Solved Surfvox on Win7-64bit system

Pjotr31 · Jun 4, 2015

Apparently I got infected with the Surfvox virus/malware.
Help will be greatly appreciated!
Here is part I of FRST.txt. In next posts: rest and Addition.txt.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015

Ran by PETER (administrator) on PETER-PC on 04-06-2015 16:54:15

Running from C:\Users\PETER\Downloads

Loaded Profiles: PETER (Available Profiles: PETER)

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Nederlands (Nederland)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\AvastSvc.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe

() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

() F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe

(CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(TomTom) F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

() F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe

() C:\Windows\System32\atwtusb.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

() C:\Windows\System32\atwtusb.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

() C:\Program Files\Core Temp\Core Temp.exe

(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe

(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Windows\System32\WTMKM.exe

(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe

() C:\Windows\system\GfsMgr64.exe

(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

() C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe

() C:\Windows\SysWOW64\GfsMgr.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(NewSoft Technology Corporation) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Pmsb.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(SlySoft, Inc.) F:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

(Akamai Technologies, Inc.) C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Akamai Technologies, Inc.) C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe

(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe

(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe

(Electronic Arts) F:\Program Files (x86)\Origin\Origin.exe

() C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe

(Dropbox, Inc.) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe

(NewSoft Technology Corporation) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

() C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe

(Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\avastui.exe

(ScanSoft, Inc.) H:\Program Files (x86)\ScanSoft\OmniPagePro12.0\opware12.exe

(CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe

(CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe

() H:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

() F:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(WinZip Computing, S.L.) F:\Program Files (x86)\WinZip\WINZIP32.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Sysinternals - www.sysinternals.com) C:\Users\PETER\AppData\Local\Temp\wz425d\procexp.exe

(Sysinternals - www.sysinternals.com) C:\Users\PETER\AppData\Local\Temp\procexp64.exe

() C:\ProgramData\nvxasync\cvxasync.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)

HKLM\...\Run: [MacroKeyManager] => C:\Windows\system32\WTMKM.exe [6105832 2010-01-15] ()

HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)

HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)

HKLM\...\Run: [SUNSTREAKERSound] => C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe [1611264 2014-01-10] ()

HKLM\...\Run: [SUNSTREAKERHS64] => C:\Windows\system\GfsMgr64.exe [286720 2013-04-25] ()

HKLM\...\Run: [SUNSTREAKERHS] => C:\Windows\syswow64\GfsMgr.exe [204800 2013-04-25] ()

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)

HKLM\...\Run: [iTunesHelper] => F:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [PMSpeed] => f:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-04] (NewSoft Technology Corporation)

HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [AutoEJCD_0ACE20FF] => C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE [40960 2013-02-13] ()

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"

HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)

HKLM-x32\...\Run: [BCSSync] => H:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [AvastUI.exe] => f:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)

HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Opware12] => H:\Program Files (x86)\ScanSoft\OmniPagePro12.0\Opware12.exe [49152 2002-08-01] (ScanSoft, Inc.)

HKLM-x32\...\Run: [EaseUs Watch] => h:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)

HKLM-x32\...\Run: [EaseUs Tray] => h:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)

HKLM-x32\...\Run: [EaseUs TB Tray Agent] => h:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253512 2013-09-04] ()

HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7780696 2013-08-22] (Acronis)

HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Scan Buttons] => f:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE [202576 2009-12-09] (NewSoft Technology Corporation)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AnyDVD] => F:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6287008 2012-08-16] (SlySoft, Inc.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Akamai NetSession Interface] => C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-02] (Valve Corporation)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Google+ Auto Backup] => "C:\Users\PETER\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [MKLOL] => "C:\Program Files (x86)\MKJogo\MKLOL\MK.exe" -auto

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-03-20] (Sanford, L.P.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [EADM] => F:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-03] (Electronic Arts)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [GoogleChromeAutoLaunch_5A72722A97D2BA40C91A2D5C9EAE26D7] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-05-22] (Google Inc.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [nvxasync] => C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe [153822720 2015-05-16] ()

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: D - D:\dvdcheck.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: E - E:\dvdcheck.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: G - G:\Autorun.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: L - L:\setup.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {2f5fbf1d-8787-11e3-9f97-5404a660daae} - E:\HTC_Sync_Manager_PC.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {2f5fbfab-8787-11e3-9f97-5404a660daae} - E:\AutoRun.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {2f5fbfc3-8787-11e3-9f97-5404a660daae} - E:\AutoRun.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {7c6c3889-d21e-11e4-85e8-5404a660daae} - O:\iLinker.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {8eaf10f7-7538-11e2-81d3-5404a660daae} - L:\Setup.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MountPoints2: {edd6d61c-80cd-11e1-a6db-806e6f6e6963} - D:\.\Bin\ASSETUP.exe

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [153822720 2015-05-16] () <==== ATTENTION

Startup: C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-04-15]

ShortcutTarget: Dropbox.lnk -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => f:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)

ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)

ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)

ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)

ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)

ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)

ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

BootExecute:

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

CHR HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partne...ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1

SearchScopes: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> {828B376B-F2F6-4778-928C-E29EC877535E} URL = http://www.google.com/cse?cx=partne...ref=#gsc.tab=0&gsc.q={searchTerms}&gsc.page=1

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> f:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)

BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> f:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)

BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)

BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Toolbar: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]

Hosts: Hosts file not detected in the default directory

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()

FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-09] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.0.5 -> f:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)

FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> f:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> H:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-01] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)

FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll [2014-08-04] (Synology)

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-17]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - f:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - f:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-08]

Chrome:

=======

CHR Profile: C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-07]

CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-07]

CHR Extension: (Google Drive) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-07]

CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-05-08]

CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-07]

CHR Extension: (Bookmark Manager) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]

CHR Extension: (Google Wallet) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-12]

CHR HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PETER\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-22]

CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - f:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()

R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()

R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()

S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-02-25] (Autodesk)

R2 avast! Antivirus; f:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)

R2 BankingTools_Import_Service; F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe [33280 2014-04-03] () [File not signed]

R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)

R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)

R2 EaseUS Agent; h:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)

R2 Guard Agent; h:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R2 HPSLPSVC; C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

S3 Microsoft SharePoint Workspace Audit Service; H:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)

S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

R2 TomTomHOMEService; F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-12-19] (TomTom)

R2 UsbClientService; f:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-01-04] () [File not signed]

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WTService; C:\Windows\System32\atwtusb.exe [665320 2010-01-27] () [File not signed]

S3 AvastVBoxSvc; f:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]

S2 NPEService; "\\192.168.1.65\software\NPE.exe" /service [X]

Pjotr31 · Jun 4, 2015

Part II of FRST.txt

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)

R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)

S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()

S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)

R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)

R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()

S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()

S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1061888 2007-08-17] (Atheros Communications, Inc.)

R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)

R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]

R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]

S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)

S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)

R3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)

S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2015-05-07] (Malwarebytes Corporation)

R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)

S0 MtxDma0; C:\Windows\SysWOW64\drivers\MtxDma0.sys [182248 2002-07-10] (Matrox Electronic Systems Ltd.) [File not signed]

R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2010-10-06] (Marvell Semiconductor, Inc.)

S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]

R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

S3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [171144 2007-05-01] (Saitek)

S3 SUNSTREAKER; C:\Windows\System32\DRIVERS\Sunstreaker.sys [388096 2013-08-07] (C-Media Inc.)

R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-03-07] (Acronis International GmbH)

R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-03-07] (Acronis)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]

R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)

R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-03-07] (Acronis International GmbH)

R3 ALSysIO; \??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys [X]

S1 EIO64; system32\DRIVERS\EIO64.sys [X]

S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S2 VBoxAswDrv; \??\f:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 16:54 - 2015-06-04 16:54 - 00049866 _____ C:\Users\PETER\Downloads\FRST.txt

2015-06-04 16:52 - 2015-06-04 16:54 - 00000000 ____D C:\FRST

2015-06-04 16:52 - 2015-06-04 16:52 - 02108928 _____ (Farbar) C:\Users\PETER\Downloads\FRST64.exe

2015-06-04 16:40 - 2015-06-04 16:40 - 01121785 _____ C:\Users\PETER\Downloads\ProcessExplorer.zip

2015-06-04 16:33 - 2015-06-04 16:33 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC

2015-06-04 16:33 - 2015-06-04 16:33 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk

2015-06-04 16:33 - 2015-06-04 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-06-04 16:33 - 2015-06-04 16:33 - 00000000 ____D C:\Program Files\CCleaner

2015-06-04 16:28 - 2015-06-04 16:28 - 06549184 _____ (Piriform Ltd) C:\Users\PETER\Downloads\ccsetup506.exe

2015-06-04 16:04 - 2015-06-04 16:27 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe

2015-06-04 16:03 - 2015-06-04 16:04 - 00000000 ____D C:\Program Files\Adware-Removal-Tool

2015-06-04 16:00 - 2015-06-04 16:00 - 00753184 _____ C:\Users\PETER\Downloads\Adware-Removal-Tool-v3.9.1.exe

2015-06-04 15:47 - 2015-06-04 15:47 - 00000446 _____ C:\Users\PETER\Downloads\teetimeics.ics

2015-06-02 22:28 - 2015-06-02 22:28 - 00000000 _____ C:\autoexec.bat

2015-06-02 22:27 - 2015-06-02 22:27 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\PETER\Downloads\SpyHunter-Installer.exe

2015-06-02 08:14 - 2015-06-02 08:14 - 00002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk

2015-05-25 23:23 - 2015-05-25 23:23 - 00000000 ____D C:\Program Files\avast software

2015-05-24 20:48 - 2015-05-24 20:48 - 00000000 ____D C:\ProgramData\Muzzy Lane Software

2015-05-23 00:59 - 2015-05-23 00:59 - 06289130 _____ C:\Users\PETER\Downloads\mbam-chameleon-3.1.16.0 (1).zip

2015-05-23 00:59 - 2015-05-23 00:59 - 00000000 ____D C:\Users\PETER\Downloads\Chameleon

2015-05-23 00:58 - 2015-05-23 00:59 - 06289130 _____ C:\Users\PETER\Downloads\mbam-chameleon-3.1.16.0.zip

2015-05-16 09:07 - 2015-05-16 09:07 - 00000000 _RSHD C:\ProgramData\nvxasync

2015-05-16 09:06 - 2015-06-04 16:48 - 00000000 _RSHD C:\Users\PETER\AppData\Roaming\nvxasync

