Solved Can't remove dwm.exe and indexer.exe in APPDATA folder

Y

YaySon

Posts: 28   +0
Antivirus always pops up with finding of either one of these two viruses. Both are located in my User folder and deleting them does nothing.
Already tried a full clean with Antivirus in safe mode which did find some files, but after I restarted my computer normally everything was there again.
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
FRST.exe

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2015
Ran by Tom (administrator) on TOMPC on 27-04-2015 00:35:43
Running from C:\Users\Tom\Desktop
Loaded Profiles: Tom (Available profiles: Tom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
() C:\Users\Tom\Local Settings\Apps\F.lux\flux.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Run: [F.lux] => C:\Users\Tom\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682656 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soundswitch.ahk [2014-05-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=
HKU\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=
HKU\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://at.msn.com/?ocid=iehp
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=
SearchScopes: HKU\S-1-5-21-516494932-2024577555-231657829-1000 -> URL http://search.conduit.com/Results.a...-4EEB-8E06-C0E63C708AFC&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-516494932-2024577555-231657829-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-516494932-2024577555-231657829-1000 -> {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/results.php?f=4...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-15] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-12-09] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Hosts: 127.0.0.1 activation.guitar-pro.com
 
FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cz8lbdcf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-12-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-12-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-516494932-2024577555-231657829-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Extension: Image Zoom - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cz8lbdcf.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-10-26]
FF Extension: Adblock Plus - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cz8lbdcf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-21]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321902&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP219831FF-3812-4EEB-8E06-C0E63C708AFC&SSPV=
CHR StartupUrls: Default -> "hxxp://metalstorm.net/events/news.php"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-13]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-13]
CHR Extension: (Tab Resize - split screen layouts) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2015-04-17]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2013-09-05]
CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-03-09]
CHR Extension: (LoL Stream Browser) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2013-01-13]
CHR Extension: (ZenMate) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-10-04]
CHR Extension: (BetaFish Adblocker) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-01-13]
CHR Extension: (Bookmark Manager) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Metallica 86) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhblnpecdeoibmlklmnbjaaaikghbehi [2013-09-26]
CHR Extension: (Google Mail Checker) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-01-13]
CHR Extension: (Ghostery) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-14]
CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Hover Zoom) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-01-13]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]
CHR HKLM\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Tom\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2013-07-27]
CHR HKLM-x32\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Tom\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [2013-07-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S4 iOSinstallerUpdater; C:\Program Files (x86)\iOSinstaller\updater.exe [165376 2015-04-08] (iOSinstaller.com) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-07] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-24] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 00:35 - 2015-04-27 00:35 - 00027669 _____ () C:\Users\Tom\Desktop\FRST.txt
2015-04-27 00:33 - 2015-04-27 00:35 - 00000000 ____D () C:\FRST
2015-04-27 00:33 - 2015-04-27 00:33 - 02101248 _____ (Farbar) C:\Users\Tom\Desktop\FRST64.exe
2015-04-26 19:30 - 2015-04-26 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2015-04-26 19:29 - 2015-04-26 19:30 - 15963960 _____ (Last.fm ) C:\Users\Tom\Downloads\Last.fm-2.1.37.exe
2015-04-26 13:57 - 2015-04-26 13:57 - 00013018 _____ () C:\Users\Tom\Downloads\guitar-pro-5-2-rse-full-%5Btorrentino%5D.torrent
2015-04-25 01:51 - 2015-04-25 01:51 - 00000000 _____ () C:\autoexec.bat
2015-04-24 19:40 - 2015-04-24 19:40 - 00000000 ____D () C:\Users\Tom\Desktop\crack
2015-04-24 18:48 - 2015-04-25 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KLC
2015-04-24 18:48 - 2015-04-24 18:48 - 00000000 ____D () C:\ProgramData\KLC
2015-04-24 18:48 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2015-04-24 18:48 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2015-04-24 18:48 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.TLB
2015-04-24 18:45 - 2015-04-24 18:45 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2015-04-24 18:40 - 2015-04-25 01:45 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 6
2015-04-24 18:35 - 2015-04-24 18:35 - 00000222 _____ () C:\Users\Tom\Desktop\Worms Clan Wars.url
2015-04-24 18:35 - 2015-04-24 18:35 - 00000222 _____ () C:\Users\Tom\Desktop\Parcel.url
2015-04-24 18:35 - 2015-04-24 18:35 - 00000222 _____ () C:\Users\Tom\Desktop\JumpJet Rex.url
2015-04-24 18:11 - 2015-04-24 18:12 - 00000000 ____D () C:\Program Files (x86)\MagicISO
2015-04-24 18:11 - 2015-04-24 18:11 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-04-24 18:11 - 2015-04-24 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-04-24 18:02 - 2015-04-24 18:02 - 00000000 ____D () C:\Program Files (x86)\Disc Soft
2015-04-24 18:01 - 2015-04-24 18:02 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-04-24 18:01 - 2015-04-24 18:01 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-04-24 17:57 - 2015-04-24 17:58 - 00000000 ____D () C:\Users\Tom\Downloads\Guitar Pro 6.0.1.7840 + Crack
2015-04-24 17:45 - 2015-04-24 17:45 - 00000222 _____ () C:\Users\Tom\Desktop\Spelunky.url
2015-04-24 17:30 - 2015-04-24 17:30 - 00059267 _____ () C:\Users\Tom\Downloads\Sodom - M-16 (Pro).gp5
2015-04-21 00:44 - 2015-04-21 01:06 - 00000080 _____ () C:\Users\Tom\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-21 00:44 - 2015-04-21 00:44 - 00000000 ____D () C:\Users\Tom\Documents\Rockstar Games
2015-04-21 00:44 - 2015-04-21 00:44 - 00000000 ____D () C:\Users\Tom\AppData\Local\Rockstar Games
2015-04-21 00:43 - 2015-04-21 00:43 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-21 00:43 - 2015-04-21 00:43 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-19 21:27 - 2015-04-19 21:27 - 01582736 _____ ( ) C:\Users\Tom\Downloads\cpu-z_1.72-en.exe
2015-04-19 21:27 - 2015-04-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-04-19 21:27 - 2015-04-19 21:27 - 00000000 ____D () C:\Program Files\CPUID
2015-04-14 21:47 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 21:47 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 21:47 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 21:47 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 21:47 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 21:47 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 21:47 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 21:47 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 21:47 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 21:47 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 21:47 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 21:47 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 21:47 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 21:47 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 21:47 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 21:47 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 21:47 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 21:47 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 21:47 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 21:46 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 21:46 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 21:46 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 21:46 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 21:46 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 21:46 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 21:46 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 21:46 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 21:46 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 21:46 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 21:46 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 21:46 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 21:46 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 21:46 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 21:46 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 21:46 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 21:46 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 21:46 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 21:46 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 21:46 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 21:46 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 21:46 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 21:46 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:46 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 21:46 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 21:46 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 21:46 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 21:46 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 21:46 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 21:46 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 21:46 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 21:46 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 21:46 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 21:46 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 21:46 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 21:46 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 21:46 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 21:46 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 21:46 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 21:46 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 21:46 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 21:46 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 21:46 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 21:46 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 21:46 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 21:46 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 21:46 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 21:46 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 21:46 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 21:46 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 21:46 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 21:46 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 21:46 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 21:46 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 21:46 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 21:46 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 21:46 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 21:46 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 21:46 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 21:46 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 21:46 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 21:46 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 21:46 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 21:46 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 21:46 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 21:46 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 21:46 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 21:46 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 21:46 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 21:46 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 21:46 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 21:46 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 21:46 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 21:46 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 21:46 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 21:46 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 21:46 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 21:46 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 21:46 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 21:46 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 21:44 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 21:44 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 21:44 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 19:34 - 2015-04-14 19:34 - 00000222 _____ () C:\Users\Tom\Desktop\Mortal Kombat X.url
2015-04-13 21:53 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-13 21:52 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-13 21:52 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-13 21:51 - 2015-04-13 21:51 - 00000000 __SHD () C:\Users\Tom\AppData\Local\EmieBrowserModeList
2015-04-12 22:23 - 2015-04-12 22:23 - 00000000 ____D () C:\ProgramData\Last.fm
2015-04-12 22:22 - 2015-04-12 22:23 - 00000000 ____D () C:\Users\Tom\AppData\Local\Last.fm
2015-04-12 22:18 - 2015-04-12 22:18 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-04-12 22:05 - 2015-04-12 22:05 - 00003213 _____ () C:\Users\Tom\Downloads\vpnht.ovpn
2015-04-12 21:49 - 2015-04-12 21:49 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-12 21:49 - 2015-04-12 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-12 21:49 - 2015-04-12 21:49 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-12 21:49 - 2015-04-12 21:49 - 00000000 ____D () C:\Program Files\iPod
2015-04-08 23:44 - 2015-04-21 01:07 - 00000231 _____ () C:\Users\Tom\Desktop\Grand Theft Auto V.url
2015-04-08 22:01 - 2015-04-08 22:01 - 00599941 _____ () C:\Users\Tom\Downloads\Taskbar Eliminator.zip
2015-04-08 21:14 - 2015-04-08 21:15 - 33986608 _____ () C:\Users\Tom\Downloads\iOS-Installer_Popcorn_Time-1.14.exe
2015-04-06 02:13 - 2015-04-06 02:15 - 00002805 _____ () C:\Users\Tom\Desktop\BL2 4P.lnk
2015-04-06 02:13 - 2015-04-06 02:15 - 00002805 _____ () C:\Users\Tom\Desktop\BL2 2P.lnk
2015-04-06 02:13 - 2015-04-06 02:14 - 00002805 _____ () C:\Users\Tom\Desktop\BL2 3P.lnk
2015-04-05 03:21 - 2015-04-05 03:22 - 00038912 _____ () C:\Users\Tom\Downloads\PCWNOBAR.z.exe
2015-04-05 02:20 - 2015-04-05 02:23 - 00000000 ____D () C:\Program Files\Sandboxie
2015-04-05 02:20 - 2015-04-05 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-04-05 02:04 - 2015-04-05 02:05 - 08883158 _____ () C:\Users\Tom\Downloads\Sandboxie 4.16 Final.rar
2015-04-05 01:33 - 2015-04-05 01:33 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 01:33 - 2015-04-05 01:33 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 01:31 - 2015-04-05 01:31 - 00000543 _____ () C:\Windows\NGO.cer
2015-04-05 01:16 - 2015-04-05 01:16 - 09564866 _____ () C:\Users\Tom\Downloads\Sandboxie.4.16.Final.zip
2015-04-05 00:07 - 2015-04-05 00:07 - 04281987 _____ () C:\Users\Tom\Downloads\Sandboxie 4.16(x64)+Crack.rar
2015-04-04 21:09 - 2015-04-04 21:09 - 00000000 ___RD () C:\Sandbox
2015-04-04 21:05 - 2015-04-26 21:34 - 00003726 _____ () C:\Windows\Sandboxie.ini
2015-04-04 21:02 - 2015-04-04 21:02 - 01203488 _____ () C:\Users\Tom\Downloads\Sandboxie - CHIP-Installer.exe
2015-03-31 01:54 - 2015-03-31 01:54 - 00000222 _____ () C:\Users\Tom\Desktop\Worms Armageddon.url
2015-03-31 01:54 - 2015-03-31 01:54 - 00000222 _____ () C:\Users\Tom\Desktop\TinyKeep.url
2015-03-31 01:54 - 2015-03-31 01:54 - 00000222 _____ () C:\Users\Tom\Desktop\ClusterPuck 99.url
2015-03-30 20:19 - 2015-03-30 20:19 - 00000000 ____D () C:\Users\Tom\AppData\Local\Frima_Studio
2015-03-30 15:46 - 2015-04-26 19:27 - 00000000 ____D () C:\Users\Tom\Documents\!BEWERBUNGSMAPPE
2015-03-28 22:02 - 2015-03-28 22:03 - 00000000 ____D () C:\Users\Tom\Documents\Giana Sisters - Twisted Dreams
2015-03-28 21:07 - 2015-03-28 21:07 - 00000221 _____ () C:\Users\Tom\Desktop\Worms Reloaded.url
2015-03-28 21:06 - 2015-03-28 21:06 - 00000221 _____ () C:\Users\Tom\Desktop\Worms Crazy Golf.url
2015-03-28 21:01 - 2015-03-28 21:01 - 00000222 _____ () C:\Users\Tom\Desktop\Giana Sisters Twisted Dreams.url
2015-03-28 21:01 - 2015-03-28 21:01 - 00000222 _____ () C:\Users\Tom\Desktop\Giana Sisters Twisted Dreams - Rise of the Owlverlord.url
2015-03-28 19:22 - 2015-03-28 19:22 - 00000222 _____ () C:\Users\Tom\Desktop\Apotheon.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 00:24 - 2013-01-13 23:36 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-27 00:11 - 2013-01-14 17:53 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
2015-04-26 23:57 - 2013-01-22 17:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-26 23:19 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-26 23:19 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-26 23:17 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-26 23:17 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-26 23:17 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-26 23:14 - 2013-01-13 23:15 - 01371811 _____ () C:\Windows\WindowsUpdate.log
2015-04-26 23:11 - 2013-01-21 23:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-26 23:11 - 2013-01-13 23:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-26 23:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-26 23:11 - 2009-07-14 06:51 - 00168993 _____ () C:\Windows\setupact.log
2015-04-26 22:21 - 2014-06-09 19:32 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TS3Client
2015-04-26 19:30 - 2013-08-25 18:37 - 00000000 ____D () C:\Program Files (x86)\Last.fm
2015-04-26 17:04 - 2013-09-08 23:22 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\uTorrent
2015-04-26 12:55 - 2013-08-15 16:42 - 00000000 ____D () C:\Users\Tom\AppData\Local\Adobe
2015-04-25 03:53 - 2013-01-13 23:41 - 00789888 _____ () C:\Windows\PFRO.log
2015-04-25 03:52 - 2013-01-14 17:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-25 01:50 - 2013-01-13 23:15 - 00000000 ____D () C:\Users\Tom
2015-04-20 18:02 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files (x86)\LoLBuilder.net App
2015-04-18 18:57 - 2013-01-14 17:53 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 02:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 02:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 00:18 - 2014-12-29 00:19 - 00000000 ____D () C:\Users\Tom\AppData\Local\Popcorn-Time
2015-04-16 19:25 - 2013-08-23 18:03 - 00001664 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk
2015-04-16 17:58 - 2015-01-08 21:50 - 00001061 _____ () C:\Users\Public\Desktop\LoLBuilder.net App.lnk
2015-04-16 17:58 - 2015-01-08 21:50 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Dazzleware
2015-04-16 17:58 - 2015-01-08 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-04-16 17:54 - 2014-12-13 12:11 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 17:54 - 2014-05-06 19:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 17:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 00:47 - 2013-08-17 19:38 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 00:46 - 2013-08-14 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 00:41 - 2013-01-14 00:27 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 23:58 - 2015-02-05 18:57 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 23:58 - 2013-01-22 17:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 23:58 - 2013-01-22 17:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 23:58 - 2013-01-22 17:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 21:54 - 2013-01-21 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-13 21:54 - 2013-01-21 23:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-13 21:51 - 2013-08-17 19:43 - 00000000 ____D () C:\Users\Tom\AppData\Local\NVIDIA
2015-04-12 22:18 - 2014-12-29 00:16 - 00000000 ____D () C:\Users\Tom\AppData\Local\Popcorn Time
2015-04-12 21:49 - 2015-02-20 15:52 - 00000000 ____D () C:\Program Files\iTunes
2015-04-12 21:49 - 2013-08-23 23:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-12 21:49 - 2013-08-23 23:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-09 23:43 - 2013-10-07 00:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 23:43 - 2013-08-15 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 23:43 - 2013-01-13 23:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 02:58 - 2014-11-12 19:08 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-09 02:58 - 2013-01-21 23:47 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-09 02:58 - 2013-01-21 23:46 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2013-01-21 23:46 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2013-01-21 23:45 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 02:58 - 2013-01-21 23:45 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-09 02:58 - 2012-09-28 16:28 - 00078480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 02:58 - 2012-09-28 16:28 - 00066704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2013-01-21 23:48 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2013-01-21 23:48 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-05 18:55 - 2014-06-08 16:30 - 00000000 ____D () C:\Users\Tom\AppData\Local\Spotify
2015-04-05 18:55 - 2014-06-08 16:29 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Spotify
2015-04-05 01:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-04 23:11 - 2014-11-29 18:59 - 00013245 _____ () C:\Windows\BRRBCOM.INI
2015-04-01 10:25 - 2013-01-13 23:38 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Avira
2015-04-01 10:25 - 2013-01-13 23:33 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 13:29 - 2014-10-10 16:38 - 00000132 _____ () C:\Users\Tom\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2015-03-31 11:37 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-28 22:38 - 2013-01-15 01:26 - 00354690 _____ () C:\Windows\DirectX.log
2015-03-28 20:36 - 2013-08-15 21:00 - 00000000 ____D () C:\Users\Tom\Documents\my games
2015-03-28 05:44 - 2014-08-05 21:38 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-10-28 20:25 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-08-05 21:38 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-10-28 20:25 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
 
