Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01 Ran by R en O Office (15-06-2018 15:39:45) Running from C:\Users\Ruud\Downloads\Software-Programs Windows 10 Home Version 1803 17134.112 (X64) (2018-05-28 21:29:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-98945357-699151374-1923595995-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-98945357-699151374-1923595995-503 - Limited - Disabled) Guest (S-1-5-21-98945357-699151374-1923595995-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-98945357-699151374-1923595995-1008 - Limited - Enabled) R en O Office (S-1-5-21-98945357-699151374-1923595995-1001 - Administrator - Enabled) => C:\Users\Ruud WDAGUtilityAccount (S-1-5-21-98945357-699151374-1923595995-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.3.203 - Adobe Systems, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software) Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 64.0.387.186 - AVAST Software) Belarc Advisor 8.5a (HKLM-x32\...\Belarc Advisor) (Version: 8.5.1.0 - Belarc Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬) Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.01 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden EaseUS Todo Backup Free 11.0 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 11.0 - CHENGDU YIWO Tech Development Co., Ltd) Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company) FastStone Image Viewer 5.5 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.5 - FastStone Soft) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.87 - Google Inc.) Google Earth Pro (HKLM-x32\...\{FA1BBF34-E994-4310-95D7-BE93092B8E61}) (Version: 7.3.1.4507 - Google) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software) Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel(R) Chipset Device Software (HKLM-x32\...\{d9719db8-d532-496c-9f2b-eeb1f69f7d89}) (Version: 10.1.1.34 - Intel(R) Corporation) Hidden Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.0.0.1002 - Intel Corporation) Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) IrfanView 4.51 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.51 - Irfan Skiljan) iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics) Java 8 Update 161 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation) Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation) Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation) KompoZer 0.8b3 (HKLM-x32\...\{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1) (Version: - KompoZer) Malwarebytes versie 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9330.2087 - Microsoft Corporation) Microsoft Office 365 - nl-nl (HKLM\...\O365HomePremRetail - nl-nl) (Version: 16.0.9330.2087 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Proofing Tools 2013 - Nederlands (HKLM-x32\...\{90150000-001F-0413-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-98945357-699151374-1923595995-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DC5E5027-65E8-41CB-815C-9AAB48BFB8E2}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) NetWorx 5.5.5 (HKLM\...\NetWorx_is1) (Version: - Softperfect) ODF Add-in for Microsoft Office (HKLM-x32\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team) Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-008F-0000-1000-0000000FF1CE}) (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0413-0000-0000000FF1CE}) (Version: 16.0.9330.2087 - Microsoft Corporation) Hidden Oracle VM VirtualBox 5.1.10 (HKLM\...\{57682F33-488A-4065-8255-C3681A2B6F4E}) (Version: 5.1.10 - Oracle Corporation) Outlook Setup Tool (HKLM-x32\...\outlookset) (Version: 2.2.19 - Starfield Technologies) PicPick (HKLM-x32\...\PicPick) (Version: 4.2.8 - NGWIN) Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.5.1.2 - Popcorn Time) <==== ATTENTION Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.10.9 - Intuit) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.151 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.62 - REALTEK Semiconductor Corp.) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.) SketchUp 2016 (HKLM\...\{E2B66CF6-ABA0-4E5F-B426-7478B18301AE}) (Version: 16.1.1449 - Trimble Navigation Limited) Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation) Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.) Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Soda PDF 6 View Module (HKLM-x32\...\{0341A523-2227-42F5-A438-DC41DB815A17}) (Version: 6.4.8.18629 - LULU Software Limited) Hidden Sweet Home 3D version 5.4 (HKLM\...\Sweet Home 3D_is1) (Version: 5.4 - eTeks) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN) WD Drive Utilities (HKLM-x32\...\{E61CFDDA-40DD-4400-95CA-12819C50B5C2}) (Version: 1.1.0.51 - Western Digital Technologies, Inc.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-98945357-699151374-1923595995-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-28] (AVAST Software) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-28] (AVAST Software) ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-28] (AVAST Software) ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.) ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-28] (AVAST Software) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2018-05-24] (CHENGDU YIWO Tech Development Co.,Ltd) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation) ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov) ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-28] (AVAST Software) ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0F336EC8-E4BF-4E85-9DA5-459F0A31C256} - System32\Tasks\{34DC3747-CD63-48CE-88EE-03C4A1384D2B} => C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\ -c /AUTORUN Task: {19FD4C56-21DD-4705-8DAF-ED21DA4B8852} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation) Task: {27C7676B-09B7-4452-AD21-54A1BC684F31} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe Task: {2B9AC299-3CF1-4AFF-B666-9A3E3EAD6C73} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-06-12] (Microsoft Corporation) Task: {30AFE7A7-1967-4503-AF58-7295B27F2B05} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-05-29] (Microsoft Corporation) Task: {31CABDAC-076F-481D-8720-2BC638516C92} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe Task: {3A5860FB-D975-46A2-98CA-8434BBE0E041} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {3CA3B001-3816-4A68-9CC6-8C9D87BE4452} - System32\Tasks\{39C15173-5694-4FC8-927F-E778DFAC895F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Users\Ruud\Downloads\Software-Programs\Sonim\Sonim-PCTool021014\Sonim PC-Tools\USB_Driver\InstallDriver.exe" -d "C:\Users\Ruud\Downloads\Software-Programs\Sonim\Sonim-PCTool021014\Sonim PC-Tools\USB_Driver" Task: {3EF9CEE8-4083-4829-8B23-0027401E1DF1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {424AF9CD-93F8-4330-B59B-9EEFC1BE2093} - System32\Tasks\{4F7F582E-D1C1-405D-BBE9-EB7E7FC20F30} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files\7-Zip\7zFM.exe" -d C:\Users\Ruud\Downloads\Software-Programs\Sonim -c "C:\Users\Ruud\Downloads\Software-Programs\Sonim\Sonim-PCTool021014.zip" Task: {4CDC7CAF-3209-445D-BE4B-16AAC457A2C8} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-28] (AVAST Software) Task: {550A0024-6015-4BAD-8872-8C75223A5F79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-07] (Adobe Systems Incorporated) Task: {570D53AF-BF05-4CC6-B354-6977402E8BDD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-29] (Microsoft Corporation) Task: {5E4ADB91-2507-4415-B552-49F62CACA5D1} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-03-28] (AVAST Software) Task: {5E835BAD-8CCC-43F8-948E-2D75517FAD40} - System32\Tasks\{458CC55E-EB42-44CA-A69C-20E99C7032A6} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Soda PDF 6\Installation\Soda_PDF_6_Installer.exe" -c /uninstall Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] () Task: {668611B0-B7BC-40B1-B0A9-F8FDB650DDAE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-05-29] (Microsoft Corporation) Task: {68812DF6-2E43-4071-96FE-C4CC3F15D60B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {69735D86-21CC-4B9C-B84D-5DD6A7B5B6A1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {6B5BF64D-CF4A-4339-A788-418DE58CC845} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-07] (Adobe Systems Incorporated) Task: {730F814D-2261-49D4-8EE9-C16465A29077} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {798F075E-2ADF-46FF-9ABF-1CBE259FA5C7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {7F352043-1A0B-4F83-B1D9-13B0DCB4F0E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-30] (Google Inc.) Task: {82DAF7C4-4149-45E4-9672-C4B1CE83E886} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {950FFFE9-99FC-4BF2-9D3D-BA19ECF64D7D} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-07] (AVAST Software) Task: {96707FE1-AAD1-4929-BB77-55C43349C521} - System32\Tasks\Soda PDF 6 => C:\Program Files (x86)\Soda PDF 6\Soda PDF 6.exe Task: {982A90DF-BE78-4BB0-88A9-3118FDED7B55} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-30] (Google Inc.) Task: {A92D82D9-B216-4ED0-8454-E4E34E457C1E} - \WPD\SqmUpload_S-1-5-21-98945357-699151374-1923595995-1001 -> No File <==== ATTENTION Task: {AB218B69-EF0F-443B-BA1B-525943B654FE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {BE8E4220-C27E-4C5A-ADB0-05802F48952B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd) Task: {C2653069-9BD6-497F-8B58-F3BFA055B89A} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2017-08-18] (Synaptics Incorporated) Task: {C26D89BC-6EB1-4271-8860-A839236CDEF0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {CD118C51-B2CB-494B-BD7D-ED8BC455435D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd) Task: {D72000C1-42D5-440C-909E-BCC092D54E00} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-05-24] (Microsoft Corporation) Task: {D7C0BEB1-4929-4EFB-AFA5-FE0DCA93CACA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {E3419134-5AB3-4A11-BA8B-980DD6CB7774} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {E576B3C0-7799-4525-908B-5EEAD733F63B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-05-29] (Microsoft Corporation) Task: {F11294B2-EADA-4FF1-932F-A10A9C00C6A1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {F5B6D7AC-81E0-4663-BCF7-879C6C48B9D6} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-28] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\Ruud\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" ==================== Loaded Modules (Whitelisted) ============== 2018-04-11 17:34 - 2018-04-11 17:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2018-06-06 22:38 - 2018-06-07 14:23 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-06-06 22:38 - 2018-06-07 14:23 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-04-11 17:34 - 2018-04-11 17:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-11 17:34 - 2018-04-11 17:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-06-12 13:17 - 2018-06-08 02:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-06-08 18:32 - 2018-05-10 02:43 - 000270480 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 2017-01-26 13:42 - 2016-09-19 12:09 - 000813056 _____ () C:\Program Files\NetWorx\sqlite.dll 2018-06-08 18:09 - 2018-06-08 18:11 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2018-06-08 18:09 - 2018-06-08 18:11 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-10-06 17:12 - 2017-10-06 17:15 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-05-29 17:02 - 2018-05-29 17:07 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-05-04 09:05 - 2018-05-04 09:10 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll 2018-05-29 17:02 - 2018-05-29 17:07 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2018-05-29 17:02 - 2018-05-29 17:07 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-03-30 08:28 - 2018-03-30 08:33 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-06-08 18:09 - 2018-06-08 18:11 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-05-29 17:02 - 2018-05-29 17:07 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2018-06-08 18:09 - 2018-06-08 18:11 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-05-29 17:02 - 2018-05-29 17:07 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2018-05-29 17:02 - 2018-05-29 17:07 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-05-29 17:02 - 2018-05-29 17:07 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-06-08 18:09 - 2018-06-08 18:11 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll 2018-06-08 18:09 - 2018-06-08 18:11 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImageDecoding.dll 2018-05-19 08:02 - 2018-05-19 08:03 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll 2018-05-08 08:24 - 2018-05-08 08:25 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-05-23 07:10 - 2018-05-23 07:13 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2018-05-23 07:10 - 2018-05-23 07:13 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2018-05-23 07:10 - 2018-05-23 07:13 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2018-05-23 07:10 - 2018-05-23 07:13 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll 2018-06-08 18:33 - 2017-02-21 17:19 - 000083136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000019600 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll 2018-06-08 18:33 - 2016-03-07 18:08 - 001291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll 2018-06-08 18:33 - 2004-10-05 03:08 - 000055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000024720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000188560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000195728 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000163472 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000055952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000018064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000058000 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll 2018-06-08 18:32 - 2017-10-13 08:42 - 000703120 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuActiveOnline.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000487568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EULicenseDLL.DLL 2018-06-08 18:32 - 2018-05-10 02:41 - 000021648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\fsclog.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000264336 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AuthorizedMng.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000112272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CalcScheduleTime.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000085648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000032912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll 2018-06-08 18:32 - 2018-05-11 17:23 - 000070800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000169616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000539280 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000078480 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000316048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000211088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000026256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000074384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000141968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000089232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 002414736 