2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Greenshot

2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\Users\PETER\AppData\Local\Greenshot

2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

2015-05-07 23:41 - 2015-05-07 23:41 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\PETER\Downloads\mbam-setup-2.1.6.1022.exe

2015-05-07 23:34 - 2015-05-07 23:34 - 00002287 _____ C:\Users\PETER\Desktop\App-opstartprogramma van Chrome.lnk

2015-05-07 23:34 - 2015-05-07 23:34 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-05-07 21:07 - 2015-05-07 21:07 - 00003278 _____ C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-3467867667-3157156364-2699428233-1000

2015-05-07 16:38 - 2015-05-07 16:38 - 00000000 ____D C:\Users\PETER\Tracing

2015-05-07 16:04 - 2015-05-16 09:06 - 00000000 ____D C:\Users\PETER\AppData\Roaming\chportu

2015-05-07 16:03 - 2015-05-28 20:34 - 243361280 _____ C:\Users\PETER\AppData\Roaming\Launcher.rb4

2015-05-05 22:43 - 2015-06-03 14:38 - 00000001 _____ C:\Users\PETER\AppData\Roaming\update.dat

2015-05-05 22:42 - 2015-05-05 22:42 - 00000868 _____ C:\Users\Public\Desktop\Sims 4 (eerst Origin afsluiten!).lnk

2015-05-05 22:42 - 2015-05-05 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sims 4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 16:45 - 2015-03-01 13:35 - 00005050 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PETER-PC-PETER PETER-PC

2015-06-04 16:42 - 2012-06-10 23:45 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-06-04 16:41 - 2015-01-06 19:01 - 00000000 ____D C:\Users\PETER\AppData\Local\CrashDumps

2015-06-04 16:35 - 2013-08-23 21:33 - 00000000 ____D C:\ProgramData\Origin

2015-06-04 16:35 - 2013-05-31 19:32 - 00000000 ____D C:\Program Files (x86)\Steam

2015-06-04 16:35 - 2012-07-18 22:54 - 00000000 ____D C:\Users\PETER\AppData\Roaming\.oit

2015-06-04 16:35 - 2012-05-10 21:47 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Dropbox

2015-06-04 16:35 - 2012-04-07 18:27 - 02067155 _____ C:\Windows\WindowsUpdate.log

2015-06-04 16:35 - 2010-08-15 21:05 - 00000040 ___SH C:\ProgramData\.zreglib

2015-06-04 16:34 - 2012-06-10 23:45 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-06-04 16:34 - 2012-05-08 23:10 - 00000472 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job

2015-06-04 16:34 - 2009-07-14 04:34 - 00000593 _____ C:\Windows\win.ini

2015-06-04 16:22 - 2009-07-14 11:16 - 00745764 _____ C:\Windows\system32\perfh013.dat

2015-06-04 16:22 - 2009-07-14 11:16 - 00153716 _____ C:\Windows\system32\perfc013.dat

2015-06-04 16:22 - 2009-07-14 07:13 - 01670960 _____ C:\Windows\system32\PerfStringBackup.INI

2015-06-04 16:22 - 2009-07-14 06:45 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-06-04 16:22 - 2009-07-14 06:45 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-06-04 16:14 - 2012-05-04 17:05 - 00151552 _____ C:\Windows\KMSEmulator.exe

2015-06-04 16:14 - 2012-05-04 17:05 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS

2015-06-04 16:14 - 2012-05-04 17:05 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job

2015-06-04 16:14 - 2009-07-14 07:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2015-06-04 16:14 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-06-04 16:14 - 2009-07-14 06:51 - 00234246 _____ C:\Windows\setupact.log

2015-06-04 16:13 - 2012-04-07 18:34 - 00000000 ____D C:\ProgramData\NVIDIA

2015-06-04 16:07 - 2012-04-08 09:21 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-06-04 09:16 - 2014-06-14 08:57 - 00000000 ____D C:\Users\PETER\AppData\Local\Adobe

2015-06-03 21:32 - 2014-08-26 20:37 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Skype

2015-06-03 14:37 - 2012-07-15 23:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update

2015-06-02 22:27 - 2012-04-07 18:26 - 00000000 ____D C:\Users\PETER

2015-06-02 08:14 - 2012-05-08 18:54 - 00000000 ____D C:\Program Files (x86)\Google

2015-05-31 19:45 - 2012-04-26 21:35 - 00000000 ____D C:\Users\PETER\AppData\Local\Apple Computer

2015-05-28 20:59 - 2014-08-26 20:37 - 00000000 ____D C:\ProgramData\Skype

2015-05-28 15:33 - 2009-07-14 06:45 - 05379248 _____ C:\Windows\system32\FNTCACHE.DAT

2015-05-26 00:23 - 2012-04-07 18:41 - 00203344 _____ C:\Users\PETER\AppData\Local\GDIPFONTCACHEV1.DAT

2015-05-24 17:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF

2015-05-22 22:17 - 2013-04-21 21:46 - 00000000 ____D C:\Users\PETER\Desktop\Spellen

2015-05-20 17:12 - 2012-04-07 20:50 - 01376242 _____ C:\Windows\PFRO.log

2015-05-19 15:46 - 2015-03-01 13:15 - 00000000 ____D C:\Program Files\Microsoft Office 15

2015-05-18 21:37 - 2012-06-10 23:45 - 00004052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-05-18 21:37 - 2012-06-10 23:45 - 00003800 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2015-05-15 14:29 - 2013-02-24 22:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-05-12 16:31 - 2012-05-10 21:48 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-05-10 17:09 - 2013-05-29 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-05-07 23:54 - 2014-06-01 00:21 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-05-07 23:48 - 2014-06-01 00:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-05-07 23:47 - 2014-06-01 00:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-05-07 23:02 - 2014-05-31 23:41 - 00000000 ____D C:\AdwCleaner

2015-05-07 16:38 - 2014-09-20 16:21 - 00000000 ___RD C:\Program Files (x86)\Skype

2015-05-05 22:42 - 2012-05-18 22:34 - 00679753 _____ C:\Windows\DirectX.log

==================== Files in the root of some directories =======

2014-04-27 21:53 - 2014-04-27 21:55 - 0052828 __RSH () C:\Program Files (x86)\DLS8Uninstall.log

2014-06-23 15:47 - 2014-06-23 15:47 - 0000272 _____ () C:\Users\PETER\AppData\Roaming\.backup.dm

2012-11-21 08:50 - 2013-07-09 12:08 - 0000624 _____ () C:\Users\PETER\AppData\Roaming\All CPU MeterV3_Settings.ini

2012-06-08 01:00 - 2012-06-08 02:14 - 0000412 _____ () C:\Users\PETER\AppData\Roaming\All CPU Meter_Settings.ini

2013-04-17 21:04 - 2013-11-30 00:54 - 0000093 _____ () C:\Users\PETER\AppData\Roaming\ARCompanion.log

2013-06-30 20:29 - 2015-01-23 19:51 - 0000839 _____ () C:\Users\PETER\AppData\Roaming\Drives Meter_Settings.ini

2015-05-07 16:03 - 2015-05-28 20:34 - 243361280 _____ () C:\Users\PETER\AppData\Roaming\Launcher.rb4

2013-10-02 00:46 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.Desktop.Exception.log

2013-10-02 00:41 - 2013-10-02 00:41 - 0001153 _____ () C:\Users\PETER\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2013-10-02 00:46 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.DesktopHelper.Exception.log

2013-10-02 00:50 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.Transcoder.Exception.log

2015-05-05 22:43 - 2015-06-03 14:38 - 0000001 _____ () C:\Users\PETER\AppData\Roaming\update.dat

2013-06-11 00:08 - 2013-06-11 00:08 - 0001456 _____ () C:\Users\PETER\AppData\Local\Adobe Save for Web 12.0 Prefs

2012-10-16 18:44 - 2014-10-01 21:45 - 0023040 _____ () C:\Users\PETER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-05-03 21:38 - 2015-05-03 21:38 - 0000000 ___SH () C:\Users\PETER\AppData\Local\LumaEmu

2013-11-21 17:50 - 2014-11-07 22:15 - 0007623 _____ () C:\Users\PETER\AppData\Local\resmon.resmoncfg

2010-08-15 21:05 - 2015-06-04 16:35 - 0000040 ___SH () C:\ProgramData\.zreglib

Files to move or delete:

====================

C:\Users\PETER\ViceVersa.exe

Some files in TEMP:

====================

C:\Users\PETER\AppData\Local\Temp\BlackBerryDeviceManager.exe

C:\Users\PETER\AppData\Local\Temp\DataCard_Setup64.exe

C:\Users\PETER\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzapybx.dll

C:\Users\PETER\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 00:20

==================== End of log ============================

Pjotr31 · Jun 4, 2015

Part I (of III) of ADDITION.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015

Ran by PETER at 2015-06-04 16:55:05

Running from C:\Users\PETER\Downloads

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3467867667-3157156364-2699428233-500 - Administrator - Disabled)

Gast (S-1-5-21-3467867667-3157156364-2699428233-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3467867667-3157156364-2699428233-1003 - Limited - Enabled)

PETER (S-1-5-21-3467867667-3157156364-2699428233-1000 - Administrator - Enabled) => C:\Users\PETER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version: - Belastingdienst)

Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version: - Belastingdienst)

Acronis True Image 2014 (HKLM-x32\...\{1F91344A-B963-4431-89E8-4F80DEE282BE}Visible) (Version: 17.0.5560 - Acronis)

Acronis True Image 2014 (x32 Version: 17.0.5560 - Acronis) Hidden

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)

Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )

Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)

Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.11) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)

Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)

Advanced Archive Password Recovery (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)

AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)

AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.14 - ASUSTeK)

Akamai NetSession Interface (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Akamai) (Version: - Akamai Technologies, Inc)

Alcatel PC Suite V7.0.40 (HKLM-x32\...\{93DB-0E9758B0D131_PCS_Alcatel_Union}_is1) (Version: - Singularity Software Co., Ltd.)