==================== Files in the root of some directories =======

2014-10-10 16:40 - 2014-10-10 16:40 - 0000132 _____ () C:\Users\Tom\AppData\Roaming\Adobe GIF-Format CC - Voreinstellungen
2014-10-10 16:39 - 2014-10-10 16:39 - 0000132 _____ () C:\Users\Tom\AppData\Roaming\Adobe IllExport-Filter CC - Voreinstellungen
2014-10-10 16:38 - 2015-03-31 13:29 - 0000132 _____ () C:\Users\Tom\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-06-24 15:16 - 2014-09-20 20:26 - 0000034 _____ () C:\Users\Tom\AppData\Roaming\AdobeWLCMCache.dat
2013-09-16 19:37 - 2013-09-23 11:54 - 0011477 _____ () C:\Users\Tom\AppData\Roaming\LogBuch.txt
2013-09-14 15:29 - 2013-09-23 11:56 - 0003129 _____ () C:\Users\Tom\AppData\Roaming\PData.MM1
2013-09-14 15:29 - 2013-09-23 11:56 - 0003129 _____ () C:\Users\Tom\AppData\Roaming\PData.MMM
2014-06-01 17:50 - 2015-01-03 16:00 - 0005136 _____ () C:\Users\Tom\AppData\Roaming\SpeedRunnersLog.txt
2014-12-07 20:12 - 2014-12-07 20:20 - 0001456 _____ () C:\Users\Tom\AppData\Local\Adobe Für Web speichern 13.0 Prefs

Some content of TEMP:
====================
C:\Users\Tom\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Tom\AppData\Local\Temp\amazonicon_v6.exe
C:\Users\Tom\AppData\Local\Temp\amazoninstallernircmdc.exe
C:\Users\Tom\AppData\Local\Temp\AskSLib.dll
C:\Users\Tom\AppData\Local\Temp\avgnt.exe
C:\Users\Tom\AppData\Local\Temp\bassmod.dll
C:\Users\Tom\AppData\Local\Temp\bitool.dll
C:\Users\Tom\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Tom\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Tom\AppData\Local\Temp\DivXSetup.exe
C:\Users\Tom\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Tom\AppData\Local\Temp\drm_dyndata_7400005.dll
C:\Users\Tom\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Tom\AppData\Local\Temp\mdi064.dll
C:\Users\Tom\AppData\Local\Temp\npp.6.6.6.Installer.exe
C:\Users\Tom\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\Tom\AppData\Local\Temp\npp.6.7.5.Installer.exe
C:\Users\Tom\AppData\Local\Temp\nsb30A8.exe
C:\Users\Tom\AppData\Local\Temp\nsb4A43.exe
C:\Users\Tom\AppData\Local\Temp\nsf8877.exe
C:\Users\Tom\AppData\Local\Temp\nsl2E27.exe
C:\Users\Tom\AppData\Local\Temp\nsw4CE3.exe
C:\Users\Tom\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Tom\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Tom\AppData\Local\Temp\nvStInst.exe
C:\Users\Tom\AppData\Local\Temp\ose00000.exe
C:\Users\Tom\AppData\Local\Temp\RSPUpgradeInstaller.exe
C:\Users\Tom\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Tom\AppData\Local\Temp\sdapskill.exe
C:\Users\Tom\AppData\Local\Temp\sdaspwn.exe
C:\Users\Tom\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Tom\AppData\Local\Temp\sfextra.dll
C:\Users\Tom\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Tom\AppData\Local\Temp\sonarinst.exe
C:\Users\Tom\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\Tom\AppData\Local\Temp\Unlocker1.9.2.exe
C:\Users\Tom\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Tom\AppData\Local\Temp\_is82E6.exe
C:\Users\Tom\AppData\Local\Temp\_isD078.exe
C:\Users\Tom\AppData\Local\Temp\_isF833.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-17 02:27

==================== End Of Log ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2015
Ran by Tom at 2015-04-27 00:36:16
Running from C:\Users\Tom\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-516494932-2024577555-231657829-500 - Administrator - Disabled)
Gast (S-1-5-21-516494932-2024577555-231657829-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-516494932-2024577555-231657829-1003 - Limited - Enabled)
Tom (S-1-5-21-516494932-2024577555-231657829-1000 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@Bios (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
µTorrent (HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
About Love, Hate and the other ones (HKLM-x32\...\Steam App 277680) (Version: - Black Pants Studio)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Apotheon (HKLM-x32\...\Steam App 208750) (Version: - Alientrap)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Bejeweled 3 (HKLM-x32\...\Steam App 78000) (Version: - PopCap Games, Inc.)
Bleed (HKLM-x32\...\Steam App 239800) (Version: - Ian Campbell)
Bloody Trapland (HKLM-x32\...\Steam App 257750) (Version: - 2Play)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia)
Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
Chariot (HKLM-x32\...\Steam App 319450) (Version: - Frima Studio)
Chompy Chomp Chomp (HKLM-x32\...\Steam App 292570) (Version: - Utopian World of Sandwiches)
ClusterPuck 99 (HKLM-x32\...\Steam App 337960) (Version: - PHL Collective)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version: - Vigil Games)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
F.lux (HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Flux) (Version: - )
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)
Flatout 3 (HKLM-x32\...\Steam App 201510) (Version: - Team 6 Studios)
Friendship Club (HKLM-x32\...\Steam App 332760) (Version: - Force Of Habit)
GameRanger (HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\GameRanger) (Version: - GameRanger Technologies)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version: - Boneloaf)
Giana Sisters: Twisted Dreams - Rise of the Owlverlord (HKLM-x32\...\Steam App 246960) (Version: - Black Forest Games)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version: - Black Forest Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version: - Codemasters Racing)
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version: - NetherRealm Studios)
iOSinstaller (HKLM-x32\...\iOSinstaller) (Version: - iosinstaller.com)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
JumpJet Rex (HKLM-x32\...\Steam App 329460) (Version: - TreeFortress Games)
Lara Croft and the Guardian of Light (HKLM-x32\...\Steam App 35130) (Version: - Crystal Dynamics)
Lara Croft and the Temple of Osiris (HKLM-x32\...\Steam App 289690) (Version: - Crystal Dynamics)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Legend of Dungeon (HKLM-x32\...\Steam App 238280) (Version: - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
Lords Of The Fallen (HKLM-x32\...\Steam App 265300) (Version: - CI Games)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Megabyte Punch (HKLM-x32\...\Steam App 248550) (Version: - Team Reptile)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios)
Mortal Kombat X (HKLM-x32\...\Steam App 307780) (Version: - NetherRealm Studios)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version: - Messhof)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller-Treiber 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Parcel (HKLM-x32\...\Steam App 316080) (Version: - Polar Bunny Ltd)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version: - Zen Studios)
Pressure (HKLM-x32\...\Steam App 224220) (Version: - Chasing Carrots)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Rocketbirds: Hardboiled Chicken (HKLM-x32\...\Steam App 215510) (Version: - Ratloop Asia)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version: - Crytek)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Scansoft PDF Professional (x32 Version: - ) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version: - Devil's Details)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Split/Second (HKLM-x32\...\Steam App 297860) (Version: - Black Rock Studio)
Spotify (HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Street Fighter X Tekken (HKLM-x32\...\Steam App 209120) (Version: - Capcom U.S.A., Inc.)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version: - FireFly Studios)
Stronghold Crusader HD (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Cave (HKLM-x32\...\Steam App 221810) (Version: - Double Fine Productions)
The Crew (HKLM-x32\...\Steam App 241560) (Version: - Ivory Tower in collaboration with Ubisoft Reflections)
TinyKeep (HKLM-x32\...\Steam App 278620) (Version: - Phigames)
TRISTOY (HKLM-x32\...\Steam App 303260) (Version: - Uniworlds Game Studios)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd)
Worms Crazy Golf (HKLM-x32\...\Steam App 70620) (Version: - Team17 Software Ltd.)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Software Ltd.)
Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version: - Team17 Software Ltd.)
 