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000217232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000162960 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000029328 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll 2018-06-08 18:32 - 2018-05-15 14:51 - 000128656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000026768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000024720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000034448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000054416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000066192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000026768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000072848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000243344 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000078992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000021648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000138384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000074896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlExBrowser.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000585872 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlSMOCPlusPlus.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000119952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSearch.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000045200 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000367760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000142992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000149136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000052368 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000064144 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll 2018-06-08 18:32 - 2018-05-10 02:40 - 000091792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll 2018-06-08 18:32 - 2018-05-10 02:41 - 000058512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll 2018-06-08 18:32 - 2018-05-10 02:42 - 000220304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll 2018-03-15 22:48 - 2018-03-15 22:48 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-05-28 14:49 - 2018-05-28 14:49 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-05-28 14:48 - 2018-05-28 14:48 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2016-08-25 17:25 - 2017-12-01 14:40 - 001452728 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll 2016-08-25 10:16 - 2018-05-29 20:35 - 001030312 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 07:25 - 2013-08-22 07:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-98945357-699151374-1923595995-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ruud\AppData\Roaming\FastStone\FSIV\FSViewerWallPaper.bmp DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: SBSDWSCService => 2 HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKLM\...\StartupApproved\Run32: => "DriveUtilitiesHelper" HKLM\...\StartupApproved\Run32: => "SecurityHealth" HKU\S-1-5-21-98945357-699151374-1923595995-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk" HKU\S-1-5-21-98945357-699151374-1923595995-1001\...\StartupApproved\Run: => "SpybotSD TeaTimer" HKU\S-1-5-21-98945357-699151374-1923595995-1001\...\StartupApproved\Run: => "PicPick Start" HKU\S-1-5-21-98945357-699151374-1923595995-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1AD62B44-1BF9-4F88-9416-2A85FF44C8F5}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe FirewallRules: [{DB69A932-5F1F-4B3F-90A3-C2092A37DAB7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{0B0BB2F9-67DC-4E2A-8708-6A9DDE11AA17}] => (Allow) C:\Program Files\NetWorx\networx.exe FirewallRules: [{F891DFE2-D249-4645-9490-C0E308628472}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{A649F8AA-AD80-4EEE-89ED-80A3AC595C2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C38DAF0F-DF58-4365-941E-80069E38F442}] => (Allow) C:\Program Files\NetWorx\networx.exe FirewallRules: [{A15F7C9B-78AD-416C-814D-2B2A90456513}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{E7EC3C37-BC6C-4CC2-A726-CC6B5430866C}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe FirewallRules: [{B2ECC7F2-087F-47A6-ADE2-5108D19350B2}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{830139F0-990C-4C6F-8C64-B46E4696AB61}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe FirewallRules: [{4B10DE5D-3F2E-47CA-BCF8-BFD4F5D527D3}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{B71E45D8-5286-442C-9E5E-3403AC97DA6A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe FirewallRules: [{A59457E7-D5FC-4FE7-9D72-CD1615B11C7F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe FirewallRules: [{F5DCDA83-E040-400E-AB62-98AC4D545628}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe FirewallRules: [{05F01637-5B74-47AF-B393-75D24634F44A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe FirewallRules: [{164F554D-D041-4D18-91AE-2BAEC8423AD0}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{28528E88-969E-4434-9DBF-BAA0F22E9823}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{B795FDD3-997A-480B-B8AC-2F11C52075DC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{97CB65B2-C8D9-4FBD-9D9C-F9F02458623E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{24D435DF-7BDF-48D6-883B-02D05E843C68}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{199A99A2-8836-4262-9400-4D26EED6D11E}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{D1EE8DDD-E630-4C95-8F15-36074D600E21}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{ABF71549-DB32-487B-90C7-524F4FDDE851}] => (Allow) LPort=2869 FirewallRules: [{3394F295-2CC3-467B-B4CF-332847D2FF49}] => (Allow) LPort=1900 FirewallRules: [{134201E3-F74A-4C97-B484-9F408CC95DD7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{A28CC1AB-57F6-437D-89A2-4113029D3394}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{C1F15FDF-0CB6-4473-A07A-823FBCFFC1B8}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe FirewallRules: [{C0723F6F-528E-4F48-925D-D513DC4477EC}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{3DD0680B-0A2F-4B46-829E-F669E5C2E9B9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe FirewallRules: [{EDDC8C24-0CE6-4287-90BF-239FFBD7504A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{26E1FE17-E1AC-49C1-85C6-612A21FE4678}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe FirewallRules: [{6537894B-671C-4CBC-BAAD-555F3985CFF8}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{A216DE3D-7ECA-48B8-8F1C-C7297ED1DCA3}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe FirewallRules: [{28E673D7-2681-48AD-AD6F-D718FF36562D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 08-06-2018 08:52:53 Windows Update 12-06-2018 13:14:12 Windows Update 14-06-2018 21:49:45 Removed HP Documentation 14-06-2018 21:51:48 Removed HP PC Hardware Diagnostics Windows ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/15/2018 02:59:10 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/15/2018 01:59:09 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/15/2018 12:59:09 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/15/2018 11:59:09 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/15/2018 10:59:11 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/15/2018 09:59:09 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/15/2018 08:59:09 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY) Description: Product: Avast Update Helper -- Error 1316. The specified account already exists. Error: (06/15/2018 08:20:58 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 System errors: ============= Error: (06/15/2018 03:37:43 PM) (Source: DCOM) (EventID: 10016) (User: ODETTEKANTOOR) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ODETTEKANTOOR\R en O Office SID (S-1-5-21-98945357-699151374-1923595995-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/15/2018 02:41:37 PM) (Source: DCOM) (EventID: 10016) (User: ODETTEKANTOOR) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ODETTEKANTOOR\R en O Office SID (S-1-5-21-98945357-699151374-1923595995-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/15/2018 02:01:37 PM) (Source: DCOM) (EventID: 10016) (User: ODETTEKANTOOR) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ODETTEKANTOOR\R en O Office SID (S-1-5-21-98945357-699151374-1923595995-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/15/2018 01:14:57 PM) (Source: DCOM) (EventID: 10016) (User: ODETTEKANTOOR) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ODETTEKANTOOR\R en O Office SID (S-1-5-21-98945357-699151374-1923595995-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/15/2018 09:00:49 AM) (Source: DCOM) (EventID: 10016) (User: ODETTEKANTOOR) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user ODETTEKANTOOR\R en O Office SID (S-1-5-21-98945357-699151374-1923595995-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/15/2018 07:59:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/15/2018 07:57:59 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (06/15/2018 07:55:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. CodeIntegrity: =================================== Date: 2018-06-14 18:03:53.119 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-14 18:03:32.955 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-14 18:03:29.987 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-14 18:03:16.965 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-06-14 18:03:16.756 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Celeron(R) CPU N2840 @ 2.16GHz Percentage of memory in use: 56% Total physical RAM: 3985.95 MB Available physical RAM: 1734.97 MB Total Virtual: 4689.95 MB Available Virtual: 1773.79 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:292.03 GB) (Free:197.27 GB) NTFS Drive f: (Data Disk) (Fixed) (Total:171.78 GB) (Free:132.45 GB) NTFS \\?\Volume{c9eb91f6-e6ee-44cf-bb3f-399a07f4cfeb}\ (WINRE) (Fixed) (Total:0.63 GB) (Free:0.38 GB) NTFS \\?\Volume{207f60aa-2195-450f-b7fc-2fc69cd9d5a2}\ () (Fixed) (Total:0.93 GB) (Free:0.36 GB) NTFS \\?\Volume{b8355d30-bca7-490b-9e13-abca173b48d8}\ () (Fixed) (Total:0.25 GB) (Free:0.13 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 159542BB) Partition: GPT. ==================== End of Addition.txt ============================