Among Ripples (HKLM-x32\...\Steam App 341720) (Version: - Eat Create Sleep)

Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)

AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.0.7.0 - SlySoft)

AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)

Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)

Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)

Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)

Assassin's Creed Unity (HKLM-x32\...\Assassin's Creed Unity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)

ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden

Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)

AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)

Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)

Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)

Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)

Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)

Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)

Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)

BlackBerry Device Manager 7.0 (x32 Version: 7.0.0.40 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

calibre 64bit (HKLM\...\{EB3D23E3-91A7-46A0-9D7F-698151973A41}) (Version: 2.12.0 - Kovid Goyal)

Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )

Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc)

Cashflow 4.3 (HKLM-x32\...\{387962FD-1BDE-41CB-9DBC-16BBDCD56CA2}) (Version: 4.3.20.20 - BankingTools)

Cashflow 5 (HKLM-x32\...\{19bf98d8-43fd-4ed1-a269-96ea37fba88f}) (Version: 5.0.4.0 - BankingTools)

Cashflow 5 (x32 Version: 5.0.4.0 - BankingTools) Hidden

CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)

CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden

Cities - Skylines (HKLM-x32\...\Cities - Skylines_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)

Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)

ClickAid (HKLM-x32\...\ClickAid) (Version: - )

Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles)

Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)

Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)

Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden

Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden

Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation)

CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden

CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)

CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)

Corsair Raptor HS40 (HKLM-x32\...\{B77575BE-73DB-43C6-A555-82BB713BCB79}) (Version: - Corsair Components, Inc.)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)

DDPB (HKLM-x32\...\{748590DB-44CD-48D2-8585-2496BBFE919F}) (Version: 1.0.9 - DauDen.vn)

De Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)

De Sims™ 3 Creëer een Wereld-tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)

De Sims™ 3 Jaargetijden (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)

De Sims™ 3 Levensweg (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)

De Sims™ 3 Wereldavonturen (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)

De Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.625.10 - Electronic Arts Inc.)

De Sims™ 4 Creëer-een-Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)

Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)

Dropbox (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)

DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)

EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)

Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.8 - Poikosoft)

EPSON BX620FWD Series Handboek (HKLM-x32\...\EPSON BX620FWD Series Manual) (Version: - )

EPSON BX620FWD Series Printer Uninstall (HKLM\...\EPSON BX620FWD Series) (Version: - SEIKO EPSON Corporation)

Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)

FFmpeg (Windows) for Audacity versie 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )

File Property Edit Free (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\File Property Edit Free) (Version: 3.70 - foryoursoft)

Folder Size 2.0.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 2.0.0.0 - MindGems, Inc.)

Game Dev Tycoon v1.4.13 (HKLM-x32\...\Game Dev Tycoon v1.4.131.4.13) (Version: 1.4.13 - Friends in War)

Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Sick Puppies)

Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)

Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)

Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden

Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)

HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )

Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)

HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version: - )

HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )

HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Uw bedrijfsnaam)

iBomber Attack Demo (HKLM-x32\...\Steam App 224800) (Version: - )

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iExplorer 3.2.2.4 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)

iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )

Insider Tales - Vanished in Rome (HKLM-x32\...\Denda Games Insider Tales - Vanished in Rome) (Version: 1.0.0.0 - Denda Games)

Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)

Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version: - Aleksey Abramenko)

IPCMonitor_en version 1.0.1.2 (HKLM-x32\...\{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1) (Version: 1.0.1.2 - IPCMonitor, Inc.)

IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)

iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)

Jaksta Streaming Media Recorder (4.4.5) (HKLM-x32\...\Jaksta Streaming Media Recorder) (Version: 4.4.5 - Jaksta Technologies)

Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)

Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)

Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)

League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden

Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)

MacroKey Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version: - )

MacroKey Manager (Version: 1.00.0000 - Uw bedrijfsnaam) Hidden

MagicBerry for Blackberry version 3.5 (HKLM-x32\...\{404CBB42-3EF1-4ECF-BFBD-A557807CBF3B}_is1) (Version: 3.5 - Mena Step Innovative Solutions (Ashraf Awwad))

Making History: The Calm & The Storm Demo (HKLM-x32\...\Steam App 6260) (Version: - Muzzy Lane)

Malwarebytes Anti-Malware versie 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.7600 - Marvell)

Matrox Imaging Products (HKLM-x32\...\Matrox Imaging Products) (Version: - )

MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)

MediaMonkey Gold (HKLM-x32\...\MediaMonkey Gold4) (Version: 4 - MediaMonkey Gold)

MediaMonkey Gold Cracked (HKLM-x32\...\MediaMonkey Gold Cracked2012) (Version: 2012 - MediaMonkey Gold Cracked)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)

Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)

Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4719.1002 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)

Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)

Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)

MKLOL (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\MKLOL) (Version: - )

Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.1 - MusicBrainz)

Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)

NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)

NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)

Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)

Netwerkhandleiding EPSON BX620FWD Series (HKLM-x32\...\EPSON BX620FWD Series Network Guide) (Version: - )

NL2000V4_installer (HKLM-x32\...\{0372FD44-1579-45C9-96E9-4B2CAEE8BF84}) (Version: 4.0.20 - NL2000)

NVIDIA 3D Vision controllerstuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)

NVIDIA 3D Vision stuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)

NVIDIA Grafisch stuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)

NVIDIA HD Audio-stuurprogramma 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)

NVIDIA PhysX systeemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden

Offline Rekening Overzicht (HKLM-x32\...\{80D2DAFC-A65D-4317-8A75-15286181EC23}) (Version: 1.0.2.0 - J.J.F. Verhaag)

Oil Rush (HKLM-x32\...\Steam App 200390) (Version: - Unigine Corp.)

OmniPage Pro 12.0 (HKLM-x32\...\{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}) (Version: 12.00.0000 - ScanSoft, Inc.)

ONE TOUCH Upgrade (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited)

Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden

OpenAL (HKLM-x32\...\OpenAL) (Version: - )

Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)

Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden

Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

Palringo (HKLM-x32\...\Palringo) (Version: - Palringo Limited)

Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Philips Wireless Music Receiver Utility (HKLM-x32\...\ST6UNST #1) (Version: - )

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

plist Editor for Windows 1.0.2 (HKLM-x32\...\plist Editor for Windows) (Version: 1.0.2 - VOWSoft,Ltd.)

plist Editor Pro 2.0.0 (HKLM-x32\...\plist Editor Pro) (Version: 2.0.0 - VOWSoft, Ltd.)

Popcorn Time (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Popcorn Time) (Version: - Popcorn Official)

PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)

Presto! PageManager 9.00.11 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.00.11 - Newsoft Technology Corporation)

Primal Carnage (HKLM-x32\...\Steam App 215470) (Version: - )

Print To Go 2.0 (HKLM-x32\...\Print_To_Go) (Version: 2.0.110.0 - Uw bedrijfsnaam)

Print To Go 2.0 (x32 Version: 2.0.110.0 - Uw bedrijfsnaam) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)

PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)

Replay Media Catcher 4 (4.3.2) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)

ScanSoft RealSpeak (HKLM-x32\...\{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}) (Version: 12.00.0000 - ScanSoft Inc.)

Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Shelter 2 (HKLM-x32\...\Steam App 275100) (Version: - Might and Delight)

SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden

Should I Remove It (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)

Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden

SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)

SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )

Sims 4 by BuZeR version final (HKLM-x32\...\{ED118F10-E516-4245-160F-6213F508F71F}_is1) (Version: final - )

SKTimeStamp (HKLM\...\{EED7256E-46F0-4C1D-89E4-BD2A0595FEBF}) (Version: 1.3.3 - Stefans Tools)

Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)

SmartDraw 2012 (HKLM-x32\...\SmartDraw 2012) (Version: - SmartDraw.com)

SmartDraw 2013 (HKLM-x32\...\SmartDraw 2013) (Version: - SmartDraw.com)

SPORE™ Anthology RePack by SxSxL (HKLM-x32\...\SPORE™ Anthology_is1) (Version: 1.05.0001 - )

Spy EasyUpdate (HKLM-x32\...\InstallShield_{38FF3704-9DAD-44E2-A15D-9C6BD1901D65}) (Version: 1.33.0407 - SPY)

Spy EasyUpdate (x32 Version: 1.33.0407 - SPY) Hidden

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Steinberg WaveLab (HKLM-x32\...\Steinberg WaveLab6) (Version: 6 - Steinberg WaveLab)

Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)

Subtitle Edit 3.2.8 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.2.8.1220 - Nikse)

SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Syncios versie 2.0.6 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 2.0.6 - Anvsoft, Inc.)

Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )

System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)

System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)

Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)

The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio)

Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)

Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft)

TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Uw bedrijfsnaam)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)

Utility (x32 Version: 1.00.0002 - Uw bedrijfsnaam) Hidden

ViceVersa Pro 2.5 64-bit (Build 2502) (HKLM\...\ViceVersa Pro 2.5_is1) (Version: 2 - TGRMN Software)

Visual Similarity Duplicate Image Finder Corporate 4.2.0.1 (HKLM-x32\...\{72D6BE71-2A6F-4D01-809E-A3174D1738A0}_is1) (Version: 4.2.0.1 - MindGems, Inc.)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)

WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)

Windows Driver Package - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )

Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)

Wunderlist (HKLM-x32\...\{1ca68332-4ba1-4943-9010-eaa1aa45b492}) (Version: 2.3.0.31 - 6 Wunderkinder GmbH)

Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden

Xilisoft iPod Rip (HKLM-x32\...\Xilisoft iPod Rip) (Version: 5.4.10.20130320 - Xilisoft)

XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - XviD Development Team)

Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden

Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00062427-1F11-4946-ACAF-971366C6390E} - \GPUpdateCheck No Task File <==== ATTENTION

Task: {054C3F8F-3C8D-4997-BE9E-DE87E0EB4356} - System32\Tasks\avast! Emergency Update => f:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)

Task: {09261BDD-5A90-4CB5-9CB0-92976F64F954} - System32\Tasks\{987AA731-C4F4-4880-9E40-A27D08442C09} => C:\Users\PETER\Desktop\mcedit.exe

Task: {14752F39-3F12-4CFF-AB97-632D9ED31655} - System32\Tasks\SDMsgUpdate (TE) => F:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe

Task: {1A222DF8-C9D1-4032-8668-5CE98020625A} - System32\Tasks\avastBCLRestartS-1-5-21-3467867667-3157156364-2699428233-1000 => Chrome.exe

Task: {2169A842-E2A7-4BDA-9298-7ABA8CCE5BD2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)

Task: {237ACA19-AFC7-4E33-AA4D-25D3C86C1E9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)

Task: {43507FE9-5007-4D09-AAF5-A402B18035CC} - System32\Tasks\{EFB4BAC0-49EE-4629-ACB4-784E5B7C047A} => pcalua.exe -a G:\Sims3Setup.exe -d G:\

Task: {48E67570-42FB-4569-A63B-0DE9DCC81E08} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)

Task: {55676619-6742-41E5-B2A0-DA9AEE8ADC46} - System32\Tasks\{84199BFE-F4BE-47AC-A700-6EF83A1D9340} => F:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-05-11] (Microsoft Corp.)