==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-516494932-2024577555-231657829-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

==================== Restore Points =========================

ATTENTION: System Restore is disabled.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-04-24 19:01 - 00000861 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.guitar-pro.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05A0D95A-5E93-4908-A65F-5B7775E18C71} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {1EF385C0-7639-4235-808F-C8025967350D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {6D6EC657-3E76-42F1-825B-95B236472509} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6E0C17BA-FA34-47A4-8A80-5B1A3CC14194} - System32\Tasks\AdobeAAMUpdater-1.0-TOMPC-Tom => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {757DC163-F415-465D-B18D-4CA45CB56DDF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13] (Google Inc.)
Task: {849008D2-3025-40C0-8BF9-3E2C87479983} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9E3144F1-BD3B-46BC-B29F-9C974821E82F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {A0DD2A05-C8C8-4684-9679-6F8895E22E51} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {BF44A012-7054-4904-A194-8D15C125717C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13] (Google Inc.)
Task: {C250B55E-85AE-4BC0-900B-439567E17DBA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {CB51F8FA-BA08-4EDB-BB81-787823DEE043} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {DBF1025D-7B64-4DE0-9D14-2DBF74DC6697} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E00F61E2-BDC0-43CA-B2E7-9C5EDF5BE357} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {E06CEFE9-798C-4CE4-84EF-DD641E8AEA87} - System32\Tasks\{7C8AD38A-B998-4356-ACC9-1660F7E0869E} => pcalua.exe -a "C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Dependencies\dotnetfx35.exe" -d "C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Dependencies"
Task: {E1E307F8-3B92-48DC-ACB3-DE5FA26C5A9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {F7EE0A96-4BFA-471A-AE93-458774E637E9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2013-01-21 23:48 - 2015-04-08 23:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-26 14:41 - 2014-09-26 14:41 - 01021088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-09 21:32 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-07 00:18 - 2013-10-07 00:18 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-11-29 18:58 - 2005-04-22 06:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-10-14 20:02 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2009-08-29 08:00 - 2009-08-29 08:00 - 00966656 _____ () C:\Users\Tom\Local Settings\Apps\F.lux\flux.exe
2009-09-25 20:57 - 2009-09-25 20:57 - 00245248 _____ () C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
2015-03-30 20:04 - 2015-03-28 05:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2015-04-16 18:27 - 2015-04-13 23:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-16 18:27 - 2015-04-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\skype.com -> hxxps://apps.skype.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-516494932-2024577555-231657829-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Disc Soft Lite Bus Service => 3
MSCONFIG\Services: iOSinstallerUpdater => 2
MSCONFIG\startupfolder: C:^Users^Tom^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter4 => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe
MSCONFIG\startupreg: GoogleChromeAutoLaunch_F6A43803F41C0EE8AA9068339E55A010 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: IndexSearch => "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: ISUSPM => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PDF5 Registry Controller => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
MSCONFIG\startupreg: PDFHook => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Tom\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Tom\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: tsiVideo => C:\Windows\SysWOW64\rundll32.exe C:\Users\Tom\AppData\Local\Temp\\mdi064.dll,asdasd
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
 
