facebook\Update\Fa cebookUpdate.exe" /c /nocrashserver
uRun: [HP Officejet 6600 (NET)] "C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" -deviceID "CN32J5QJ4Y05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
uRun: [AdobeBridge] <no file>
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [F-Secure Manager] "C:\Program Files (x86)\F-Secure\Common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "C:\Program Files (x86)\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
TCP: NameServer = 195.130.131.131 195.130.130.3
TCP: Interfaces\{44DCC2A2-DC42-451A-9B1F-7C70A910CF2A} : DHCPNameServer = 217.72.230.1 217.72.230.129
TCP: Interfaces\{F5A134E0-6E70-433E-9638-21A2DDAFC62A} : DHCPNameServer = 195.130.131.131 195.130.130.3
TCP: Interfaces\{F5A134E0-6E70-433E-9638-21A2DDAFC62A}\7496F66716E6E696027796562796E636B687 : DHCPNameServer = 195.130.130.3 195.130.131.3
TCP: Interfaces\{F5A134E0-6E70-433E-9638-21A2DDAFC62A}\75962756C6563737 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [Power Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;C:\Windows\System32\drivers\fsbts.sys [2015-10-4 66736]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpc iflt.sys [2011-7-28 25960]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHl pa64.sys [2011-12-29 55856]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdate Svc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2014-4-11 103608]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-31 352336]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-7-28 872552]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;C:\Program Files (x86)\F-Secure\Anti-Virus\FSGK32ST.exe [2015-10-4 273448]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-1-18 29696]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-31 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-5-31 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Packard Bell MyBackup\IScheduleSvc.exe [2011-3-9 257344]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-28 2656280]
R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2015-9-6 339968]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-21 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-21 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScs iMSa.sys [2011-5-16 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScs iSDa.sys [2011-5-6 86056]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files (x86)\F-Secure\Anti-Virus\minifilter\fsgk.sys [2015-10-4 207912]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker;C:\Program Files (x86)\F-Secure\Common\FNRB32.exe [2015-10-4 216616]
R3 FSORSPClient;F-Secure ORSP Client;C:\Program Files (x86)\F-Secure\ORSP Client\fsorsp.exe [2015-10-4 60456]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-31 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-18 412712]
S?4 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\dr ivers\MBAMSwissArmy.sys [2015-10-5 113880]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-5 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-5-31 138024]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-9-8 114688]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\dr ivers\mbam.sys [2015-10-5 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windo ws\System32\drivers\mwac.sys [2015-10-5 63704]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-8-2 22528]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUs bFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-16 54784]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-30 1255736]
.
=============== Created Last 30 ================
.
2015-10-05 17:42:26 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-10-05 17:41:44 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-10-05 17:41:44 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-10-05 17:41:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-10-05 17:41:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-05 17:27:40 -------- d-----w- C:\Windows\pss
2015-10-05 17:24:11 -------- d-----w- C:\Program Files\CCleaner
2015-10-05 17:23:08 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB683232-26CC-4376-A1A6-B5578AD28E75}\offreg.5920.dll
2015-10-04 21:26:51 -------- d-----w- C:\Users\gillian\.oracle_jre_usage
2015-10-04 20:53:42 66736 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2015-10-04 20:52:54 -------- d-----w- C:\Program Files (x86)\F-Secure
2015-10-04 20:52:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB683232-26CC-4376-A1A6-B5578AD28E75}\offreg.2248.dll
2015-10-04 20:50:26 -------- d-----w- C:\ProgramData\F-Secure
2015-10-04 19:00:48 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2015-10-02 20:12:14 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB683232-26CC-4376-A1A6-B5578AD28E75}\mpengine.dll
2015-09-27 17:49:30 93528 ----a-w- C:\Windows\System32\drivers\aswC604.tmp
2015-09-27 17:49:30 90968 ----a-w- C:\Windows\System32\drivers\aswC6B1.tmp
2015-09-27 17:49:30 65224 ----a-w- C:\Windows\System32\drivers\aswC72F.tmp
2015-09-27 17:49:30 447944 ----a-w- C:\Windows\System32\drivers\aswC78E.tmp
2015-09-27 17:49:30 28656 ----a-w- C:\Windows\System32\drivers\aswC682.tmp
2015-09-27 17:49:30 274808 ----a-w- C:\Windows\System32\drivers\aswC7CD.tmp
2015-09-27 17:49:30 150672 ----a-w- C:\Windows\System32\drivers\aswC82C.tmp
2015-09-27 17:49:29 1048344 ----a-w- C:\Windows\System32\drivers\aswC400.tmp
2015-09-27 13:29:50 -------- d-----w- C:\Users\gillian\MediaEspresso
2015-09-17 14:12:17 -------- d-----w- C:\Users\gillian\AppData\Local\Avg
2015-09-17 14:10:20 113880 ----a-w- C:\Windows\System32\drivers\56C37934.sys
2015-09-10 06:32:57 -------- d--h--w- C:\$Windows.~BT
2015-09-08 20:57:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-09-08 20:56:49 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-09-08 20:54:56 3209216 ----a-w- C:\Windows\System32\win32k.sys
2015-09-06 19:10:29 -------- d-----w- C:\Users\gillian\AppData\Local\PopcornTimeDesktop
2015-09-06 19:09:22 -------- d-----w- C:\Program Files (x86)\Popcorn Time
.