Task: {5C07C886-689E-4FE9-B399-20988EA1828D} - System32\Tasks\{2EB0EDA3-300B-4D00-8365-7121B7238563} => pcalua.exe -a C:\Users\PETER\Downloads\DLS8Setup.8.5.1.exe -d C:\Users\PETER\Downloads

Task: {6CF87493-211D-4915-9C0D-E0813F011329} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)

Task: {6D23F2FB-5D87-405E-93AA-2E6E3F0FD676} - System32\Tasks\AdobeAAMUpdater-1.0-PETER-PC-PETER => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)

Task: {71D275FF-1E23-48C5-8D02-92E5763BF4EF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe

Task: {76BA195A-1A61-4087-8D2C-A862B8361ABE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)

Task: {7A2EB2DA-A2C7-4208-A5AA-CAEB34243122} - System32\Tasks\{4F6292D1-D0B7-4130-A106-A7B64B814B73} => pcalua.exe -a D:\setup.exe -d D:\

Task: {7D8C42F7-71B1-43D6-B046-B1D9D5ED4BDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)

Task: {86C7192E-2179-4A46-BE28-C9024AD07030} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PETER-PC-PETER PETER-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)

Task: {88E6B132-B394-4031-AAED-0387C056E446} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {8C7CE49C-84C9-4BAB-9FD2-6C09FCDF45D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {8E236520-8A6E-49AD-89F1-C0D193F198BC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {8F546D21-542A-4ED9-8177-178F4ACF1170} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)

Task: {A3671559-5715-41B6-94BC-45D213D07C81} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)

Task: {AB7730AC-C901-4369-8FB0-FE1C0C5BEE1D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)

Task: {B2E8F254-BC04-45F0-B8F5-92DF5E4B061C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-05-04] ()

Task: {BB861009-ACA9-4EAA-8349-F2823E57A8E8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe

Task: {BE9D1902-EA3D-4F06-AF30-B5DE28EF2964} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)

Task: {C711643B-3D60-413C-8E1D-F5F9EE3BFF22} - System32\Tasks\Core Temp Autostart PETER => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()

Task: {C7C3D25D-0B67-4B4D-B12E-C850EB533167} - System32\Tasks\{715E8390-AA93-4D41-91A4-A65996FA9886} => pcalua.exe -a "F:\Program Files (x86)\Middle Earth Shadow of Mordor\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "F:\Program Files (x86)\Middle Earth Shadow of Mordor\_CommonRedist\vcredist\2010"

Task: {CB5646F3-5ECF-411D-A901-FC94FA254193} - System32\Tasks\ASUS\ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [2010-11-08] (ASUSTek Computer Inc.)

Task: {D0A53063-BB3B-43B9-B9D1-0454F5A50943} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)

Task: {D799CB6B-1CE2-4945-B79C-09D6A0BF3592} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {DB152F2D-6810-46B1-8DED-78BAF59633C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)

Task: {F1A98632-2A4C-406A-8CD6-CA6DF5A00BE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)

Task: {F48FB331-A186-4D70-9970-14F53238A981} - System32\Tasks\{D0E9A8DE-5013-4D63-820D-245884D5BFB1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe"

Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => F:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe\-PTE -V20000101 -SSDU.ini -A -Mhttp:/www.smartdraw.com/msgs/messagecheck.asp

Pjotr31 · Jun 4, 2015

Part II (of III) of ADDITION.txt

==================== Loaded Modules (Whitelisted) ==============

2010-11-03 11:30 - 2010-11-03 11:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

2010-12-02 04:15 - 2010-12-02 04:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe

2012-04-07 17:27 - 2010-10-21 11:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe

2013-07-25 16:21 - 2014-04-03 10:44 - 00033280 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe

2013-07-25 16:09 - 2014-01-30 19:52 - 00238080 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Topshelf.dll

2013-07-25 16:12 - 2014-03-28 13:27 - 00015360 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Invers.Cwm.Import.SNSBank.dll

2013-07-25 16:10 - 2014-03-28 13:27 - 00005632 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Invers.Cwm.Import.AXABank.dll

2015-03-01 13:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2013-12-21 18:03 - 2013-12-21 23:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2013-01-04 08:25 - 2013-01-04 08:25 - 00248704 _____ () f:\Program Files (x86)\Synology\Assistant\UsbClientService.exe

2010-01-27 10:27 - 2010-01-27 10:27 - 00665320 _____ () C:\Windows\System32\atwtusb.exe

2014-03-11 11:05 - 2014-11-12 23:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2010-01-27 10:27 - 2010-01-27 10:27 - 00665320 _____ () C:\Windows\system32\atwtusb.exe

2012-06-08 01:40 - 2012-01-25 14:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe

2010-01-15 08:05 - 2010-01-15 08:05 - 06105832 _____ () C:\Windows\System32\WTMKM.exe

2015-01-25 11:16 - 2013-04-25 06:16 - 00286720 ____N () C:\Windows\system\GfsMgr64.exe

2015-01-25 11:16 - 2014-01-10 08:13 - 01611264 ____N () C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe

2015-01-25 11:16 - 2013-04-25 06:16 - 00204800 ____N () C:\Windows\SysWOW64\GfsMgr.exe

2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-06-30 20:27 - 2013-06-30 20:27 - 00012520 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll

2013-06-30 20:27 - 2013-06-30 20:27 - 00015080 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll

2013-06-30 20:27 - 2013-06-30 20:27 - 00014056 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll

2014-11-09 13:31 - 2014-11-09 13:31 - 01672704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveUI\666d557e394b3b85bce3ae699946817e\ReactiveUI.ni.dll

2014-04-27 20:58 - 2014-04-27 20:58 - 00035328 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinde6f42a4a9#\a03d5c47c984346008ba13e9c563a958\Wunderkinder.Wunderlist.Data.Realtime.ni.dll

2014-11-09 13:31 - 2014-11-09 13:31 - 00529408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Akavache.Portable\98c66719d8e468f7da71a684a3b5b75f\Akavache.Portable.ni.dll

2014-11-09 13:31 - 2014-11-09 13:31 - 00050176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinded9c6edae#\6fe7a413a861fd42508636309dbedad7\Wunderkinder.Wunderlist.Presentation.ni.dll

2015-05-16 09:06 - 2015-05-16 09:06 - 153822720 __RSH () C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe

2013-02-13 01:37 - 2013-02-13 01:37 - 00040960 _____ () C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE

2014-12-03 12:06 - 2013-09-04 11:59 - 00253512 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe

2010-02-03 15:36 - 2010-02-03 15:36 - 00087488 _____ () F:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

2015-05-16 09:07 - 2015-05-16 09:06 - 153822720 __RSH () C:\ProgramData\nvxasync\cvxasync.exe

2015-04-23 22:04 - 2015-04-23 22:04 - 00104400 _____ () f:\Program Files\AVAST Software\Avast\log.dll

2015-04-23 22:04 - 2015-04-23 22:04 - 00081728 _____ () f:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2015-06-04 13:07 - 2015-06-04 13:07 - 02952192 _____ () f:\Program Files\AVAST Software\Avast\defs\15060400\algo.dll

2012-04-07 17:26 - 2015-06-04 16:14 - 00020992 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll

2012-04-07 17:26 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00098888 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll

2014-12-03 12:06 - 2013-11-14 14:59 - 00031304 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll

2014-12-03 12:06 - 2008-11-25 17:18 - 01291264 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll

2014-12-03 12:06 - 2004-10-05 03:08 - 00055808 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00029768 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00050248 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll

2014-12-03 12:06 - 2014-01-13 18:06 - 00105544 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00030280 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00293960 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00578632 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00468040 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00192072 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll

2014-12-03 12:06 - 2013-12-23 11:01 - 00281672 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00068680 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00069192 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00022600 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00115784 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00192584 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00135752 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll

2014-12-03 12:06 - 2013-10-22 17:31 - 00037960 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00135240 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll

2014-12-03 12:06 - 2013-12-24 17:42 - 00017992 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00096840 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll

2013-08-22 12:38 - 2013-08-22 12:38 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll

2013-08-22 12:41 - 2013-08-22 12:41 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

2012-04-07 17:28 - 2009-05-21 04:14 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll

2012-04-07 17:28 - 2009-05-21 10:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll

2012-04-07 17:27 - 2010-12-02 17:28 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll

2012-04-07 17:27 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll

2012-04-07 17:27 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll

2012-04-07 17:27 - 2010-11-08 19:10 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll

2012-04-07 17:27 - 2010-10-15 17:40 - 01031680 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll

2012-04-07 17:27 - 2010-11-19 10:53 - 00963584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll

2012-04-07 17:28 - 2010-12-01 12:33 - 01244672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll

2012-04-07 17:28 - 2011-01-06 10:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll

2012-04-07 17:27 - 2010-09-27 20:51 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll

2012-04-07 17:27 - 2010-09-27 20:51 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll

2012-04-07 17:27 - 2010-11-19 10:55 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll

2012-04-07 17:27 - 2010-08-06 18:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll

2012-04-07 17:27 - 2010-08-06 18:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll

2012-04-07 17:26 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll

2012-04-07 17:27 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll

2012-07-18 22:51 - 2009-07-08 14:23 - 00057344 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll

2012-07-18 22:51 - 2009-12-04 17:21 - 00057344 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll

2012-07-18 22:51 - 2009-11-20 13:20 - 00147456 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll

2012-07-18 22:51 - 2008-08-25 17:19 - 00069632 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll

2012-07-18 22:52 - 2007-03-30 10:24 - 00104528 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll

2012-07-18 22:51 - 2009-12-08 10:51 - 00151552 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll

2012-07-18 22:51 - 2009-09-02 09:25 - 00098304 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\CategoryManager.dll

2012-07-18 22:51 - 2009-11-27 17:50 - 00135168 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll

2012-07-18 22:51 - 2009-12-18 19:10 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll

2012-07-18 22:51 - 2009-10-16 15:04 - 00614400 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll

2012-07-18 22:51 - 2009-08-06 10:22 - 00421888 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll

2012-07-18 22:51 - 2009-12-18 16:12 - 00061440 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll

2012-07-18 22:51 - 2009-09-09 14:44 - 00151552 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll

2012-07-18 22:51 - 2007-03-30 09:49 - 00104528 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll

2012-07-18 22:51 - 2007-12-20 14:37 - 00176128 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\DocCate.dll

2012-07-18 22:51 - 2009-12-07 13:55 - 00253952 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll

2012-07-18 22:51 - 2009-11-26 17:49 - 00081920 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll

2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-04-23 18:30 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-01-25 16:26 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-01-25 16:26 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-01-25 16:26 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2014-05-22 07:38 - 2015-06-02 05:29 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll

2014-09-06 21:07 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2014-09-06 21:07 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2014-09-06 21:07 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2014-09-06 21:07 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2014-09-06 21:07 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2013-05-03 15:35 - 2015-06-02 05:28 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2014-03-20 22:50 - 2014-03-20 22:50 - 00093696 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll

2014-02-08 08:53 - 2015-06-03 00:02 - 01007104 _____ () F:\Program Files (x86)\Origin\platforms\qwindows.dll

2014-02-08 08:53 - 2015-06-03 00:02 - 00023552 _____ () F:\Program Files (x86)\Origin\imageformats\qgif.dll

2014-02-08 08:53 - 2015-06-03 00:02 - 00024576 _____ () F:\Program Files (x86)\Origin\imageformats\qico.dll

2014-02-08 08:53 - 2015-06-03 00:02 - 00216576 _____ () F:\Program Files (x86)\Origin\imageformats\qjpeg.dll

2014-02-08 08:53 - 2015-06-03 00:02 - 00261120 _____ () F:\Program Files (x86)\Origin\imageformats\qmng.dll

2014-02-08 08:53 - 2015-06-03 00:02 - 00019456 _____ () F:\Program Files (x86)\Origin\imageformats\qtga.dll

2014-02-08 08:53 - 2015-06-03 00:02 - 00337408 _____ () F:\Program Files (x86)\Origin\imageformats\qtiff.dll

2014-02-08 08:53 - 2015-06-03 00:02 - 00018944 _____ () F:\Program Files (x86)\Origin\imageformats\qwbmp.dll

2015-06-04 16:35 - 2015-06-04 16:35 - 00043008 _____ () c:\users\peter\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzapybx.dll

2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\libEGL.dll

2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2012-07-18 22:51 - 2008-11-17 14:56 - 00102400 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\nsSign.dll

2012-07-18 22:51 - 2009-12-07 11:07 - 00352256 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMTree.dll

2012-07-18 22:51 - 2008-12-12 16:52 - 00106496 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMProp.dll

2012-07-18 22:51 - 2007-08-31 17:51 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMVoice.dll

2012-07-18 22:51 - 2008-12-12 17:00 - 00073728 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\OutlookVBA.dll

2012-07-18 22:51 - 2009-11-27 17:38 - 00331776 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAppBar.dll

2012-07-18 22:51 - 2009-12-04 17:21 - 04567040 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMView.dll

2012-07-18 22:51 - 2007-03-30 10:01 - 00038992 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NsOEMKey.dll

2012-07-18 22:51 - 2009-11-11 17:21 - 00450560 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPageVW.dll

2012-07-18 22:51 - 2009-11-11 17:20 - 00098304 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDocVW.dll

2012-07-18 22:51 - 2009-06-26 09:03 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMApSet.dll

2012-07-18 22:51 - 2009-11-20 11:30 - 01032192 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\SlideBarDLL.dll

2012-07-18 22:51 - 2009-12-04 17:20 - 00323584 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAnoSet.dll

2012-07-18 22:51 - 2009-11-09 18:35 - 00184320 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImgVW.dll

2012-07-18 22:51 - 2008-08-25 16:16 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMIEVW.dll

2012-07-18 22:51 - 2009-07-14 13:25 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPDFView.dll

2012-07-18 22:51 - 2009-10-22 17:50 - 00065536 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMStatus.dll

2012-07-18 22:51 - 2007-03-30 09:57 - 00034896 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Import.dll

2012-07-18 22:51 - 2008-04-24 10:46 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImageSplitter.dll

2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll

2015-04-23 22:04 - 2015-04-23 22:05 - 40540672 _____ () F:\Program Files\AVAST Software\Avast\libcef.dll

2015-04-23 22:04 - 2015-04-23 22:04 - 00104400 _____ () F:\Program Files\AVAST Software\Avast\log.dll

2015-04-23 22:04 - 2015-04-23 22:04 - 00081728 _____ () F:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2014-12-03 12:06 - 2013-09-04 11:19 - 00098888 _____ () H:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll

2014-12-03 12:06 - 2013-09-04 11:57 - 00222792 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll

2014-12-03 12:06 - 2013-09-04 11:57 - 00275528 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll

2014-12-03 12:06 - 2013-08-15 09:18 - 00113166 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll

2014-12-03 12:06 - 2013-08-22 17:13 - 00249928 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll

2012-09-23 20:44 - 2012-09-23 20:44 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\nl_nl\acrotray.nld

2013-03-26 16:16 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2013-08-22 12:38 - 2013-08-22 12:38 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll

2015-05-26 08:59 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll

2015-05-26 08:59 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

2010-10-29 15:00 - 2010-10-29 15:00 - 00169288 _____ () F:\PROGRAM FILES (X86)\WINZIP\UNRAR.DLL

2010-10-29 15:00 - 2010-10-29 15:00 - 00142664 _____ () F:\PROGRAM FILES (X86)\WINZIP\lha.dll

2015-05-26 08:59 - 2015-05-22 22:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\PETER\AppData\Local\Temp:LmAjdtQQ1dSkIKvgkIP09sgjs

AlternateDataStreams: C:\Users\PETER\AppData\Local\Temporary Internet Files:fOBqou0JeYgRSHjpJLl8PRUU

AlternateDataStreams: C:\Users\PETER\AppData\Local\Wqh8DMoH:h8nv3BQO5rAsx7BcRHtSb

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: avast! Antivirus => 2

MSCONFIG\startupreg: avast => "f:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{27A73A8E-8DBF-4795-8135-A15E4CB455BE}C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe] => (Allow) C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe

FirewallRules: [UDP Query User{F7AEC6C1-64C4-4E0D-8677-CEB875EC3D81}C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe] => (Allow) C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe

FirewallRules: [TCP Query User{0B17D3D1-89E1-42A3-B5EB-CFE7B015E26D}F:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) F:\program files (x86)\synology\assistant\dsassistant.exe

FirewallRules: [UDP Query User{8DAA733C-0E93-4A59-85AF-9EEEE22F81D2}F:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) F:\program files (x86)\synology\assistant\dsassistant.exe

FirewallRules: [{C6FD8151-B4D1-4A22-AB76-9EF1D25B4379}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe

FirewallRules: [{23A954D6-8A72-4C7D-948C-46F377E3671E}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe

FirewallRules: [{92B84CD9-395D-421E-B744-0949177EB45C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{07B36B45-A3C0-4671-B44C-8F954ECBD5EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D5AE1E9E-EA62-4544-9A96-6FE5C4A067FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E3A0D677-CA90-40D7-8C36-ECF5FB8B915E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [TCP Query User{6A49E4B2-C60E-4BDA-A575-8CAD9FC5FBD5}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

FirewallRules: [UDP Query User{0F23E57C-29D9-4458-9FB7-74E88CE46578}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

FirewallRules: [{D291499E-8C23-49AD-9CD7-7691FDB72F17}] => (Allow) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{78CEEE0C-E87B-422B-9F2B-1BECD1ADEC3E}] => (Allow) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [TCP Query User{0B162A81-5777-466B-9962-E32CE42C85A3}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Block) F:\Program Files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [UDP Query User{A28E22B2-29CF-4056-A085-8C8BDB4F4691}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Block) F:\Program Files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [{58B73435-A7AD-4B79-B6FB-EE81DED5A260}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

FirewallRules: [{473DD8DC-DF30-4BDA-AB31-38F5284AAFCB}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

FirewallRules: [{342AAFEE-3FB2-47A7-B16E-77AF4401CA75}] => (Allow) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\LicenseCheck.exe

FirewallRules: [{1E643EA1-FF15-4D15-AD4E-38FC0A6AD334}] => (Allow) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\LicenseCheck.exe

FirewallRules: [TCP Query User{8603AC8B-9EA2-4457-A106-BA029E012E3A}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{7C2E3E67-2D25-4B67-BD2C-88E7D181C38F}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter\appdata\local\akamai\netsession_win.exe

FirewallRules: [{45FF855D-8BF5-48C3-BA74-AD420F944E8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [{45DF2001-4E8D-46D4-8653-B4572AD353C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

FirewallRules: [TCP Query User{CA767D67-084C-42BA-90BA-D22B2575FBF2}F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe] => (Allow) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe

FirewallRules: [UDP Query User{950F6719-ECA2-4804-AD54-0DBA770C8768}F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe] => (Allow) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe

FirewallRules: [{680449C8-AFC6-4A93-B4F1-39CC4E5083D5}] => (Block) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe

FirewallRules: [{9D7038A5-AD5E-4053-A85D-63C1933D06F3}] => (Block) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe

FirewallRules: [TCP Query User{9BBA7FAE-5818-4132-B2F7-9CDA527D3E99}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe

FirewallRules: [UDP Query User{FA83606C-EE3B-4764-9BF2-35B823126AC5}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe

FirewallRules: [TCP Query User{67C70BB8-F163-4A98-89E4-039CAC26D9FA}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [UDP Query User{61C3A176-4DAA-48AC-85E7-BCBEAADF3F8F}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe

FirewallRules: [TCP Query User{70938B3D-8056-4BAF-87B7-3910B5B1C9D7}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\peter\appdata\local\akamai\netsession_win.exe

FirewallRules: [UDP Query User{18DD193C-0963-420C-8260-0268A850405B}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\peter\appdata\local\akamai\netsession_win.exe

FirewallRules: [TCP Query User{FEB4C52E-72EC-42E0-BD82-ECD3E9D80AED}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe

FirewallRules: [UDP Query User{270E5A61-677C-46BD-B71C-2C6174872EA2}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe

FirewallRules: [TCP Query User{D0AAEFCC-D7A9-4D57-B320-E4FB560E2077}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [UDP Query User{192D84B2-DDE3-4BBB-B58A-91CEFBB5F800}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe

FirewallRules: [TCP Query User{95D11C2E-4A1A-4E3F-A25C-6B8E95C539A4}F:\Program Files (x86)\orbitdownloader\orbitnet.exe] => (Allow) F:\Program Files (x86)\orbitdownloader\orbitnet.exe