==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [{5849D08B-D6DA-4218-B3E6-9E7A29FF0BA9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{486D6FEE-EDAB-4BD4-81D8-88C6E5E687EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB525F24-FF8C-491A-AA24-C2740957611A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{44297FC4-C0C8-46F9-B625-60176F466C18}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [UDP Query User{6863F01D-C1ED-4639-A153-BB40B43B978B}C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [{3547DD18-1708-4716-8ED2-1DF23EDD69CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{3307D2EE-74E5-4FD3-9D9F-B47D737B9F34}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{2A977659-0BD8-4C59-8DB4-C7D521DC4A69}] => (Allow) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
FirewallRules: [{60868BFF-5AE9-4FCE-BD59-AAC78AF5F3DD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{41697BCF-4BC6-40A5-9A83-BED7293E62AD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3CF19728-613F-4FF2-B99D-CA87BABE23EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2AFD5658-12DB-4D4D-94BF-623C7AD87BFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{48FFFC6B-133E-4163-BD87-69166553043D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B2DB016-AB4E-4468-86A3-BE46B56ADCA2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FEBDB75F-28FA-4A7B-8ACD-BAA9E98944E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7BFA28DB-7AB8-4457-B5DB-B0D34EC58842}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AAC5A090-83B1-4CE5-BBE4-DF869902DF12}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{4E8CDBC5-143D-481F-A0F8-79E2C92752D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{1ED320BC-611F-41E3-829E-DA96F73AA195}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{3E1A2862-73D1-48A7-8D28-51712C57C4D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AE687434-B132-4772-A098-8523B610B45C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{648F18C1-83F9-4FE1-A1B7-7DFFA5DDD697}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3BD7C268-0DCB-4F18-98DF-F1F08E4F5612}] => (Allow) C:\Users\Tom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9C669ABA-5CA3-43BF-8403-03D6045AFAD3}] => (Allow) C:\Users\Tom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FA80298F-F43A-4DA9-AAC5-D1E1EC125DAF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{C589DFBA-DBA0-4F93-AE9D-A393A34D57F2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{056B038E-FE40-4EEE-B539-2D3F9B2814FD}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DF24277C-8638-4779-A17E-390195706AF4}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{5393B951-07A5-40C1-AAB3-C3D7B1782B3F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5A7EB6AE-EB2F-4D01-A95C-F85B7671A50B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7972879E-5865-4CEA-B1CD-8EB464019EE0}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{80D3516D-04C2-403F-A56C-1F18FB86E281}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0A936A13-CF4A-46A4-8624-184B6F8222E7}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{86BAAD9E-8F48-4CCF-8725-F4065B699C44}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{B8D81E21-A26D-42A4-886B-25C303D7D8D9}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe
FirewallRules: [{45E06A31-53A6-4333-A3F5-DFC631B1743F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4 Beta\bf4.exe
FirewallRules: [{EBEFFCA7-B89C-4DFC-9B62-071F8467765F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{DAB744A5-3FD7-4D65-AA61-8529E04BF09D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{7E04CBC1-1C56-45A9-AB88-A4C5F466470A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4A2FEB05-587B-421B-8AD6-40947036A677}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{EF12CC6C-13A9-488B-8F54-C991E18D9673}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F39DAF64-2089-4903-9D83-F6F53089629F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{3145DA3D-BEFE-43DE-B993-5292271BC4F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{08828467-9B6F-4156-9F27-E170A55B017D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{A50659FB-2004-488E-A174-4A515B6F5AB3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B7E508A4-113F-430A-8401-4011D477A661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F8935FF6-00F7-4DB5-87C1-FA7EDE8BA863}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{C3C5FA9E-13E0-428C-B219-2059BB88E1BC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{09851D39-36BF-4EE5-B6E4-C1BE699F8D20}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C230DB6A-55B5-496F-9F36-9A592A7AD41D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C3EA65FA-D843-4CCD-80D2-C380660E8F4A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B14638B2-EC88-44F9-895C-67BF58360A86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A19F160D-068E-4913-8A1D-2A536B9483E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{1D7E5E7E-3C47-4F80-B437-3BC9F4036147}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{107CE869-9D23-4124-AB76-368BB860E4A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{73EEBC08-96C4-4B81-AE87-AD661E9F0E11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{9BB392DC-494D-48E5-A6A0-01BD3C61C702}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A883F5B0-41E1-4429-9801-CEE7C70A1BAA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{87FA7598-7FD2-449C-B669-FE72346FF2B6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BFBA487A-7765-496C-B1AA-33C5985DC0A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{04434E3D-7FA3-48EF-BC39-48DF32EDD9E9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7E2A3A50-9216-4FD9-BE12-31644BB03A95}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D2849388-05F6-4D45-B17F-1F79180BACC0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{A2429BB4-D0B8-4CCD-ABF2-B5BEEB86AD2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{3EB48EA9-7B7B-44C2-9A80-10E4883EC9C3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{AD0F01CB-179D-44DC-83F8-7A429D32813C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{619CE71C-3978-4D4B-A670-A77394548C4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{6958EAA2-49DC-4DED-8606-A8EC1B47FC68}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{059AE677-1E3A-4703-A623-ECC481E5FDB1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{66E262E4-CE5B-4FFA-B3BF-636E839C5B5D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{DA89BF8F-EE83-4D6D-9E0B-8364E116E9C4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{080EE83D-93CE-4580-987B-EF9B2BB1D48B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{822C948A-2FAE-4FE3-8A02-0B9847EC23CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{290B5BC4-AEFF-4454-BA46-8A682514C305}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C56ED539-2FD6-49F8-AD53-082CF9E022B7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EFFAF63B-A9A5-4428-B703-677494D8C0E3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{55DD5072-9147-4AEC-90A1-195387D392C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{BAE6D6FF-1445-494B-AE3C-A8D1395C6624}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A141AFF6-E1B4-4833-B19C-CCCBBD66F90C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4F93B4F8-CA78-4FA3-888C-04ACACC8AA96}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{C837A47A-4C7A-4B8E-9A54-B49EEF8AC2C2}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{12EE2D93-014B-4668-BE1C-CE130AAA25DB}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{CFD44ACD-EFB1-4171-B49E-DC3620F93C33}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{3BB24265-B8E3-4769-BBA8-F96202B4798F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SpeedRunners\SpeedRunners.exe
FirewallRules: [{A7EA0441-1F97-41F7-865F-31C3DDE35345}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dollar Dash\Binaries\Win32\PKGame-Win32-Shipping.exe
FirewallRules: [{114F98A4-356C-4A00-AB40-4592B2D4922D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dollar Dash\Binaries\Win32\PKGame-Win32-Shipping.exe
FirewallRules: [{522029E2-47C3-44B4-BC4B-B1A26949FE5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{16EB3239-348E-4641-8682-7375C717D62B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [TCP Query User{89062C75-2B7E-42A7-99A5-B44C7F057095}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tom\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DB2D7B91-EF35-46FA-9474-1997B285F46A}C:\users\tom\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tom\appdata\roaming\spotify\spotify.exe
FirewallRules: [{9C71B6B0-7266-4D31-87AE-7EE04C6C0D5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{7DDBAD73-0D36-4C1F-A3F8-13D401093171}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Viscera Cleanup Detail Shadow Warrior\Binaries\Win64\UDK.exe
FirewallRules: [{607C8880-F140-470C-8784-FD6B98E328A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{2CB102A9-3F2D-4CF0-92AC-AFFE1A34743D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{24571384-42AE-4327-A8EE-BBE8C184A7AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{7A3BB96D-6B3D-4FCE-BE2C-5EA0B4540CA6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MortalKombat_KompleteEdition\DiscContentPC\MKLauncher.exe
FirewallRules: [{A6E48BCC-5B36-44AF-BAE8-A4F81E9D6C10}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{38C9373B-D174-46C3-935C-1217CB735541}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1791D99D-7FC5-44CC-B4F7-C858794FA70F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{3E5C127C-C618-4AF3-A1DA-A65ED0EED941}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{4BC1F018-FFE6-4D44-8282-A300D7F81E0F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{084DF21B-3334-4646-8D84-F9092FED2B1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader 2\bin\win32_release\Crusader2.exe
FirewallRules: [{5BAD98E5-418B-4897-9813-381DC63CEEAD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{28FFFBEB-4C86-4F98-BCA8-1F15692A5E2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{4689BEB7-B473-4660-8B12-6E31FB74570C}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{9F89C591-DFED-4CB3-9D1B-6FDCCD591A88}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{1A01EE13-D02D-4540-B942-A7DB64FDB701}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SplitSecond\SplitSecond.exe
FirewallRules: [{43639FA5-05F2-42A9-8FFA-47588A0025D3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\SplitSecond\SplitSecond.exe
FirewallRules: [{A0A510BB-8A41-4C48-98C7-2128021F7F49}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{F4CB4D81-9405-49CA-9D3B-020E0202CD3D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Borderlands\Binaries\Borderlands.exe
FirewallRules: [{FCC89403-2F4C-404C-AAED-D72DAD816507}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe
FirewallRules: [{913EC9A3-4C3C-463C-A9CD-32377FF07194}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe
FirewallRules: [{4B61A11A-48B2-42A7-A9B7-426BCF60844B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ryse Son of Rome\Bin64\Ryse.exe
FirewallRules: [{09940C00-64C3-4D73-96B7-00DAA7E436F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ryse Son of Rome\Bin64\Ryse.exe
FirewallRules: [{0499D7CB-EB25-4099-8AD7-619A561C8825}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chompy Chomp Chomp\ChompyChompChomp.exe
FirewallRules: [{E34DBE64-40D6-4C5B-AAC8-2B7F3237A53B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chompy Chomp Chomp\ChompyChompChomp.exe
FirewallRules: [{FC975601-220E-4937-9982-21A04C6C2CEE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{777F4A7D-AEB2-46F3-96D4-A06C4BC88487}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{61671562-689A-4388-B443-8FBA641B900D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{1578AB70-3D57-46DF-8920-E799C96A42D2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{BE4C5E8A-1DE9-4B40-8878-B370D4D70B5A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4DDCDC1A-CE5E-4013-99BE-490F42234FF8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BF3E1F21-E765-4DC6-A42C-7905F6EC2D90}] => (Allow) C:\Program Files (x86)\Brother\Brmfl13c\FAXRX.EXE
FirewallRules: [{81F7F257-714A-4FDC-AE55-B554C093BB3A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Crew\TheCrew.exe
FirewallRules: [{DB3B5971-CF36-45C8-8737-55C7A205A9F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Crew\TheCrew.exe
FirewallRules: [{37D6D266-D5CF-4AD2-A013-E8557967D58A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{0EAC3792-C446-4AE0-9672-1019EF9AB6FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Darksiders 2\Darksiders2.exe
FirewallRules: [{83877946-C10D-4550-9652-72DD919533FD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Flatout 3\Flatout.exe
FirewallRules: [{BD3F4544-42BF-46E6-A8AD-6CE60AD52225}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Flatout 3\Flatout.exe
FirewallRules: [{C31216A6-0B77-490B-BC65-3D433E648FE3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DiRT Showdown\showdown.exe
FirewallRules: [{0DD16675-1A10-405B-AFD8-0A9470FC7B7F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DiRT Showdown\showdown.exe
FirewallRules: [TCP Query User{C471439D-C23B-49A6-A8EE-6B25DBEB1C4F}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [UDP Query User{230540CB-55AC-42B1-B5DB-4198EA482037}C:\program files (x86)\gigabyte\@bios\gwflash.exe] => (Allow) C:\program files (x86)\gigabyte\@bios\gwflash.exe
FirewallRules: [{D83D1BA4-BBA7-4F21-88C1-CC5B454D977F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{72B1AFD8-89B3-4223-BF4E-B9C9ED964CE3}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E656452D-4082-4FAD-9FC7-0080933433B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BE0A0505-BD20-41FC-ABF7-9CE3CBE50099}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{5C8F53B2-571A-4A57-8C03-83656D104FFB}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{47DDFCF6-B377-4C29-9684-4D55FB7C1F43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\About Love Hate and the other ones\bin32\loveandhate.exe
FirewallRules: [{DA5FD3B7-7FB6-499F-A5C8-81BB0EBCE385}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\About Love Hate and the other ones\bin32\loveandhate.exe
FirewallRules: [{6D288652-28FD-44AA-8912-96C4BDF97B09}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8F14DA1C-9B7C-4E4C-BAB9-BB28DA11D046}] => (Allow) C:\Program Files (x86)\Origin Games\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [TCP Query User{E600F7E9-FDA8-45F6-A651-5F30803C8C49}C:\users\tom\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\tom\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{FEF44B99-2A7E-4CDB-AD5C-7B594AA14B53}C:\users\tom\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\tom\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{26026479-07BE-454B-8DBD-A10932E09548}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{FA6F0438-65EC-4676-BF1D-2AAC3F018432}C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{B2572D28-F906-4AA6-A66E-D7C91487E4EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{9E38C611-5AFD-4536-86ED-A8C6CCE28B24}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{C0DA0B08-BA8D-43AC-8C7B-0E0938AA45FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\Bloody Trapland.exe