==================== Find3M ====================
.
2015-10-04 21:26:16 97888 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2015-09-26 15:08:34 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-09-26 15:08:34 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-02 03:04:49 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-09-02 03:04:46 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-09-02 03:04:44 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-09-02 03:04:42 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-09-02 02:48:31 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-09-02 02:48:28 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-09-02 02:48:25 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-09-02 02:47:18 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-09-02 01:47:08 372736 ----a-w- C:\Windows\System32\atmfd.dll
2015-09-02 01:33:48 299520 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-08-27 18:18:27 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2015-08-27 18:18:27 1887232 ----a-w- C:\Windows\System32\msxml3.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2015-08-27 18:13:03 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-08-27 17:58:14 1391104 ----a-w- C:\Windows\SysWow64\msxml6.dll
2015-08-27 17:58:14 1241088 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2015-08-27 17:51:26 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-08-26 18:07:11 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-08-26 18:07:11 3165696 ----a-w- C:\Windows\System32\wucltux.dll
2015-08-26 18:07:11 192000 ----a-w- C:\Windows\System32\wuwebv.dll
2015-08-26 18:06:43 91136 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-08-26 18:06:33 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-08-26 18:06:30 37376 ----a-w- C:\Windows\System32\wuapp.exe
2015-08-26 17:56:25 93184 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-08-26 17:56:25 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-08-26 17:55:37 34816 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-08-15 06:34:10 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-08-15 06:33:56 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-08-15 06:18:47 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-08-15 06:18:00 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-08-15 06:17:54 417792 ----a-w- C:\Windows\System32\html.iec
2015-08-15 06:17:49 585216 ----a-w- C:\Windows\System32\vbscript.dll
2015-08-15 06:17:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-08-15 06:04:47 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-08-15 06:04:46 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-08-15 06:04:25 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-08-15 06:00:44 5923328 ----a-w- C:\Windows\System32\jscript9.dll
2015-08-15 05:57:20 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-08-15 05:53:22 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-08-15 05:46:15 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-08-15 05:40:29 504832 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-08-15 05:40:12 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-08-15 05:39:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-08-15 05:39:22 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-08-15 05:38:34 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-08-15 05:29:36 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-08-15 05:29:12 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-08-15 05:22:47 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-08-15 05:22:03 2126336 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-08-15 05:16:37 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-08-15 05:10:32 4520448 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-08-15 05:07:28 2427392 ----a-w- C:\Windows\System32\wininet.dll
2015-08-15 05:01:47 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-08-15 05:01:23 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-08-15 04:43:00 1951232 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-08-05 17:56:14 1110016 ----a-w- C:\Windows\System32\schedsvc.dll
2015-08-05 17:56:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-08-05 17:56:06 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-08-05 17:40:50 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-08-04 18:03:10 692672 ----a-w- C:\Windows\System32\winload.efi
2015-08-04 18:00:24 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-08-04 17:56:54 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2015-08-04 17:56:37 59392 ----a-w- C:\Windows\System32\appidapi.dll
2015-08-04 17:56:37 32768 ----a-w- C:\Windows\System32\appidsvc.dll
2015-08-04 17:55:57 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2015-08-04 17:55:57 147456 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2015-08-04 17:47:42 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2015-08-04 16:58:09 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2015-07-30 18:06:57 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-30 18:06:57 1648128 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-30 18:06:57 1180160 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-30 17:57:30 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-30 17:57:30 1251328 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-30 13:13:38 103120 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNativ e_v0300.dll
2015-07-30 13:13:11 124624 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNativ e_v0300.dll
2015-07-28 20:09:44 17344 ----a-w- C:\Windows\System32\CompatTelRunner.exe
2015-07-28 20:05:53 774656 ----a-w- C:\Windows\System32\invagent.dll
2015-07-28 20:05:50 743424 ----a-w- C:\Windows\System32\generaltel.dll
2015-07-28 20:05:47 437760 ----a-w- C:\Windows\System32\devinv.dll
2015-07-28 20:05:45 1116672 ----a-w- C:\Windows\System32\appraiser.dll
2015-07-28 20:05:44 69120 ----a-w- C:\Windows\System32\acmigration.dll
2015-07-28 20:05:44 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-07-28 19:55:14 1148416 ----a-w- C:\Windows\System32\aeinv.dll
2015-07-23 00:06:26 5568960 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-07-23 00:06:25 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-07-23 00:03:19 1730496 ----a-w- C:\Windows\System32\ntdll.dll
2015-07-23 00:03:07 362496 ----a-w- C:\Windows\System32\wow64win.dll
2015-07-23 00:03:07 243712 ----a-w- C:\Windows\System32\wow64.dll
2015-07-23 00:03:07 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2015-07-23 00:03:06 215040 ----a-w- C:\Windows\System32\winsrv.dll
2015-07-23 00:01:53 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-07-23 00:01:39 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-07-23 00:01:32 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-07-22 23:58:17 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-07-22 23:57:53 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-07-22 23:51:59 686080 ----a-w- C:\Windows\System32\adtschema.dll
.
============= FINISH: 20:56:19,20 ===============