FirewallRules: [UDP Query User{F8F2D8D9-7ADC-4889-BA07-97266F881A73}F:\Program Files (x86)\orbitdownloader\orbitnet.exe] => (Allow) F:\Program Files (x86)\orbitdownloader\orbitnet.exe

FirewallRules: [TCP Query User{846A7AF8-041F-4362-BBB9-5B7421549EC1}F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe] => (Block) F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe

FirewallRules: [UDP Query User{133F23DB-EE4F-487D-BF4F-3F638A49D7B7}F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe] => (Block) F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe

FirewallRules: [TCP Query User{3DC95A7C-2E54-4A50-B13C-000010E7C341}F:\Program Files (x86)\parallel password recovery\run_server.exe] => (Block) F:\Program Files (x86)\parallel password recovery\run_server.exe

FirewallRules: [UDP Query User{9606A9FD-7B80-449D-9D3F-B3471E995FF5}F:\Program Files (x86)\parallel password recovery\run_server.exe] => (Block) F:\Program Files (x86)\parallel password recovery\run_server.exe

FirewallRules: [TCP Query User{9D341BDA-B1AB-4669-BDAB-F85017AA60FD}F:\Program Files (x86)\musicbrainz picard\picard.exe] => (Allow) F:\Program Files (x86)\musicbrainz picard\picard.exe

FirewallRules: [UDP Query User{2653BCD1-6DC7-41F6-8917-1F715955089D}F:\Program Files (x86)\musicbrainz picard\picard.exe] => (Allow) F:\Program Files (x86)\musicbrainz picard\picard.exe

FirewallRules: [TCP Query User{EBA8804C-D4D9-48F5-BED8-AD723334006A}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe

FirewallRules: [UDP Query User{556DF46A-05AD-42E5-8090-F860EBBF30FC}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe

FirewallRules: [TCP Query User{1D466C6B-F644-44E7-8884-C5D92581FACD}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Allow) F:\Program Files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [UDP Query User{432C5F99-06E8-47AA-B7E9-2A628D7A6A4C}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Allow) F:\Program Files (x86)\mediamonkey\mediamonkey.exe

FirewallRules: [TCP Query User{9F5FDE20-3E33-4DDF-A702-198FFC783E32}F:\program files\java\jre6\bin\javaw.exe] => (Block) F:\program files\java\jre6\bin\javaw.exe

FirewallRules: [UDP Query User{991F9134-FF1A-48D6-8217-790CBD162AA8}F:\program files\java\jre6\bin\javaw.exe] => (Block) F:\program files\java\jre6\bin\javaw.exe

FirewallRules: [TCP Query User{7AF46388-E99A-4BDE-8D89-CB853C34B262}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [UDP Query User{B2F6E93F-BD5A-4E70-A57A-EC48BC74D0F8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe

FirewallRules: [{E86B5A3F-D959-4652-BD85-A59D0DFC595F}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe

FirewallRules: [{D3E5B9EA-F47B-4645-A796-C18D4000FB04}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe

FirewallRules: [{FBC46965-880F-4464-A02D-58F9E09134F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{3E673A76-EBB6-41AC-ADAA-EC07A830C9CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{EA2C6A9D-7EE2-411B-B416-57C80E05858E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe

FirewallRules: [{16AE6B8C-FFDD-4D40-A146-1AD46EECB08C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe

FirewallRules: [TCP Query User{A4274554-A386-46B1-AAED-86B368975B5D}F:\steam library folder\steamapps\common\team fortress 2\hl2.exe] => (Allow) F:\steam library folder\steamapps\common\team fortress 2\hl2.exe

FirewallRules: [UDP Query User{50D24CD5-9EA0-4092-8ACE-A5F8CA38FF58}F:\steam library folder\steamapps\common\team fortress 2\hl2.exe] => (Allow) F:\steam library folder\steamapps\common\team fortress 2\hl2.exe

FirewallRules: [{16BBB312-9033-4820-869F-3F2CC3D2A428}] => (Block) F:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe

FirewallRules: [{43430466-8C72-4962-8039-25B59D3ED988}] => (Block) %ProgramFiles% (x86)\SmartDraw 2013\SmartDraw.exe

FirewallRules: [{FF510CB7-8BBD-4319-9972-13E03703E32E}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

FirewallRules: [{C0F419B2-B110-4FD9-8B22-9456B590C58A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

FirewallRules: [TCP Query User{E5AFDC18-C741-423C-AB90-0799CE5DA075}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{3EC10302-257C-4016-A0D7-F85944A7D297}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [{310E119F-1EFC-44A6-8E33-7E3A56E869DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{5C8C216F-84B1-4E67-B6C3-9617CB15E4C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{DDDC73B9-D769-45C4-8EE1-1E381FE8EC94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{5C7DBD6E-2A12-49F3-9BFC-0D93BA1BA1CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{8A6F432F-0BC5-4C20-B14B-8EBCD62B06EC}] => (Allow) F:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe

FirewallRules: [{0B620597-8CBD-4B8F-B8C9-915DC1156398}] => (Allow) F:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe

FirewallRules: [TCP Query User{4BC4AFC2-6468-4170-9975-605F1C22897C}F:\programdata\electronic arts\data\nfsw.exe] => (Allow) F:\programdata\electronic arts\data\nfsw.exe

FirewallRules: [UDP Query User{FC5E1BD7-0972-434F-B82B-CE4F9D9EE771}F:\programdata\electronic arts\data\nfsw.exe] => (Allow) F:\programdata\electronic arts\data\nfsw.exe

FirewallRules: [{3A489C46-31DD-4FDC-A24A-B4EF12CB838F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iBomber Attack Demo\iBomberAttackDemo.exe

FirewallRules: [{B86254E1-F2B3-4495-B221-A790E7FF5BE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iBomber Attack Demo\iBomberAttackDemo.exe

FirewallRules: [{576B8718-6276-4B50-9094-2B125A54AC07}] => (Allow) H:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{0334F8F1-ECC7-47D4-849A-D01CB087326E}] => (Allow) H:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{018BF4CC-17E1-4C29-B276-36867CCBE75F}] => (Allow) LPort=4481

FirewallRules: [{8A42A4E5-FB7D-435D-8287-CCDAE04E5115}] => (Allow) LPort=4481

FirewallRules: [{60A253E4-538E-4210-A1E1-F9880F759431}] => (Allow) LPort=4482

FirewallRules: [{649FC64B-E70A-4B72-B65B-29205BD2E040}] => (Allow) LPort=4482

FirewallRules: [TCP Query User{85764ABF-76D8-42CC-85F2-B6854B5A047F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [UDP Query User{421481C5-BD43-439A-98AF-88B4E470D418}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe

FirewallRules: [{15DCD1F1-0B06-4184-9FA9-8D5CE531B044}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{963C2386-7C8E-41F5-B8EF-D888173AFB7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{BBD38712-CBEA-4573-9F39-AABBB38DFC82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{9DD622B4-88E1-4809-8FC7-025DF2E2A553}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [TCP Query User{3FD0A622-4157-4072-85F3-7C3D20E06BCE}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

FirewallRules: [UDP Query User{76090457-16A7-4ED9-80A7-414F45AFF7B9}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe

FirewallRules: [{77F72CCF-3486-42C2-A2B8-A787A03123DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{5C49F74A-5520-4093-B3CC-4CD138062598}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{851ACB82-334B-4B37-8B31-805178C9CD5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{19062B4F-F524-4351-8D9F-6A5AC1C9BE65}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{FB007FC0-052A-4366-8509-0953A20EBC19}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe

FirewallRules: [{076BCE0F-5B1B-4D18-8AEE-D87A6A5E235E}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe

FirewallRules: [{EFB7688A-14CD-473A-9CF9-4219A84F571F}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe

FirewallRules: [{33BA2308-4790-43A2-AD6A-A2E3505A7E73}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe

FirewallRules: [{CF6FC813-C14F-4723-913E-D47DDB556FE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{84EF5FE2-7C13-42EC-B54C-E6DE798E8C1F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{84649655-4E50-41DB-8429-8F53F4826FF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{42271F38-6BBB-46C0-B7D6-A473DC1C4EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{63A2593E-37A2-4248-9886-FBB4DF85C720}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{E3F75D13-7967-4BA9-A09E-66705A63E672}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{71077BE5-DBA2-4DE8-8A81-2BB94D19BFD4}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe

FirewallRules: [{4B8C1F86-162D-41CA-AED3-8941D85C1500}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe

FirewallRules: [{4591F867-BCE9-4232-BBF1-32341FE60A0F}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe

FirewallRules: [{B74579CE-FF49-41F2-9072-33D02CE7D951}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe

FirewallRules: [{78A79EA0-77B2-4735-81D9-E3BD85D3DC85}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe

FirewallRules: [{AC61B826-F949-4B03-AB1E-E2E76B4C1F6F}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe

FirewallRules: [{6C0877C0-CC83-4E60-9BAB-279FC291C3E5}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe

FirewallRules: [{3F242F30-B190-4690-A8CC-54DC951AE268}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe

FirewallRules: [TCP Query User{DD239C72-D7B8-4C27-B586-158585286D9A}H:\games\battlefield 4\bf4_x86.exe] => (Allow) H:\games\battlefield 4\bf4_x86.exe

FirewallRules: [UDP Query User{365B97CE-CFA1-4F44-9D01-46723F3D18B9}H:\games\battlefield 4\bf4_x86.exe] => (Allow) H:\games\battlefield 4\bf4_x86.exe

FirewallRules: [{02AE2090-1D55-403D-863F-FF7C970D2D37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{A438C9B7-A184-4945-A04B-DEA5F389F9D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{FAA91DA7-00C8-4B56-86D1-10FE6B6B59BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{C96AE375-0A3C-4DB7-954D-59C61E623DCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

FirewallRules: [{81D121AE-586B-4955-BFD7-0716B34A8D57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{FF095264-834A-41BC-BAA8-1D5D8BBD91D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{D17791ED-592F-42E2-B069-6B1CC31EAA4A}] => (Allow) H:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

FirewallRules: [{AF574895-63E4-4A46-871A-D9E619E5966C}] => (Allow) H:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

FirewallRules: [{E2801422-3D22-41B8-B83F-58E1A0B7A210}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe

FirewallRules: [{E972BA8E-8951-44AE-84A8-514919EF150E}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe

FirewallRules: [{D9AE9D59-7F50-4496-A9EA-55F2B052D126}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe

FirewallRules: [{52B7BA08-CE46-4CA2-B1EE-A6BFDCB2025F}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe

FirewallRules: [{EBECC55C-1D7B-46A0-8163-357D744AA8E4}] => (Allow) h:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe

FirewallRules: [{DAB03E88-0021-4248-B79B-7E1FD0635D9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{DEEBDA1D-1EFE-4BE0-AB88-BEE4A5E211E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe

FirewallRules: [{CF0E2D4E-CBBB-4961-9586-3EB4048A6553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe

FirewallRules: [{60C265C8-C649-4857-898F-70877F019F1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe

FirewallRules: [{B636CFEA-76AC-4114-BFD5-B4D2118AEA2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Capsized\Capsized.exe

FirewallRules: [{0789103C-A70A-493C-B611-5F62F223AB16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Capsized\Capsized.exe

FirewallRules: [{72FA1FA6-6F5E-4155-90CE-E8E0D261F4D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe

FirewallRules: [{8BB8E852-9A0E-4EB7-88C5-5EB5D55346E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe

FirewallRules: [{633321D3-F0D4-44A9-AD40-65D7A0D90176}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe

FirewallRules: [{3DF5F331-F675-4E23-BEDD-9E4B94E27BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe

FirewallRules: [{C2A69856-6BE6-427F-9DC9-32E29DD97544}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe

FirewallRules: [{149BB1C6-0A30-4891-A11F-7634FB9E553F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe

FirewallRules: [{D8F14BAF-7E04-48EA-8C16-A8EC1574B78E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe

FirewallRules: [{C3443A49-8355-4C3D-BE7D-11FFB872A653}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe

FirewallRules: [{F9BD63E6-5169-4C2B-AFEC-0DDC8EB72289}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe

FirewallRules: [{551FB3C0-4645-41CB-AB00-9F43CCE46493}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe

FirewallRules: [{06B9A16A-DDFD-4148-BE6E-A3993B89763D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe

FirewallRules: [{084C05C5-D121-44F8-9DC2-17C34CEF9E70}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe

FirewallRules: [TCP Query User{A320347E-3FA3-4680-9126-2847785FE7DA}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe

FirewallRules: [UDP Query User{7C9DB469-8EA9-45E9-A658-8F663792212E}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe

FirewallRules: [{1EDF5DD5-B89C-4763-BB46-0C2FDE76CBF8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe

FirewallRules: [{6DA3F26F-26F0-471D-904E-0CE5544B5989}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe

FirewallRules: [{258F0458-EA44-41E3-8D2D-E7B472D90DE8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe

FirewallRules: [{7EAF7120-A808-42F0-A1AD-823682797941}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe

FirewallRules: [{37899513-D87A-4672-B457-BE0597B097F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe

FirewallRules: [{9C0FBBE6-B157-467E-A8CB-81B611BDB45C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe

FirewallRules: [{F61D0966-19B4-4876-853A-D9CC2C4B5E06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

FirewallRules: [{4A0D555E-1B26-4F42-8D04-70904BC2B645}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe

FirewallRules: [{4E82FF9E-1B30-4337-8BBB-8D4941149862}] => (Allow) F:\Battle.net\Battle.net.exe

FirewallRules: [{6EEA3D04-B5DD-49C8-AB80-D3C8EA2C3AA1}] => (Allow) F:\Battle.net\Battle.net.exe

FirewallRules: [{A09646E5-0904-4146-BD89-498F842891CD}] => (Allow) F:\Hearthstone\Hearthstone.exe

FirewallRules: [{193EAC09-7FE7-4F2E-9C38-F62ACE11D341}] => (Allow) F:\Hearthstone\Hearthstone.exe

FirewallRules: [{40D55099-AEF6-4F68-92B0-CED770C66723}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe

Pjotr31 · Jun 4, 2015

Part III (of III) of ADDITION.txt (sorry for the tons of log info)

FirewallRules: [TCP Query User{68EC577C-593F-43D2-AB46-BE816E6F92F8}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe

FirewallRules: [UDP Query User{64D917BB-F870-40FB-A7A9-004F3C68E4B6}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe

FirewallRules: [{19902B20-026B-44CA-95C4-D0070D2E5BEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe

FirewallRules: [{48F747B9-5B80-44D1-AEC8-AD6F8D85E9B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe

FirewallRules: [{CE7FD005-D9E2-44C5-A8FD-E140543B155B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{0D7C0248-A5F3-4657-B029-9410676F13FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{BC7F1360-AE9E-4539-A60D-4D75D2198A50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe

FirewallRules: [{AF6C5CEB-3FD9-46F6-8B77-C3AC4D517133}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe

FirewallRules: [{5137591F-531C-44DE-87F9-C975F47B7073}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{5276F6D8-50D3-4669-A308-11B8201F2D3F}\\192.168.1.65\software\ip camera\bsearch_en.exe] => (Allow) \\192.168.1.65\software\ip camera\bsearch_en.exe

FirewallRules: [UDP Query User{D1C000F0-BCB3-4B94-91B4-72FE1C6145BB}\\192.168.1.65\software\ip camera\bsearch_en.exe] => (Allow) \\192.168.1.65\software\ip camera\bsearch_en.exe

FirewallRules: [{2D7BEC0E-3E4B-4820-B719-36F0C4A766DC}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe

FirewallRules: [{4611DF3B-8FE3-4DE5-BFC1-1AAF772EF1AC}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe

FirewallRules: [{E8D4D07D-02C2-40BF-8731-30F375434CAB}] => (Allow) F:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe

FirewallRules: [{E141A120-842F-4823-ABA9-E73239B654B1}] => (Allow) F:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe

FirewallRules: [{F4C786A9-CD6D-4125-BA0E-2EEDE0C5F345}] => (Allow) F:\Sims 4\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\TS4.exe

FirewallRules: [{024D86F8-1879-4561-9350-792DEF60BBDF}] => (Allow) F:\Sims 4\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\TS4.exe

FirewallRules: [{2055DF16-9A4E-428D-A024-9C46F3A596F7}] => (Allow) F:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe

FirewallRules: [{0AC28A61-C3F2-46B7-B621-DE1DB834A69E}] => (Allow) F:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe

FirewallRules: [{BF593F61-7723-4A82-8549-63B634DA96A6}] => (Allow) F:\steam library folder\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

FirewallRules: [{CDE6C2BA-1873-4695-BA61-182C8A50DBD8}] => (Allow) F:\steam library folder\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe

FirewallRules: [{620F44A6-70E9-4C16-A114-D86C3A0194FB}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{A569FC0D-BA47-443C-9340-742FB75D25BA}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{EC201D03-44EF-403A-A921-21C43F119B8F}] => (Block) F:\Program Files (x86)\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe

FirewallRules: [{40BDA590-D721-405A-B3F5-3F4B5EF595F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{C8DC17BD-5717-4DE0-A27B-6407B4B25010}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe

FirewallRules: [{7C118354-3226-4360-9FD1-65DC71389647}] => (Block) F:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe

FirewallRules: [TCP Query User{8BCB95E3-7A95-45FD-8E6F-B253FAFC207F}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [UDP Query User{D5729ED5-36F5-40B3-A63C-C18DAC8A2E36}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe

FirewallRules: [TCP Query User{FDA90FF7-1159-45B9-9D0D-831E450A55BF}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [UDP Query User{8EB5D2A2-1CCA-4C33-923F-4D7E2B69F6BF}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe

FirewallRules: [{FE978480-D164-4FD9-A835-879C7D9801A6}] => (Allow) F:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe

FirewallRules: [{A2F44525-A511-457C-9B1C-F17B3C6EEF24}] => (Allow) F:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe

FirewallRules: [{2D26ABDB-A8DD-4825-8504-1F761B66993E}] => (Allow) F:\steam library folder\SteamApps\common\AmongRipples\AmongRipples.exe

FirewallRules: [{9429715E-8373-4C0D-A795-8956BA81F12A}] => (Allow) F:\steam library folder\SteamApps\common\AmongRipples\AmongRipples.exe

FirewallRules: [{545E2D5F-3588-48A2-8DE3-09EF2D1C0BBD}] => (Allow) F:\steam library folder\SteamApps\common\Ghost Master\ghost.exe

FirewallRules: [{D9583C59-40A7-4B1B-B077-62E363F0F4C1}] => (Allow) F:\steam library folder\SteamApps\common\Ghost Master\ghost.exe

FirewallRules: [{2C78F406-76FF-4F25-A7E5-0D411857C7DB}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hppiw.exe

FirewallRules: [{0C26C0A9-B6FA-4B81-9A83-909F27312618}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hppiw.exe

FirewallRules: [{1F83F92F-3833-421F-A244-C0E3FB694569}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0B7B\hppiw.exe

FirewallRules: [{0EB9F89D-2FDC-49AD-AAFA-577ABD30B928}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0B7B\hppiw.exe

FirewallRules: [{A58AA986-58ED-4F18-9DDD-C50BF2940A8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{87FA797F-6129-465C-8603-70B35453452A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{E054CB61-66C9-42AE-B92F-6C05F6A2923C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{FB9A5A6E-ECF4-4A26-8C2D-2AE7D429034E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

FirewallRules: [{1E4BE5AA-B482-475F-93AD-CBD990B06701}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

FirewallRules: [{B22B92E9-5FB1-4EC2-93FF-4B38D1BB8F1B}] => (Allow) F:\steam library folder\SteamApps\common\Besiege\Besiege.exe

FirewallRules: [{201F1F9F-1CD7-4F6D-B569-481023F6A437}] => (Allow) F:\steam library folder\SteamApps\common\Besiege\Besiege.exe

FirewallRules: [{090FDD4B-E896-43DE-87CF-3893E8383E8E}] => (Allow) F:\steam library folder\SteamApps\common\Shelter2\Shelter2.exe

FirewallRules: [{D7F3A4EE-1ABD-412B-8E85-9F424BD0B1AE}] => (Allow) F:\steam library folder\SteamApps\common\Shelter2\Shelter2.exe

FirewallRules: [{2FB00F36-4544-4E26-955C-439372EC888B}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe

FirewallRules: [{0A176B48-A3F5-438B-A247-43EFD650232F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{E53E7E62-76B9-49CF-87A0-9EB2753AC14F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{0C0E2572-34EC-486C-9919-77E842139269}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{49B73444-5D64-4F25-8412-0285B66AB032}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{E20D0868-1E0C-4F3E-99DF-68E89A91EF4D}] => (Allow) F:\Program Files\iTunes\iTunes.exe