FirewallRules: [{66FC926F-C79B-43C2-85EB-E2774A66059B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bloody Trapland\Bloody Trapland.exe
FirewallRules: [{BA23D611-5E45-4B86-B496-471380BDA371}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{847BDD6C-E4C4-4604-8B0A-7F0E71CA48E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\CastleCrashers\castle.exe
FirewallRules: [{798067C9-8186-4BFF-9EAD-48CE0DEB4754}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{48D4A1BF-DD60-4B0B-B95C-F494BF2421CD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Monaco\MONACO.exe
FirewallRules: [{28FF9FE2-8078-4E1F-8522-6B9BEC774F96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guacamelee\Guac.exe
FirewallRules: [{46D918D2-247B-412A-9030-0D4C5C169038}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Guacamelee\Guac.exe
FirewallRules: [{FF8775BC-B3D7-4735-9ACE-4B14585FADC8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{71CEF0F4-051A-4AD6-A7FD-837972FE89F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{C7521194-83B3-4440-98B8-FDE210C5AA72}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{C0E048F8-B7A9-4AB1-8AF8-D91152916F4B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{560BA2A6-EC63-4712-9E76-F8B127B4372C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{1097523A-BE33-47D2-BC1D-FF186BA2B057}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{56954659-07B9-42C0-90F0-4AF239A8821F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Generations\SonicGenerations.exe
FirewallRules: [{96933202-7FC7-4BC9-AB0D-2B6F9D686986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Generations\SonicGenerations.exe
FirewallRules: [{E8DA5D1E-03C0-41A5-9730-72442E1E3D5B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Generations\ConfigurationTool.exe
FirewallRules: [{8C3E1A10-2BCC-4516-96E9-68EB06B3FACC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sonic Generations\ConfigurationTool.exe
FirewallRules: [{11F8123E-E2BA-4CDE-A54F-F1549D4593E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{82DD0AF5-3BBB-43EC-BDAF-BDC162810BCB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{AE15200E-3E04-4E7F-8357-957C57A20FEC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketbirds_hardboiled\Game.exe
FirewallRules: [{89552ACB-4B52-47B7-A3C8-834D42FC5BC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\rocketbirds_hardboiled\Game.exe
FirewallRules: [{9413621A-CB67-40C8-9667-B5F07B204D82}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{BBAE8E13-8F87-4F75-ADBA-AD4271342F43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsXHD\Launcher.exe
FirewallRules: [{55213E23-10C2-4A7D-813A-14D9A14C3CF6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GRID Autosport\GRIDAutosport.exe
FirewallRules: [{DE358CE6-61D8-41E3-9C02-C764C2DF9384}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GRID Autosport\GRIDAutosport.exe
FirewallRules: [{2B701467-6887-467A-A892-817066FB5E26}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Street Fighter X Tekken\SFTK.exe
FirewallRules: [{7D33DD76-9227-4469-BFF8-51BFCEB680D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Street Fighter X Tekken\SFTK.exe
FirewallRules: [{30FB89BF-0FE2-4432-ACB3-B7A15C60E9BE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{3139686E-131A-4D20-8D11-B535CB73BC55}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\Injustice.exe
FirewallRules: [{4AD5C8B7-C55C-419B-9D58-F6E68DE5C305}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{034AA163-83A7-4C51-9F80-CFEB0E760334}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\InjusticeGodsAmongUs_UltimateEdition\DiscContentPCG\InjusticeLauncher.exe
FirewallRules: [{3DE5555A-4A41-4D8F-9811-611F1E7B6015}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MegabytePunch\MegabytePunch.exe
FirewallRules: [{0EFB4910-2F74-4571-A904-6A33AF904695}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MegabytePunch\MegabytePunch.exe
FirewallRules: [{B8585A6A-B025-4429-8EB9-B0D92C7557BB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{9542BFDF-690D-47C5-BD23-3F7303F2E771}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gang Beasts\Gang Beasts.exe
FirewallRules: [{AE2501AC-BF6F-46FF-A02C-327A8E82A919}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheCave\Cave.exe
FirewallRules: [{D75FEE53-4A5C-4142-A743-23BB42D3C6ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheCave\Cave.exe
FirewallRules: [{5449067E-912B-45CC-82CE-CDBF4B1715E1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chariot\Chariot.exe
FirewallRules: [{15FEC1D8-F2EC-41D0-811A-39DC9F94306C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Chariot\Chariot.exe
FirewallRules: [{E0B71988-A122-463C-97FE-79993B0C4469}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{91ED868B-EE3D-4CC5-B18D-3037E3683A51}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [TCP Query User{0E3A0A14-1E65-46F6-8708-3E68E022D8AD}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{04808A27-9A27-4E46-B64D-576F6B0D78A4}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{57A4E97A-5272-44CE-8156-E9507B62C1E3}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{257FC23F-2319-40BA-87C8-C5693DEADCAA}C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{38C5B4E0-F041-43BA-B3AD-CB3B0C543523}] => (Block) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{A5C21595-3370-436F-B012-6313209B3A37}] => (Block) C:\program files (x86)\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [TCP Query User{85CA12E8-58A2-4C38-93A4-E163BD5F1CDC}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{5A45371F-6A07-44CA-A0AF-06FC5541C97A}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{36C4016F-9BEA-43BD-9422-3CD3D6CB0C64}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{25470F9E-318A-4A89-B7CB-EE8717DE6A35}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{80C2DDF5-D83B-488A-AFC8-E8AA635C6F5F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lara Croft and the Guardian of Light\lcgol.exe
FirewallRules: [{E38BDAE1-FEFE-4A60-A47E-527B9AAE1472}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lara Croft and the Guardian of Light\lcgol.exe
FirewallRules: [{4BA696B7-304B-4D34-B981-DB408787B1DE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lara Croft and the Temple of Osiris\LC2.exe
FirewallRules: [{69C74EE4-559C-4A0E-B19D-DA68545A2AF3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Lara Croft and the Temple of Osiris\LC2.exe
FirewallRules: [{00EA4A30-73B0-4CE8-9237-316C46F78B69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{80A84F71-DB5A-44DA-BB55-9BCB3638A8B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{7BAE47C2-CAC2-4F40-A274-027E0E2E3182}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{0F56F79C-8834-4C60-A1FB-FB642C2562BC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Magicka\Magicka.exe
FirewallRules: [{DBE32FBE-2F71-4E7A-B2E1-848782A5D7A2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tristoy\TRISTOY.exe
FirewallRules: [{41657DF1-500D-440E-9E9C-1B6F0A98E425}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tristoy\TRISTOY.exe
FirewallRules: [{38298352-7AB7-424E-8ADB-B22572934071}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\pressure\bin\pressure.exe
FirewallRules: [{99B26786-9CC5-44EB-B1E4-B705A938170E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\pressure\bin\pressure.exe
FirewallRules: [{FD8471EA-1131-46B9-8152-C5F0B5D9775C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LegendofDungeon\LegendofDungeon.exe
FirewallRules: [{94FFC567-217A-46DE-A15E-92520488A6DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LegendofDungeon\LegendofDungeon.exe
FirewallRules: [{4C200089-EDC7-467F-879F-09C0DE731987}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LegendofDungeon\LegendofDungeon_DirectToRift.exe
FirewallRules: [{6940C8D1-5C8D-4883-A7FC-DCB78DC1DAA7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\LegendofDungeon\LegendofDungeon_DirectToRift.exe
FirewallRules: [{881A9207-E07F-4659-BE11-641CF3455F81}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Friendship Club\friendshipclub.exe
FirewallRules: [{390E71BD-DF59-4075-83AB-718643DE869B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Friendship Club\friendshipclub.exe
FirewallRules: [{ED91E7AD-8A22-4C24-805C-8E367453F985}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{FBC43726-C5ED-41EB-9EBF-176EA9C72881}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Bleed\Bleed.exe
FirewallRules: [{3F883F31-1C40-4203-A61A-3FD28748325E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Apotheon\Apotheon.exe
FirewallRules: [{3440EE71-BAD0-4CCD-B7D4-3D3DF4700B99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Apotheon\Apotheon.exe
FirewallRules: [{549D91B9-FDC9-4FA4-BBAD-234177FFF8EB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Giana Sisters Twisted Dreams\launcher\GSLauncher.exe
FirewallRules: [{02AE71D3-D70C-444A-A374-C74DEDC3EA22}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Giana Sisters Twisted Dreams\launcher\GSLauncher.exe
FirewallRules: [TCP Query User{58BCD544-7692-4CE5-AE6C-2FCA136F8FD4}C:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe
FirewallRules: [UDP Query User{5C30A67F-5187-4D59-9FE6-4A8FAD915F24}C:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe
FirewallRules: [{56CBDAD9-4792-45D8-8403-C14452DDD698}] => (Block) C:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe
FirewallRules: [{774B27A2-E150-4CB7-89AC-DBFC0B134B09}] => (Block) C:\program files (x86)\steam\steamapps\common\giana sisters twisted dreams\gsgameexe.exe
FirewallRules: [{08B0F0B5-949E-4013-BBCF-E530A97F5545}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GSTD - Rise of the Owlverlord\launcher\GSLauncher.exe
FirewallRules: [{CF5DBF6C-FB76-497D-89D7-9914AB126477}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GSTD - Rise of the Owlverlord\launcher\GSLauncher.exe
FirewallRules: [{22861F10-8065-48E5-8150-312261895FF6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsGolf2010\WormsCrazyGolf.exe
FirewallRules: [{A2AFA262-A9C7-4D2C-AC88-983783FA599E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\WormsGolf2010\WormsCrazyGolf.exe
FirewallRules: [{8386D495-504D-46C7-A73E-591659E78616}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{CE546949-2CB3-45CC-B76B-133F1FFE5974}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{2F71DB35-B7C4-47C1-80C2-87AA0E5616CA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Armageddon\WA.exe
FirewallRules: [{B68E2004-72F9-4A9A-BB04-6D6E5CAA46C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Armageddon\WA.exe
FirewallRules: [{A53AFAA2-1706-49E8-A8C4-7E42B609E3EF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TinyKeep\TinyKeep.exe
FirewallRules: [{626100B0-49D9-4060-8324-EC6DD794B6FA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TinyKeep\TinyKeep.exe
FirewallRules: [{C301667A-310D-4D77-AA9D-C14772F25236}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ClusterPuck 99\ClusterPuck99.exe
FirewallRules: [{7813973F-A659-45C1-BAF5-E521FC4595CB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\ClusterPuck 99\ClusterPuck99.exe
FirewallRules: [{21E12CB3-0E33-4FF7-B2DB-A991E67577D0}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
FirewallRules: [{32AAFE15-2998-4CCD-9A9D-66C60B7289B5}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
FirewallRules: [{E7AEAE73-DE94-4F10-92EF-44010342DDEF}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
FirewallRules: [{BB5E8082-F1CD-498F-839E-848F31035FA5}] => (Allow) C:\Program Files (x86)\iOSinstaller\iOSinstaller.exe
FirewallRules: [{C4C46B2D-2D8A-466A-9411-C5818C4951FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8F6D79A3-0FB4-4D72-8A8C-CC978D7816D5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{BD7AD2F5-61B4-4E77-8A8E-D8316ECAC079}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MK10.exe
FirewallRules: [{46BDD677-5CEA-4371-9F84-7BFBAD553AD6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{E4156140-22FB-4687-8D10-A21F5E2321C5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MK10\Binaries\Retail\MKXLauncher.exe
FirewallRules: [{8B03146A-4CDB-4FB8-A45B-7B1493CD09BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{48F87910-FEE9-46EF-81CA-DE6CDD3F41E6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{122D60A0-EC06-4741-A0E2-C9AE1F5AE20F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{289067FE-4E44-44D8-8878-95341315EEFF}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{7392F12E-9F35-4993-902E-E8D97A989602}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{F8C32054-4E47-4A72-B14B-8687D0A0F2DD}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{D23F897F-BF08-4AE1-BF1D-DFED835252ED}] => (Block) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{85AD3407-AD4D-4A05-80A6-7D94F7936C03}] => (Allow) C:\Users\Tom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E8E2F959-7AD2-4395-90A3-9E07AB84B366}] => (Allow) C:\Users\Tom\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4BA7F3FD-CB6E-4E2C-B81F-BC5E3CAE9EA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{590F1497-E352-4E1A-B376-C2F1E3E03286}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Spelunky\Spelunky.exe
FirewallRules: [{66235A19-601D-4818-8CCE-A6944659C3DD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\JumpJetRex\JumpJetRex.exe
FirewallRules: [{A798A046-2425-4AB9-9775-1CE3F5E16C91}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\JumpJetRex\JumpJetRex.exe
FirewallRules: [{DC2BF502-534D-4788-9647-779C625D7D9E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Parcel\Parcel.exe
FirewallRules: [{6FFBADED-765A-4EFC-B629-BAE0413146F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Parcel\Parcel.exe
FirewallRules: [{5A841F28-C328-4828-B82A-1EBBB73E3D79}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{D73052EA-5333-4704-A56A-3CE82C324AD8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Worms Clan Wars\WormsClanWars.exe

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 540: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053


System errors:
=============
Error: (04/25/2015 08:31:25 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/25/2015 08:31:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/25/2015 08:31:00 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/25/2015 04:02:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/25/2015 03:59:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/25/2015 03:59:46 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}

Error: (04/25/2015 03:59:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/25/2015 03:59:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/25/2015 03:59:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (04/25/2015 03:59:41 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 528: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 540: ERROR: read_msg errno 0 (Der Vorgang wurde erfolgreich beendet.)

Error: (04/27/2015 00:34:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053


CodeIntegrity Errors:
===================================
Date: 2015-04-05 02:13:07.998
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-04-05 02:13:07.938
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-04-05 02:12:54.697
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-04-05 02:12:54.637
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-04-05 02:12:23.524
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-04-05 02:12:23.464
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Sandboxie\SbieDrv.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

Date: 2015-04-05 02:11:17.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-516494932-2024577555-231657829-1000\$RRPX365.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-04-05 02:11:17.308
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-516494932-2024577555-231657829-1000\$RRPX365.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-04-05 02:11:17.258
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-516494932-2024577555-231657829-1000\$RRPX365.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2015-04-05 02:11:17.198
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\$Recycle.Bin\S-1-5-21-516494932-2024577555-231657829-1000\$RRPX365.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD FX(tm)-6100 Six-Core Processor
Percentage of memory in use: 36%
Total physical RAM: 8173.24 MB
Available physical RAM: 5177.51 MB
Total Pagefile: 16344.68 MB
Available Pagefile: 12935.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:953.77 GB) (Free:449.1 GB) NTFS
Drive f: (MUSIC) (Fixed) (Total:465.76 GB) (Free:435.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: A4F8232C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=953.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 33CD0748)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
ATTENTION: System Restore is disabled.
Click to expand...
Did you disable system restore for whatever reason?

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


If you already have MBAM 2.0 installed:

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.


(Copy to clipboard for pasting into forum replies or tickets)

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RKreport.txt

RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
Mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Betriebssystem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
gestarted in : normaler Modus
User : Tom [Administrator]
Started from : C:\Users\Tom\Desktop\RogueKiller\RogueKiller.exe
Modus : Löschen -- Datum : 04/27/2015 01:19:05

¤¤¤ Prozesse : 0 ¤¤¤

¤¤¤ Registry : 25 ¤¤¤
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir= -> Nicht ausgewählt
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir= -> Nicht ausgewählt
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir= -> Nicht ausgewählt
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir= -> Nicht ausgewählt
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9927AB82-1A9C-4706-8495-DB0C928B9069} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nicht ausgewählt
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9927AB82-1A9C-4706-8495-DB0C928B9069} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nicht ausgewählt
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9927AB82-1A9C-4706-8495-DB0C928B9069} | DhcpNameServer : 10.0.0.138 [(Private Address) (XX)] -> Nicht ausgewählt
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nicht ausgewählt
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Nicht ausgewählt
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Nicht ausgewählt
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nicht ausgewählt
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nicht ausgewählt
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nicht ausgewählt
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nicht ausgewählt

¤¤¤ Aufgaben : 0 ¤¤¤

¤¤¤ Dateien : 0 ¤¤¤

¤¤¤ Host Dateien : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activation.guitar-pro.com -> ERROR [5]

¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤

¤¤¤ Web Browser : 0 ¤¤¤

¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: Crucial_CT1024M550SSD1 ATA Device +++++
--- User ---
[MBR] dc2cf32e3a84389962743450868ab59e
[BSP] a9787a6680df6f9d9e398bd32d91f0c7 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 211680 | Size: 976657 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD5000HHTZ-04N21V0 ATA Device +++++
--- User ---
[MBR] 1c43c16de22ac574e123e871e739bc74
[BSP] ce983e2c89d58642a1c673dcafe87302 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476936 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_04272015_011736.log
 
MBAM.txt

Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 27.04.2015
Suchlauf-Zeit: 01:22:39
Logdatei: mbam.txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.04.26.05
Rootkit Datenbank: v2015.04.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Tom

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 641393
Verstrichene Zeit: 16 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 4
PUP.Optional.NewTab.C, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [9796c2af513995a1ca9c0351a65f1fe1],
PUP.Optional.NewTab.C, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [d7564928c7c3fc3ac89e252fcf36ba46],
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\LEOCDEIGFNKAOJCAPIKDJCDBEDCJMFFC, In Quarantäne, [171682ef107a92a453ff3e87bd4629d7],
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\LEOCDEIGFNKAOJCAPIKDJCDBEDCJMFFC, In Quarantäne, [e54880f1cfbb6ec8044f5c6922e107f9],

Registrierungswerte: 12
PUP.Optional.SpeeDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, http://speedial.com/results.php?f=4...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=, In Quarantäne, [d855650c94f652e440a843143cc945bb]
PUP.Optional.SpeeDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|TopResultURLFallback, http://speedial.com/results.php?f=4...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=, In Quarantäne, [dd5086ebbcce2214ad3b56019f669868]
PUP.Optional.SpeeDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|FaviconPath, C:\Program Files (x86)\Speedial\1.8.29.15\FavIcon.ico, In Quarantäne, [24092c45f991e551866295c2e81dbf41]
PUP.Optional.SpeeDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}, Speedial, In Quarantäne, [0d20d69bacde0234e404391e9174b848]
PUP.Optional.SpeeDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|DisplayName, Speedial, In Quarantäne, [1b12b9b8ccbed165faee7addf70e0bf5]
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\leocdeigfnkaojcapikdjcdbedcjmffc|path, C:\Users\Tom\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx, In Quarantäne, [171682ef107a92a453ff3e87bd4629d7]
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\leocdeigfnkaojcapikdjcdbedcjmffc|path, C:\Users\Tom\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx, In Quarantäne, [e54880f1cfbb6ec8044f5c6922e107f9]
PUP.Optional.SpeeDial.A, HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|URL, http://speedial.com/results.php?f=4...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=, In Quarantäne, [220b254c4743a5915592e275a46153ad]
PUP.Optional.SpeeDial.A, HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|TopResultURLFallback, http://speedial.com/results.php?f=4...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=, In Quarantäne, [b97477fa4d3d3afc697e6fe8dc2919e7]
PUP.Optional.SpeeDial.A, HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|FaviconPath, C:\Program Files (x86)\Speedial\1.8.29.15\FavIcon.ico, In Quarantäne, [9499adc43f4be05643a4fa5d32d38d73]
PUP.Optional.SpeeDial.A, HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}, Speedial, In Quarantäne, [e04df8794b3f9f9773749cbb778ebb45]
PUP.Optional.SpeeDial.A, HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{31090377-0740-419E-BEFC-A56E50500D5B}|DisplayName, Speedial, In Quarantäne, [3fee0f627d0dcd697176490e29dcd32d]

Registrierungsdaten: 3
PUP.Optional.Speedial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=, Gut: (www.google.com), Schlecht: (http://speedial.com/?f=1&a=spd_ir_1...=),Ersetzt,[1716bdb4a6e42214b6057e81ee179f61]
PUP.Optional.Speedial.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=, Gut: (www.google.com), Schlecht: (http://speedial.com/?f=1&a=spd_ir_1...=),Ersetzt,[ef3eaac77317cf670ab1837c8580ca36]
PUP.Optional.Speedial.A, HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://speedial.com/?f=1&a=spd_ir_1...tGyBzzyDzzzy0CtDtAtC0C0AtB2Q&cr=696132458&ir=, Gut: (www.google.com), Schlecht: (http://speedial.com/?f=1&a=spd_ir_1...=),Ersetzt,[c8654a271179f640f1cbbd427194a25e]

Ordner: 5
PUP.Optional.ConduitTB.Gen, C:\Users\Tom\AppData\Local\CRE, In Quarantäne, [2b02066b5f2b9b9b85cc784deb18b14f],
PUP.Optional.ConduitTB.Gen, C:\Users\Tom\AppData\Local\Temp\CT2851647, In Quarantäne, [9f8e7ef364261e1862f35c69847f867a],
PUP.Optional.ConduitTB.Gen, C:\Users\Tom\AppData\Local\Temp\CT2851647\plugins, In Quarantäne, [9f8e7ef364261e1862f35c69847f867a],
PUP.Optional.Extutil.A, C:\Users\Tom\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [8aa3e78a3555e94dbc528d1a20e3f30d],
PUP.Optional.Managera.A, C:\Users\Tom\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, In Quarantäne, [a78693dee0aa7abc22ed218637cc7a86],

Dateien: 27
PUP.Optional.SearchProtect.A, C:\Users\Tom\AppData\Local\Temp\nsl2E27.exe, In Quarantäne, [60cd046d0e7cc76f42d8ee6db94859a7],
PUP.Optional.SearchProtect.A, C:\Users\Tom\AppData\Local\Temp\nsw4CE3.exe, In Quarantäne, [c469bcb518727db9b268ef6c5fa2fd03],
PUP.Optional.Somoto, C:\Users\Tom\AppData\Local\Temp\bitool.dll, In Quarantäne, [9697a6cb15753bfb8bc617e3d32f6799],
PUP.Optional.SearchProtect.A, C:\Users\Tom\AppData\Local\Temp\nsb30A8.exe, In Quarantäne, [66c7d49dc7c3072fa674253616eb51af],
PUP.Optional.SearchProtect.A, C:\Users\Tom\AppData\Local\Temp\nsb4A43.exe, In Quarantäne, [6ebf3041b5d58da9fe1c4615f60bd030],
PUP.Optional.SearchProtect.A, C:\Users\Tom\AppData\Local\Temp\nsf8877.exe, In Quarantäne, [e04d95dc0e7cfd399e7cc7948879f907],
Trojan.Bitminer, C:\Users\Tom\AppData\Local\Temp\mdi064.dll, In Quarantäne, [47e6551c01897abc9e514ca49071867a],
PUP.Optional.Conduit.A, C:\Users\Tom\AppData\Local\Temp\CT2851647\plugins\TBVerifier.dll, In Quarantäne, [919c056c9af02412d31753f1f709d32d],
PUP.Optional.Conduit.A, C:\Users\Tom\AppData\Local\Temp\ct3297265\ism.exe, In Quarantäne, [d8559cd596f4d85eaaf92593867bc33d],
PUP.Optional.Conduit.A, C:\Users\Tom\AppData\Local\Temp\nsbEF24\SpSetup.exe, In Quarantäne, [52dbbeb3d9b1043248c6064ae819857b],
PUP.Optional.OpenCandy, C:\Users\Tom\AppData\Local\Temp\is-OFPO4.tmp\OCSetupHlp.dll, In Quarantäne, [999476fba1e9cc6ae55480b085817d83],
PUP.Hacktool.Patcher, C:\Users\Tom\Downloads\Sandboxie 4.16 Final.rar, In Quarantäne, [3eefcca59dedab8bfccb8f7821df9a66],
PUP.Hacktool.Patcher, C:\Users\Tom\Downloads\Sandboxie.4.16.Final.zip, In Quarantäne, [2b02452c4a401e18d9ee1bec5ba57b85],
PUP.Optional.ConduitTB.Gen, C:\Users\Tom\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx, In Quarantäne, [2b02066b5f2b9b9b85cc784deb18b14f],
PUP.Optional.ConduitTB.Gen, C:\Users\Tom\AppData\Local\Temp\CT2851647\manifest.json, In Quarantäne, [9f8e7ef364261e1862f35c69847f867a],
PUP.Optional.ConduitTB.Gen, C:\Users\Tom\AppData\Local\Temp\CT2851647\CT2851647.txt, In Quarantäne, [9f8e7ef364261e1862f35c69847f867a],
PUP.Optional.ConduitTB.Gen, C:\Users\Tom\AppData\Local\Temp\CT2851647\initData.json, In Quarantäne, [9f8e7ef364261e1862f35c69847f867a],
PUP.Optional.Conduit.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarde.ourtoolbar.com_0.localstorage, In Quarantäne, [98951c55a2e8999d5f1ec513689bb947],
PUP.Optional.Conduit.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_utorrentbarde.ourtoolbar.com_0.localstorage-journal, In Quarantäne, [f23b83ee5a3050e64e2f2eaaa55ebe42],
PUP.Optional.Conduit.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage, In Quarantäne, [290475fc444652e46fc325d9d52ea15f],
PUP.Optional.Conduit.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal, In Quarantäne, [3feee38e08826cca3ff3f80641c2e51b],
PUP.Optional.Extutil.A, C:\Users\Tom\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [8aa3e78a3555e94dbc528d1a20e3f30d],
PUP.Optional.Extutil.A, C:\Users\Tom\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [8aa3e78a3555e94dbc528d1a20e3f30d],
PUP.Optional.Extutil.A, C:\Users\Tom\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [8aa3e78a3555e94dbc528d1a20e3f30d],
PUP.Optional.Managera.A, C:\Users\Tom\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [a78693dee0aa7abc22ed218637cc7a86],
PUP.Optional.Managera.A, C:\Users\Tom\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [a78693dee0aa7abc22ed218637cc7a86],
PUP.Optional.Conduit.A, C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: ( "homepage": "http://search.conduit.com/?ctid=CT3...=SP219831FF-3812-4EEB-8E06-C0E63C708AFC&SSPV=",), Ersetzt,[43ea323f5238f244e148c288bf4728d8]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)
 
AdwCleaner[S1].txt

# AdwCleaner v4.202 - Bericht erstellt 27/04/2015 um 01:45:50
# Aktualisiert 23/04/2015 von Xplode
# Datenbank : 2015-04-23.1 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Tom - TOMPC
# Gestarted von : C:\Users\Tom\Desktop\ADWCleaner\adwcleaner_4.202.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\Tom\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\Tom\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Ordner Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Datei Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
Datei Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage-journal
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
Datei Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trainingmask.com_0.localstorage
Datei Gelöscht : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.trainingmask.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Local AppWizard-Generated Applications
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17728


-\\ Mozilla Firefox v33.1 (x86 de)


-\\ Google Chrome v42.0.2311.90

[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : bakijjialdiiboeaknfpmflphhmljfkd
[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : leocdeigfnkaojcapikdjcdbedcjmffc
[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flliilndjeohchalpbbcdekjklbdgfkk
[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : nmmhkkegccagdldgiimedpiccmgmieda
[C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : gighmmpiobklfepjocnamgkkbiglidom

*************************

AdwCleaner[R0].txt - [4062 Bytes] - [27/04/2015 01:44:56]
AdwCleaner[S0].txt - [3788 Bytes] - [27/04/2015 01:45:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3847 Bytes] ##########
 
JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.4 (04.26.2015:1)
OS: Windows 7 Home Premium x64
Ran by Tom on 27.04.2015 at 1:49:54,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin



~~~ FireFox

Emptied folder: C:\Users\Tom\AppData\Roaming\mozilla\firefox\profiles\cz8lbdcf.default\minidumps [1 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.04.2015 at 1:53:06,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix.txt

ComboFix 15-04-27.01 - Tom 27.04.2015 17:49:31.1.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.8173.5583 [GMT 2:00]
ausgeführt von:: c:\users\Tom\Desktop\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\KLC\SMAC\UNWISE.EXE
c:\users\Tom\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Tom\AppData\Roaming\SpeedRunnersLog.txt
c:\windows\msdownld.tmp
c:\windows\SysWow64\tmp61C.tmp
c:\windows\SysWow64\tmp61D.tmp
c:\windows\SysWow64\tmpB921.tmp
c:\windows\SysWow64\tmpB932.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-27 bis 2015-04-27 ))))))))))))))))))))))))))))))
.
.
2015-04-27 16:02 . 2015-04-27 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-26 23:49 . 2015-04-26 23:49 -------- d-----w- C:\RegBackup
2015-04-26 23:44 . 2015-04-26 23:45 -------- d-----w- C:\AdwCleaner
2015-04-26 23:21 . 2015-04-26 23:48 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-26 23:21 . 2015-04-26 23:21 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-04-26 23:21 . 2015-04-26 23:21 -------- d-----w- c:\programdata\Malwarebytes
2015-04-26 23:21 . 2015-04-14 07:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-26 23:21 . 2015-04-14 07:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-26 23:21 . 2015-04-14 07:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-26 23:14 . 2015-04-26 23:14 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-04-26 23:14 . 2015-04-26 23:20 -------- d-----w- c:\programdata\RogueKiller
2015-04-26 22:33 . 2015-04-26 22:36 -------- d-----w- C:\FRST
2015-04-24 16:48 . 2004-08-04 01:56 431616 ----a-w- c:\windows\SysWow64\temp.000
2015-04-24 16:48 . 2000-05-21 22:00 203976 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2015-04-24 16:48 . 2015-04-24 16:48 -------- d-----w- c:\programdata\KLC
2015-04-24 16:48 . 1999-12-07 05:00 61491 ----a-w- c:\windows\SysWow64\wbemdisp.TLB
2015-04-24 16:45 . 2015-04-24 16:45 -------- d-----w- c:\programdata\Guitar Pro 6
2015-04-24 16:40 . 2015-04-24 23:45 -------- d-----w- c:\program files (x86)\Guitar Pro 6
2015-04-24 16:11 . 2015-04-24 16:12 -------- d-----w- c:\program files (x86)\MagicISO
2015-04-24 16:02 . 2015-04-24 16:02 -------- d-----w- c:\program files (x86)\Disc Soft
2015-04-24 16:01 . 2015-04-24 16:01 30352 ----a-w- c:\windows\system32\drivers\dtlitescsibus.sys
2015-04-24 16:01 . 2015-04-24 16:02 -------- d-----w- c:\program files\DAEMON Tools Lite
2015-04-20 22:44 . 2015-04-20 22:44 -------- d-----w- c:\users\Tom\AppData\Local\Rockstar Games
2015-04-20 22:43 . 2015-04-20 22:43 -------- d-----w- c:\program files (x86)\Rockstar Games
2015-04-20 22:43 . 2015-04-20 22:43 -------- d-----w- c:\program files\Rockstar Games
2015-04-19 19:27 . 2015-04-19 19:27 -------- d-----w- c:\program files\CPUID
2015-04-14 19:46 . 2015-03-17 05:19 1727904 ----a-w- c:\windows\system32\ntdll.dll
2015-04-14 19:44 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-14 19:44 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-14 19:44 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-13 19:53 . 2015-04-08 20:32 560968 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2015-04-13 19:51 . 2015-04-13 19:51 -------- d-sh--w- c:\users\Tom\AppData\Local\EmieBrowserModeList
2015-04-12 20:23 . 2015-04-12 20:23 -------- d-----w- c:\programdata\Last.fm
2015-04-12 20:22 . 2015-04-12 20:23 -------- d-----w- c:\users\Tom\AppData\Local\Last.fm
2015-04-12 20:18 . 2015-04-12 20:18 -------- d-----w- c:\program files\TAP-Windows
2015-04-12 19:49 . 2015-04-12 19:49 -------- d-----w- c:\program files\iPod
2015-04-12 19:49 . 2015-04-12 19:49 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-08 19:15 . 2015-04-08 19:15 -------- d-----w- c:\program files (x86)\iOSinstaller
2015-04-05 00:20 . 2015-04-05 00:23 -------- d-----w- c:\program files\Sandboxie
2015-04-04 23:33 . 2015-04-04 23:33 -------- d-s---w- c:\windows\system32\GWX
2015-04-04 23:33 . 2015-04-04 23:33 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-04 19:09 . 2015-04-04 19:09 -------- d-----r- C:\Sandbox
2015-03-30 18:19 . 2015-03-30 18:19 -------- d-----w- c:\users\Tom\AppData\Local\Frima_Studio
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-14 22:41 . 2013-01-13 22:27 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-14 21:58 . 2013-01-22 15:58 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-14 21:58 . 2013-01-22 15:58 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 21:58 . 2015-02-05 16:57 18178736 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2015-04-09 00:58 . 2014-11-12 17:08 14617288 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-04-09 00:58 . 2013-01-21 21:46 17176128 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-04-09 00:58 . 2013-01-21 21:46 12689592 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-04-09 00:58 . 2013-01-21 21:45 3317344 ----a-w- c:\windows\system32\nvapi64.dll
2015-04-09 00:58 . 2013-01-21 21:45 2935416 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-04-09 00:58 . 2012-09-28 14:28 78480 ----a-w- c:\windows\system32\OpenCL.dll
2015-04-09 00:58 . 2012-09-28 14:28 66704 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-04-08 21:30 . 2013-01-21 21:48 6841488 ----a-w- c:\windows\system32\nvcpl.dll
2015-04-08 21:30 . 2013-01-21 21:48 3478344 ----a-w- c:\windows\system32\nvsvc64.dll
2015-04-08 21:30 . 2013-01-21 21:48 936264 ----a-w- c:\windows\system32\nvvsvc.exe
2015-04-08 21:30 . 2013-01-21 21:48 62608 ----a-w- c:\windows\system32\nvshext.dll
2015-04-08 21:30 . 2013-01-21 21:48 2558608 ----a-w- c:\windows\system32\nvsvcr.dll
2015-04-08 21:30 . 2013-01-21 21:48 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-04-08 17:52 . 2013-01-21 21:48 4336074 ----a-w- c:\windows\system32\nvcoproc.bin
2015-03-28 03:44 . 2014-08-05 19:38 1316000 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-03-28 03:44 . 2013-10-28 18:25 1316000 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-03-28 03:43 . 2014-08-05 19:38 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-03-28 03:43 . 2013-10-28 18:25 1570672 ----a-w- c:\windows\system32\nvspcap64.dll
2015-03-17 04:56 . 2015-04-14 19:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-03-13 19:41 . 2015-03-18 17:22 1896136 ----a-w- c:\windows\system32\nvdispco6434788.dll
2015-03-13 19:41 . 2015-03-18 17:22 1557648 ----a-w- c:\windows\system32\nvdispgenco6434788.dll
2015-03-10 16:45 . 2013-08-14 22:36 44088 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2015-03-10 16:45 . 2013-08-14 22:36 132120 ----a-w- c:\windows\system32\drivers\avipbb.sys
2015-03-10 16:45 . 2013-08-14 22:36 128536 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2015-02-26 03:25 . 2015-03-11 18:05 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:41 . 2015-03-11 18:06 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 18:06 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 18:06 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 18:06 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 18:06 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 18:06 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 18:06 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 18:06 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 18:06 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 18:06 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-13 05:22 . 2015-03-11 18:05 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-10 11:55 . 2014-12-09 19:41 907984 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-02-05 21:01 . 2015-02-11 19:09 1895240 ----a-w- c:\windows\system32\nvdispco6434752.dll
2015-02-05 21:01 . 2015-02-11 19:09 1557648 ----a-w- c:\windows\system32\nvdispgenco6434752.dll
2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 18:04 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 18:04 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 18:06 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 18:06 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 18:06 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 18:06 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 18:06 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 18:06 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 18:05 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 18:06 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 18:06 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 18:06 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 18:06 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 18:06 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 18:06 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 18:06 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 18:06 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 18:06 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 18:06 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 18:06 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 18:06 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 18:06 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 18:06 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 18:06 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 18:06 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 18:06 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 18:06 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 18:06 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 18:06 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 18:06 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 18:06 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 18:06 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 18:06 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 18:06 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 18:06 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 18:06 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 18:06 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 18:06 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 18:06 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 18:06 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 18:06 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 18:06 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 18:06 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 18:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 18:06 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 18:06 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 18:06 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 18:06 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 18:06 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 18:06 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 18:06 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 18:06 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 18:06 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 18:05 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 18:06 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 09:59 1729744 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Tom\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-03-25 31682656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-04-01 726320]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Soundswitch.ahk [2014-5-13 1049]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AntiVirMailService;Avira Email-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 cpuz136;cpuz136;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [x]
R3 cpuz137;cpuz137;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys;c:\program files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R4 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R4 iOSinstallerUpdater;iOSinstallerUpdater;c:\program files (x86)\iOSinstaller\updater.exe;c:\program files (x86)\iOSinstaller\updater.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-04-16 16:26 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-22 21:58]
.
2015-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13 21:36]
.
2015-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-13 21:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-09-26 12:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-09-26 12:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-09-26 12:41 1021088 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 11:52 2334928 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 13:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-03-28 1570672]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-03-28 2673296]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cz8lbdcf.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-PunkBusterSvc - c:\program files (x86)\Origin Games\Battlefield 4 Beta\pbsvc.exe
AddRemove-SpyHunter - c:\users\Tom\AppData\Roaming\Enigma Software Group\sh_installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\Tablet\Pen\WacomHost.exe
c:\program files (x86)\AutoHotkey\AutoHotkey.exe
c:\program files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-27 18:16:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-04-27 16:16
.
Vor Suchlauf: 17 Verzeichnis(se), 483.034.279.936 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 490.570.170.368 Bytes frei
.
- - End Of File - - 94B8180484E28D83C09667F783971D89
A36C5E4F47E84449FF07ED3517B43A31
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2015 01
Ran by Tom (administrator) on TOMPC on 27-04-2015 23:21:57
Running from C:\Users\Tom\Desktop\FRST64
Loaded Profiles: Tom (Available profiles: Tom)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Users\Tom\Local Settings\Apps\F.lux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
() C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(NVIDIA Corporation) C:\Users\Tom\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-28] (NVIDIA Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [129272 2015-03-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Run: [F.lux] => C:\Users\Tom\Local Settings\Apps\F.lux\flux.exe [966656 2009-08-29] ()
HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682656 2015-03-25] (Skype Technologies S.A.)
Startup: C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soundswitch.ahk [2014-05-13] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2014-09-26] ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-516494932-2024577555-231657829-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-516494932-2024577555-231657829-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-516494932-2024577555-231657829-1000 -> URL http://search.conduit.com/Results.a...-4EEB-8E06-C0E63C708AFC&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-516494932-2024577555-231657829-1000 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-08-15] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-08-15] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2015-01-18] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2015-01-18] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2014-12-09] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cz8lbdcf.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-08-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-08-15] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-10-01] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-07-17] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2015-01-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2015-01-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-12-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2014-12-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-10-01] (Adobe Systems)
FF Plugin HKU\S-1-5-21-516494932-2024577555-231657829-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Extension: Image Zoom - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cz8lbdcf.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi [2014-10-26]
FF Extension: Adblock Plus - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\cz8lbdcf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-21]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?ctid=CT3321902&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP219831FF-3812-4EEB-8E06-C0E63C708AFC&SSPV=
CHR StartupUrls: Default -> "hxxp://metalstorm.net/events/news.php"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-13]
CHR Extension: (Google Drive) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-13]
CHR Extension: (Tab Resize - split screen layouts) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkpenclhmiealbebdopglffmfdiilejc [2015-04-17]
CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-13]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2013-09-05]
CHR Extension: (Google Search) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-13]
CHR Extension: (User-Agent Switcher for Chrome) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2015-03-09]
CHR Extension: (LoL Stream Browser) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2013-01-13]
CHR Extension: (ZenMate) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2014-10-04]
CHR Extension: (BetaFish Adblocker) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-27]
CHR Extension: (Bookmark Manager) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2013-08-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Metallica 86) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhblnpecdeoibmlklmnbjaaaikghbehi [2013-09-26]
CHR Extension: (Google Mail Checker) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-01-13]
CHR Extension: (Ghostery) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2013-08-14]
CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-27]
CHR Extension: (Hover Zoom) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2013-01-13]
CHR Extension: (Gmail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-01] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1004032 2015-04-01] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [201008 2015-03-16] (Avira Operations GmbH & Co. KG)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S4 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-28] (NVIDIA Corporation)
S4 iOSinstallerUpdater; C:\Program Files (x86)\iOSinstaller\updater.exe [165376 2015-04-08] (iOSinstaller.com) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-28] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-24] (Electronic Arts)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-07] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-03-10] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-24] (Disc Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-04-27] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 19:16 - 2015-04-27 19:16 - 00000000 ____D () C:\Users\Tom\AppData\Local\CrashDumps
2015-04-27 18:16 - 2015-04-27 18:16 - 00029818 _____ () C:\ComboFix.txt
2015-04-27 17:47 - 2015-04-27 18:17 - 00000000 ____D () C:\Qoobox
2015-04-27 17:47 - 2015-04-27 18:13 - 00000000 ____D () C:\Windows\erdnt
2015-04-27 17:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-27 17:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-27 17:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-27 17:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-27 17:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-27 17:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-27 17:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-27 17:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-27 17:45 - 2015-04-27 18:21 - 00000000 ____D () C:\Users\Tom\Desktop\Combofix
2015-04-27 01:49 - 2015-04-27 01:49 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TOMPC-Windows-7-Home-Premium-(64-bit).dat
2015-04-27 01:49 - 2015-04-27 01:49 - 00000000 ____D () C:\RegBackup
2015-04-27 01:44 - 2015-04-27 01:45 - 00000000 ____D () C:\AdwCleaner
2015-04-27 01:21 - 2015-04-27 01:48 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-27 01:21 - 2015-04-27 01:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-27 01:21 - 2015-04-27 01:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-27 01:21 - 2015-04-27 01:21 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-27 01:21 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-27 01:21 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-27 01:21 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-27 01:14 - 2015-04-27 01:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-27 01:14 - 2015-04-27 01:14 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-27 01:07 - 2015-04-27 01:48 - 00000000 ____D () C:\Users\Tom\Desktop\ADWCleaner
2015-04-27 01:07 - 2015-04-27 01:43 - 00000000 ____D () C:\Users\Tom\Desktop\MBAM
2015-04-27 01:06 - 2015-04-27 01:53 - 00000000 ____D () C:\Users\Tom\Desktop\JRT
2015-04-27 01:06 - 2015-04-27 01:19 - 00000000 ____D () C:\Users\Tom\Desktop\RogueKiller
2015-04-27 00:46 - 2015-04-27 23:21 - 00000000 ____D () C:\Users\Tom\Desktop\FRST64
2015-04-27 00:33 - 2015-04-27 23:21 - 00000000 ____D () C:\FRST
2015-04-26 19:30 - 2015-04-26 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Last.fm
2015-04-26 19:29 - 2015-04-26 19:30 - 15963960 _____ (Last.fm ) C:\Users\Tom\Downloads\Last.fm-2.1.37.exe
2015-04-26 13:57 - 2015-04-26 13:57 - 00013018 _____ () C:\Users\Tom\Downloads\guitar-pro-5-2-rse-full-%5Btorrentino%5D.torrent
2015-04-25 01:51 - 2015-04-25 01:51 - 00000000 _____ () C:\autoexec.bat
2015-04-24 18:48 - 2015-04-25 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KLC
2015-04-24 18:48 - 2015-04-24 18:48 - 00000000 ____D () C:\ProgramData\KLC
2015-04-24 18:48 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2015-04-24 18:48 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2015-04-24 18:48 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.TLB
2015-04-24 18:45 - 2015-04-24 18:45 - 00000000 ____D () C:\ProgramData\Guitar Pro 6
2015-04-24 18:40 - 2015-04-25 01:45 - 00000000 ____D () C:\Program Files (x86)\Guitar Pro 6
2015-04-24 18:35 - 2015-04-24 18:35 - 00000222 _____ () C:\Users\Tom\Desktop\Worms Clan Wars.url
2015-04-24 18:35 - 2015-04-24 18:35 - 00000222 _____ () C:\Users\Tom\Desktop\Parcel.url
2015-04-24 18:35 - 2015-04-24 18:35 - 00000222 _____ () C:\Users\Tom\Desktop\JumpJet Rex.url
2015-04-24 18:11 - 2015-04-24 18:12 - 00000000 ____D () C:\Program Files (x86)\MagicISO
2015-04-24 18:11 - 2015-04-24 18:11 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-04-24 18:11 - 2015-04-24 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-04-24 18:02 - 2015-04-24 18:02 - 00000000 ____D () C:\Program Files (x86)\Disc Soft
2015-04-24 18:01 - 2015-04-24 18:02 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2015-04-24 18:01 - 2015-04-24 18:01 - 00030352 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-04-24 17:57 - 2015-04-24 17:58 - 00000000 ____D () C:\Users\Tom\Downloads\Guitar Pro 6.0.1.7840 + Crack
2015-04-24 17:45 - 2015-04-24 17:45 - 00000222 _____ () C:\Users\Tom\Desktop\Spelunky.url
2015-04-24 17:30 - 2015-04-24 17:30 - 00059267 _____ () C:\Users\Tom\Downloads\Sodom - M-16 (Pro).gp5
2015-04-21 00:44 - 2015-04-21 00:44 - 00000000 ____D () C:\Users\Tom\Documents\Rockstar Games
2015-04-21 00:44 - 2015-04-21 00:44 - 00000000 ____D () C:\Users\Tom\AppData\Local\Rockstar Games
2015-04-21 00:43 - 2015-04-21 00:43 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-21 00:43 - 2015-04-21 00:43 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-19 21:27 - 2015-04-19 21:27 - 01582736 _____ ( ) C:\Users\Tom\Downloads\cpu-z_1.72-en.exe
2015-04-19 21:27 - 2015-04-19 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-04-19 21:27 - 2015-04-19 21:27 - 00000000 ____D () C:\Program Files\CPUID
2015-04-14 21:47 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 21:47 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 21:47 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 21:47 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 21:47 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 21:47 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 21:47 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 21:47 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 21:47 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 21:47 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 21:47 - 2015-03-23 05:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-14 21:47 - 2015-03-23 05:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-14 21:47 - 2015-03-23 05:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-14 21:47 - 2015-03-23 05:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-14 21:47 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 21:47 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 21:47 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 21:47 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 21:47 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 21:47 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 21:47 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 21:46 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 21:46 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 21:46 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 21:46 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 21:46 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 21:46 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 21:46 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 21:46 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 21:46 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 21:46 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 21:46 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 21:46 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 21:46 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 21:46 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 21:46 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 21:46 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 21:46 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 21:46 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 21:46 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 21:46 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 21:46 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 21:46 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 21:46 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 21:46 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 21:46 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 21:46 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:46 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:46 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 21:46 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 21:46 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 21:46 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 21:46 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 21:46 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 21:46 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 21:46 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 21:46 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 21:46 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 21:46 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 21:46 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 21:46 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 21:46 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 21:46 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 21:46 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 21:46 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 21:46 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 21:46 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 21:46 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 21:46 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 21:46 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 21:46 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 21:46 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 21:46 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 21:46 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 21:46 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 21:46 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 21:46 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 21:46 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 21:46 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 21:46 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 21:46 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 21:46 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 21:46 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 21:46 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 21:46 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 21:46 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 21:46 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 21:46 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 21:46 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 21:46 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 21:46 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 21:46 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 21:46 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 21:46 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 21:46 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 21:46 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 21:46 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 21:46 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 21:46 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 21:46 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 21:46 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 21:46 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 21:46 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 21:46 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 21:46 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 21:44 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 21:44 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 21:44 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-14 19:34 - 2015-04-14 19:34 - 00000222 _____ () C:\Users\Tom\Desktop\Mortal Kombat X.url
2015-04-13 21:53 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-13 21:52 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-13 21:52 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-13 21:52 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-13 21:51 - 2015-04-13 21:51 - 00000000 __SHD () C:\Users\Tom\AppData\Local\EmieBrowserModeList
2015-04-12 22:23 - 2015-04-12 22:23 - 00000000 ____D () C:\ProgramData\Last.fm
2015-04-12 22:22 - 2015-04-12 22:23 - 00000000 ____D () C:\Users\Tom\AppData\Local\Last.fm
2015-04-12 22:18 - 2015-04-12 22:18 - 00000000 ____D () C:\Program Files\TAP-Windows
2015-04-12 22:05 - 2015-04-12 22:05 - 00003213 _____ () C:\Users\Tom\Downloads\vpnht.ovpn
2015-04-12 21:49 - 2015-04-12 21:49 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-12 21:49 - 2015-04-12 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-12 21:49 - 2015-04-12 21:49 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-12 21:49 - 2015-04-12 21:49 - 00000000 ____D () C:\Program Files\iPod
2015-04-08 23:44 - 2015-04-21 01:07 - 00000231 _____ () C:\Users\Tom\Desktop\Grand Theft Auto V.url
2015-04-08 22:01 - 2015-04-08 22:01 - 00599941 _____ () C:\Users\Tom\Downloads\Taskbar Eliminator.zip
2015-04-08 21:14 - 2015-04-08 21:15 - 33986608 _____ () C:\Users\Tom\Downloads\iOS-Installer_Popcorn_Time-1.14.exe
2015-04-06 02:13 - 2015-04-06 02:15 - 00002805 _____ () C:\Users\Tom\Desktop\BL2 4P.lnk
2015-04-06 02:13 - 2015-04-06 02:15 - 00002805 _____ () C:\Users\Tom\Desktop\BL2 2P.lnk
2015-04-06 02:13 - 2015-04-06 02:14 - 00002805 _____ () C:\Users\Tom\Desktop\BL2 3P.lnk
2015-04-05 03:21 - 2015-04-05 03:22 - 00038912 _____ () C:\Users\Tom\Downloads\PCWNOBAR.z.exe
2015-04-05 02:20 - 2015-04-05 02:23 - 00000000 ____D () C:\Program Files\Sandboxie
2015-04-05 02:20 - 2015-04-05 02:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-04-05 01:33 - 2015-04-05 01:33 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 01:33 - 2015-04-05 01:33 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 01:31 - 2015-04-05 01:31 - 00000543 _____ () C:\Windows\NGO.cer
2015-04-05 00:07 - 2015-04-05 00:07 - 04281987 _____ () C:\Users\Tom\Downloads\Sandboxie 4.16(x64)+Crack.rar
2015-04-04 21:09 - 2015-04-04 21:09 - 00000000 ___RD () C:\Sandbox
2015-04-04 21:05 - 2015-04-26 21:34 - 00003726 _____ () C:\Windows\Sandboxie.ini
2015-04-04 21:02 - 2015-04-04 21:02 - 01203488 _____ () C:\Users\Tom\Downloads\Sandboxie - CHIP-Installer.exe
2015-03-31 01:54 - 2015-03-31 01:54 - 00000222 _____ () C:\Users\Tom\Desktop\Worms Armageddon.url
2015-03-31 01:54 - 2015-03-31 01:54 - 00000222 _____ () C:\Users\Tom\Desktop\TinyKeep.url
2015-03-31 01:54 - 2015-03-31 01:54 - 00000222 _____ () C:\Users\Tom\Desktop\ClusterPuck 99.url
2015-03-30 20:19 - 2015-03-30 20:19 - 00000000 ____D () C:\Users\Tom\AppData\Local\Frima_Studio
2015-03-30 15:46 - 2015-04-26 19:27 - 00000000 ____D () C:\Users\Tom\Documents\!BEWERBUNGSMAPPE
2015-03-28 22:02 - 2015-03-28 22:03 - 00000000 ____D () C:\Users\Tom\Documents\Giana Sisters - Twisted Dreams
2015-03-28 21:07 - 2015-03-28 21:07 - 00000221 _____ () C:\Users\Tom\Desktop\Worms Reloaded.url
2015-03-28 21:06 - 2015-03-28 21:06 - 00000221 _____ () C:\Users\Tom\Desktop\Worms Crazy Golf.url
2015-03-28 21:01 - 2015-03-28 21:01 - 00000222 _____ () C:\Users\Tom\Desktop\Giana Sisters Twisted Dreams.url
2015-03-28 21:01 - 2015-03-28 21:01 - 00000222 _____ () C:\Users\Tom\Desktop\Giana Sisters Twisted Dreams - Rise of the Owlverlord.url
2015-03-28 19:22 - 2015-03-28 19:22 - 00000222 _____ () C:\Users\Tom\Desktop\Apotheon.url
 
==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 23:21 - 2014-06-09 19:32 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TS3Client
2015-04-27 23:04 - 2013-01-14 17:53 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype
2015-04-27 22:57 - 2013-01-22 17:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-27 22:56 - 2013-01-13 23:15 - 01479596 _____ () C:\Windows\WindowsUpdate.log
2015-04-27 22:24 - 2013-01-13 23:36 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-27 20:21 - 2013-01-14 17:51 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-04-27 20:07 - 2014-04-04 17:49 - 00000000 ____D () C:\Users\Tom\Documents\!PROJECTS
2015-04-27 18:17 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-27 18:11 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 18:11 - 2009-07-14 06:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 18:08 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2015-04-27 18:08 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2015-04-27 18:08 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-27 18:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-27 18:03 - 2013-01-21 23:49 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-27 18:03 - 2013-01-13 23:41 - 00799440 _____ () C:\Windows\PFRO.log
2015-04-27 18:03 - 2013-01-13 23:36 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-27 18:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-27 18:03 - 2009-07-14 06:51 - 00169665 _____ () C:\Windows\setupact.log
2015-04-27 17:45 - 2014-11-29 18:59 - 00013245 _____ () C:\Windows\BRRBCOM.INI
2015-04-27 02:00 - 2013-08-15 16:42 - 00000000 ____D () C:\Users\Tom\AppData\Local\Adobe
2015-04-26 19:30 - 2013-08-25 18:37 - 00000000 ____D () C:\Program Files (x86)\Last.fm
2015-04-26 17:04 - 2013-09-08 23:22 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\uTorrent
2015-04-25 01:50 - 2013-01-13 23:15 - 00000000 ____D () C:\Users\Tom
2015-04-20 18:02 - 2015-01-08 21:50 - 00000000 ____D () C:\Program Files (x86)\LoLBuilder.net App
2015-04-18 18:57 - 2013-01-14 17:53 - 00000000 ____D () C:\ProgramData\Skype
2015-04-17 02:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-04-17 02:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 00:18 - 2014-12-29 00:19 - 00000000 ____D () C:\Users\Tom\AppData\Local\Popcorn-Time
2015-04-16 19:25 - 2013-08-23 18:03 - 00001664 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk
2015-04-16 17:58 - 2015-01-08 21:50 - 00001061 _____ () C:\Users\Public\Desktop\LoLBuilder.net App.lnk
2015-04-16 17:58 - 2015-01-08 21:50 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Dazzleware
2015-04-16 17:58 - 2015-01-08 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2015-04-16 17:54 - 2014-12-13 12:11 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 17:54 - 2014-05-06 19:57 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 17:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 00:47 - 2013-08-17 19:38 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 00:46 - 2013-08-14 19:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 00:41 - 2013-01-14 00:27 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 23:58 - 2015-02-05 18:57 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 23:58 - 2013-01-22 17:58 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-14 23:58 - 2013-01-22 17:58 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-14 23:58 - 2013-01-22 17:58 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 21:54 - 2013-01-21 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-13 21:54 - 2013-01-21 23:47 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-13 21:51 - 2013-08-17 19:43 - 00000000 ____D () C:\Users\Tom\AppData\Local\NVIDIA
2015-04-12 22:18 - 2014-12-29 00:16 - 00000000 ____D () C:\Users\Tom\AppData\Local\Popcorn Time
2015-04-12 21:49 - 2015-02-20 15:52 - 00000000 ____D () C:\Program Files\iTunes
2015-04-12 21:49 - 2013-08-23 23:54 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-12 21:49 - 2013-08-23 23:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-09 23:43 - 2013-10-07 00:18 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-09 23:43 - 2013-08-15 00:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-09 23:43 - 2013-01-13 23:33 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-04-09 02:58 - 2014-11-12 19:08 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-09 02:58 - 2013-01-21 23:47 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-09 02:58 - 2013-01-21 23:46 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2013-01-21 23:46 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2013-01-21 23:45 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-09 02:58 - 2013-01-21 23:45 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-09 02:58 - 2012-09-28 16:28 - 00078480 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-04-09 02:58 - 2012-09-28 16:28 - 00066704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2013-01-21 23:48 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2013-01-21 23:48 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2013-01-21 23:48 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-05 18:55 - 2014-06-08 16:30 - 00000000 ____D () C:\Users\Tom\AppData\Local\Spotify
2015-04-05 18:55 - 2014-06-08 16:29 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Spotify
2015-04-05 01:24 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-01 10:25 - 2013-01-13 23:38 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Avira
2015-04-01 10:25 - 2013-01-13 23:33 - 00000000 ____D () C:\ProgramData\Avira
2015-03-31 13:29 - 2014-10-10 16:38 - 00000132 _____ () C:\Users\Tom\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2015-03-31 11:37 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-28 22:38 - 2013-01-15 01:26 - 00354690 _____ () C:\Windows\DirectX.log
2015-03-28 20:36 - 2013-08-15 21:00 - 00000000 ____D () C:\Users\Tom\Documents\my games
2015-03-28 05:44 - 2014-08-05 21:38 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-03-28 05:44 - 2013-10-28 20:25 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-03-28 05:43 - 2014-08-05 21:38 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-03-28 05:43 - 2013-10-28 20:25 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

==================== Files in the root of some directories =======

2014-10-10 16:40 - 2014-10-10 16:40 - 0000132 _____ () C:\Users\Tom\AppData\Roaming\Adobe GIF-Format CC - Voreinstellungen
2014-10-10 16:39 - 2014-10-10 16:39 - 0000132 _____ () C:\Users\Tom\AppData\Roaming\Adobe IllExport-Filter CC - Voreinstellungen
2014-10-10 16:38 - 2015-03-31 13:29 - 0000132 _____ () C:\Users\Tom\AppData\Roaming\Adobe PNG-Format CC - Voreinstellungen
2014-06-24 15:16 - 2014-09-20 20:26 - 0000034 _____ () C:\Users\Tom\AppData\Roaming\AdobeWLCMCache.dat
2013-09-16 19:37 - 2013-09-23 11:54 - 0011477 _____ () C:\Users\Tom\AppData\Roaming\LogBuch.txt
2013-09-14 15:29 - 2013-09-23 11:56 - 0003129 _____ () C:\Users\Tom\AppData\Roaming\PData.MM1
2013-09-14 15:29 - 2013-09-23 11:56 - 0003129 _____ () C:\Users\Tom\AppData\Roaming\PData.MMM
2014-12-07 20:12 - 2014-12-07 20:20 - 0001456 _____ () C:\Users\Tom\AppData\Local\Adobe Für Web speichern 13.0 Prefs

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-27 18:53

==================== End Of Log ============================
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Tom at 2015-04-27 23:22:26
Running from C:\Users\Tom\Desktop\FRST64
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-516494932-2024577555-231657829-500 - Administrator - Disabled)
Gast (S-1-5-21-516494932-2024577555-231657829-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-516494932-2024577555-231657829-1003 - Limited - Enabled)
Tom (S-1-5-21-516494932-2024577555-231657829-1000 - Administrator - Enabled) => C:\Users\Tom

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@Bios (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.34 - GIGABYTE)
µTorrent (HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
About Love, Hate and the other ones (HKLM-x32\...\Steam App 277680) (Version: - Black Pants Studio)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.8.0.447 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe InDesign CC (HKLM-x32\...\{BC448016-6F11-1014-B0EA-97CEE6E26CB6}) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Apotheon (HKLM-x32\...\Steam App 208750) (Version: - Alientrap)
Apple Application Support (32-Bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avira (HKLM-x32\...\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}) (Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.34.19732 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version: - The Behemoth)
Bejeweled 3 (HKLM-x32\...\Steam App 78000) (Version: - PopCap Games, Inc.)
Bleed (HKLM-x32\...\Steam App 239800) (Version: - Ian Campbell)
Bloody Trapland (HKLM-x32\...\Steam App 257750) (Version: - 2Play)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version: - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version: - 2K Australia)
Brother MFL-Pro Suite MFC-J6920DW (HKLM-x32\...\{6A367B4D-2E1C-4843-9FF0-A1DF1DEAB1E6}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)
Chariot (HKLM-x32\...\Steam App 319450) (Version: - Frima Studio)
Chompy Chomp Chomp (HKLM-x32\...\Steam App 292570) (Version: - Utopian World of Sandwiches)
ClusterPuck 99 (HKLM-x32\...\Steam App 337960) (Version: - PHL Collective)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Curse (HKLM-x32\...\{1F2611FB-6F69-4AA8-BECD-243BD8CB45F3}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version: - Vigil Games)
Die Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.18.1010 - Electronic Arts Inc.)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
EaseUS Partition Master 10.1 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
F.lux (HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Flux) (Version: - )
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)
Flatout 3 (HKLM-x32\...\Steam App 201510) (Version: - Team 6 Studios)
Friendship Club (HKLM-x32\...\Steam App 332760) (Version: - Force Of Habit)
GameRanger (HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\GameRanger) (Version: - GameRanger Technologies)
Gang Beasts (HKLM-x32\...\Steam App 285900) (Version: - Boneloaf)
Giana Sisters: Twisted Dreams - Rise of the Owlverlord (HKLM-x32\...\Steam App 246960) (Version: - Black Forest Games)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version: - Black Forest Games)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version: - Codemasters Racing)
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Injustice: Gods Among Us Ultimate Edition (HKLM-x32\...\Steam App 242700) (Version: - NetherRealm Studios)
iOSinstaller (HKLM-x32\...\iOSinstaller) (Version: - iosinstaller.com)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
JumpJet Rex (HKLM-x32\...\Steam App 329460) (Version: - TreeFortress Games)
Lara Croft and the Guardian of Light (HKLM-x32\...\Steam App 35130) (Version: - Crystal Dynamics)
Lara Croft and the Temple of Osiris (HKLM-x32\...\Steam App 289690) (Version: - Crystal Dynamics)
Last.fm Scrobbler 2.1.37 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Legend of Dungeon (HKLM-x32\...\Steam App 238280) (Version: - )
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.303 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.303 - LogMeIn, Inc.) Hidden
Lords Of The Fallen (HKLM-x32\...\Steam App 265300) (Version: - CI Games)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Megabyte Punch (HKLM-x32\...\Steam App 248550) (Version: - Team Reptile)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios)
Mortal Kombat X (HKLM-x32\...\Steam App 307780) (Version: - NetherRealm Studios)
Mozilla Firefox 33.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 de)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version: - Messhof)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.5 - Notepad++ Team)
Nuance PaperPort 12 (HKLM-x32\...\{869FCC6C-5669-4B0B-827E-2BBAACD88A87}) (Version: 12.1.0006 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA 3D Vision Controller-Treiber 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Grafiktreiber 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Parcel (HKLM-x32\...\Steam App 316080) (Version: - Polar Bunny Ltd)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version: - Zen Studios)
Pressure (HKLM-x32\...\Steam App 224220) (Version: - Chasing Carrots)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Rocketbirds: Hardboiled Chicken (HKLM-x32\...\Steam App 215510) (Version: - Ratloop Asia)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version: - Crytek)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Scansoft PDF Professional (x32 Version: - ) Hidden
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version: - Devil's Details)
SpeedRunners (HKLM-x32\...\Steam App 207140) (Version: - DoubleDutch Games)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Split/Second (HKLM-x32\...\Steam App 297860) (Version: - Black Rock Studio)
Spotify (HKU\S-1-5-21-516494932-2024577555-231657829-1000\...\Spotify) (Version: 1.0.2.6.g9977a14b - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.19.13.4482 - Enigma Software Group, LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Street Fighter X Tekken (HKLM-x32\...\Steam App 209120) (Version: - Capcom U.S.A., Inc.)
Stronghold Crusader 2 (HKLM-x32\...\Steam App 232890) (Version: - FireFly Studios)
Stronghold Crusader HD (HKLM-x32\...\Steam App 40970) (Version: - FireFly Studios)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Cave (HKLM-x32\...\Steam App 221810) (Version: - Double Fine Productions)
The Crew (HKLM-x32\...\Steam App 241560) (Version: - Ivory Tower in collaboration with Ubisoft Reflections)
TinyKeep (HKLM-x32\...\Steam App 278620) (Version: - Phigames)
TRISTOY (HKLM-x32\...\Steam App 303260) (Version: - Uniworlds Game Studios)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version: - Team17 Digital Ltd.)
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd)
Worms Crazy Golf (HKLM-x32\...\Steam App 70620) (Version: - Team17 Software Ltd.)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version: - Team17 Software Ltd.)
Worms Ultimate Mayhem (HKLM-x32\...\Steam App 70600) (Version: - Team17 Software Ltd.)
 
You must log in or register to reply here.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
C
Solved DWM.exe using 30-40% CPU and 2-4GB of RAM, also creating a suspicious connection
2
Replies
46
Views
7K
Broni
Broni
Daniel Sims
Windows 11 23H2 update announced, meanwhile Insider build adds system repair and TPM troubleshooter
Replies
7
Views
679
nkormanik
nkormanik

Latest posts

Back