FirewallRules: [{E64CE403-77F0-4F2F-8F52-B083DA0AC171}] => (Allow) F:\steam library folder\SteamApps\common\Napoleon Total War\Napoleon.exe

FirewallRules: [{93BB2153-5431-48C4-B9A2-1D98A4E8112C}] => (Allow) F:\steam library folder\SteamApps\common\Napoleon Total War\Napoleon.exe

FirewallRules: [TCP Query User{DE52C308-F913-49AA-9AED-446CA547CD87}F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe

FirewallRules: [UDP Query User{7D64ED70-3060-4ED4-AC21-5C843510BA7D}F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe

FirewallRules: [{5A4F6B44-6B7C-4642-B704-F37C2289B06C}] => (Allow) F:\steam library folder\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{2501C92A-CFF4-4007-A072-D712A7F8A6CE}] => (Allow) F:\steam library folder\SteamApps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [TCP Query User{F2C88D33-4F8B-4AF5-86FE-84EAEA525979}F:\steam library folder\dota 2 beta\dota.exe] => (Allow) F:\steam library folder\dota 2 beta\dota.exe

FirewallRules: [UDP Query User{945C1935-0881-4C64-B612-025DEBE74F86}F:\steam library folder\dota 2 beta\dota.exe] => (Allow) F:\steam library folder\dota 2 beta\dota.exe

FirewallRules: [{C514BCB0-0981-4C42-BDA3-CA7A7012710E}] => (Allow) F:\steam library folder\SteamApps\common\Subnautica\Subnautica.exe

FirewallRules: [{50AC0A48-284E-4FD1-A8AC-5918C6207E75}] => (Allow) F:\steam library folder\SteamApps\common\Subnautica\Subnautica.exe

FirewallRules: [TCP Query User{8460AE0B-4376-4BB0-81E5-6CE3B421B243}C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [UDP Query User{F6557E35-67F5-4E20-B191-B18F274A13AC}C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [{66EFA9DC-A369-4C74-881D-13F9CB007118}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe

FirewallRules: [{07D4652B-BFA7-41DA-8C85-33FD00EC6750}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe

FirewallRules: [{FA0FDA31-3C1E-4B0F-8F0B-ADA829CF08C3}] => (Allow) F:\steam library folder\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe

FirewallRules: [{2DBD8A65-6F03-44B2-99D6-33EB46B3E7A3}] => (Allow) F:\steam library folder\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe

FirewallRules: [{CF58AB2A-ABB0-4110-858D-3A9829623E8D}] => (Allow) F:\steam library folder\SteamApps\common\The Plan\The Plan.exe

FirewallRules: [{3F6F67DC-539E-4DEB-9386-DC23614FE541}] => (Allow) F:\steam library folder\SteamApps\common\The Plan\The Plan.exe

FirewallRules: [{62829CAD-2988-43EF-B31A-3904917A680E}] => (Allow) F:\steam library folder\SteamApps\common\Making History The Calm and The Storm Demo\bin\makehist.exe

FirewallRules: [{0F0D9699-855E-4069-B909-9FC00A237973}] => (Allow) F:\steam library folder\SteamApps\common\Making History The Calm and The Storm Demo\bin\makehist.exe

FirewallRules: [{3D83D1DF-D0C5-4BB6-8864-833BB379638A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: VBoxAsw Support Driver

Description: VBoxAsw Support Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: VBoxAswDrv

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Unknown Device

Description: Unknown Device

Class Guid: {36fc9e60-c465-11cf-8056-444553540000}

Manufacturer: (Standaard USB Host Controller)

Service:

Problem: : Windows has stopped this device because it has reported problems. (Code 43)

Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

==================== Event log errors: =========================

Application errors:

==================

Error: (06/04/2015 04:41:26 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: procexp64.exe, versie: 16.5.0.0, tijdstempel: 0x55503597

Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000

Uitzonderingscode: 0xc0000005

Foutoffset: 0x00000000770b000a

Id van proces met fout: 0x4cc

Starttijd van toepassing met fout: 0xprocexp64.exe0

Pad naar toepassing met fout: procexp64.exe1

Pad naar module met fout: procexp64.exe2

Rapport-id: procexp64.exe3

Error: (06/04/2015 04:15:03 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Naam van toepassing met fout: ipoint.exe, versie: 2.3.188.0, tijdstempel: 0x53227c52

Naam van module met fout: dpghnt.dll_unloaded, versie: 0.0.0.0, tijdstempel: 0x53227c38

Uitzonderingscode: 0xc0000005

Foutoffset: 0x000007fef3cabce3

Id van proces met fout: 0xaa4

Starttijd van toepassing met fout: 0xipoint.exe0

Pad naar toepassing met fout: ipoint.exe1

Pad naar module met fout: ipoint.exe2

Rapport-id: ipoint.exe3

Error: (06/04/2015 01:32:33 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (06/03/2015 11:13:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname PETER-PC.local already in use; will try PETER-PC-2.local instead

Error: (06/03/2015 11:13:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 PETER-PC.local. Addr 127.0.0.1

Error: (06/03/2015 11:13:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 16 PETER-PC.local. AAAA 0000:0000:0000:0000:0000:0000:0000:0001

Error: (06/03/2015 00:20:20 AM) (Source: SideBySide) (EventID: 35) (User: )

Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.

Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.

Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".

Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".

Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (06/02/2015 10:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: 492: ERROR: read_msg errno 0 (De bewerking is voltooid.)

Error: (06/02/2015 10:28:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: mDNSPlatformReadTCP - recv: 10053

Error: (06/02/2015 10:28:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: 492: ERROR: read_msg errno 0 (De bewerking is voltooid.)

System errors:

=============

Error: (06/04/2015 04:33:12 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: Servicebesturingsbeheer heeft na het onverwachte afsluiten van de Windows Search-service geprobeerd een herstelactie (Service opnieuw starten) uit te voeren, maar deze actie is met de volgende fout mislukt:

%%1056

Error: (06/04/2015 04:32:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: De Windows Search-service is onverwacht gestopt. Dit is 1 keer gebeurd. De volgende herstelbewerking zal over 30000 milliseconden worden uitgevoerd: Service opnieuw starten.

Error: (06/04/2015 04:14:41 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )

Description: Onverwachte fout. Foutcode: D@01010004

Error: (06/04/2015 04:14:40 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )

Description: Onverwachte fout. Foutcode: D@01010004

Error: (06/04/2015 04:14:40 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )

Description: Onverwachte fout. Foutcode: D@01010004

Error: (06/04/2015 04:14:40 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )

Description: Onverwachte fout. Foutcode: D@01010004

Error: (06/04/2015 04:14:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: De volgende opstartstuurprogramma's zijn niet geladen:

MtxDma0

Error: (06/04/2015 04:14:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: De VBoxAsw Support Driver-service kan vanwege de volgende fout niet worden gestart:

%%2

Error: (06/04/2015 04:14:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: De NPEService-service kan vanwege de volgende fout niet worden gestart:

%%2

Error: (06/04/2015 04:14:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)

Description: Er is een fout opgetreden bij een poging het local hosts-bestand te lezen.

Microsoft Office:

=========================

CodeIntegrity Errors:

===================================

Date: 2015-03-22 20:29:02.603

Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2015-03-22 20:29:02.550

Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-11-21 17:34:52.563

Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:34:52.503

Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:34:52.453

Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:34:52.393

Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:33:45.255

Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:33:45.195

Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:33:45.135

Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:33:45.075

Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz

Percentage of memory in use: 44%

Total physical RAM: 8099.93 MB

Available physical RAM: 4455.82 MB

Total Pagefile: 18198.04 MB

Available Pagefile: 13676.88 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:83.14 GB) NTFS

Drive e: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive f: (TeraDisk) (Fixed) (Total:931.51 GB) (Free:378.75 GB) NTFS

Drive h: (SSD 120GB) (Fixed) (Total:119.15 GB) (Free:17.92 GB) NTFS

Drive m: () (Network) (Total:1830.83 GB) (Free:198.37 GB)

Drive p: () (Network) (Total:913.94 GB) (Free:37.16 GB)

Drive s: () (Network) (Total:1830.83 GB) (Free:198.37 GB)

Drive v: () (Network) (Total:913.94 GB) (Free:37.16 GB)

Drive w: () (Network) (Total:1830.83 GB) (Free:198.37 GB)

Drive z: () (Network) (Total:0.24 GB) (Free:0.16 GB)

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5352E724)

Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 2F0AD043)

Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 3373616B)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Broni · Jun 4, 2015

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===========================

Please use Notepad instead of Wordpad to open logs.
Wordpad creates an extra space between lines and logs are double in length.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Launch Malwarebytes Anti-Malware
- A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Pjotr31 · Jun 6, 2015

RogueKiller seemed to have worked OK. Cannot start MBAM however... So I can only execute step 1 for now. Here are the results:

RogueKiller V10.8.1.0 [Jun 3 2015] door Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Gestart in : Normale mode
Gebruiker : PETER [Administrator]
Started from : C:\Users\PETER\Desktop\RogueKiller.exe
Mode : Verwijder -- Datum : 06/06/2015 13:44:22

¤¤¤ Processen : 4 ¤¤¤
[Suspicious.Path|VT.Unknown] cvxasync.exe(4052) -- C:\ProgramData\nvxasync\cvxasync.exe[-] -> Gestopt [TermProc]
[Suspicious.Path|VT.Unknown] nvxasync.exe(3680) -- C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe[-] -> Gestopt [TermProc]
[Suspicious.Path|VT.Unknown] nvxasync.exe(5552) -- C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe[-] -> Gestopt [TermProc]
[Suspicious.Path] (SVC) ALSysIO -- \??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys[x] -> Gestopt

¤¤¤ Register : 15 ¤¤¤
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | CitrixReceiver : "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" [x] -> Niet geselecteerd
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\PETER\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [x][x] -> Niet geselecteerd
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows\CurrentVersion\Run | nvxasync : C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe [-] -> Niet geselecteerd
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows\CurrentVersion\Run | Google+ Auto Backup : "C:\Users\PETER\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart [x][x] -> Niet geselecteerd
[Suspicious.Path|VT.Unknown] (X86) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows\CurrentVersion\Run | nvxasync : C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe [-] -> Niet geselecteerd
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : C:\ProgramData\nvxasync\cvxasync.exe [-] -> Niet geselecteerd
[Suspicious.Path|VT.Unknown] (X86) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : C:\ProgramData\nvxasync\cvxasync.exe [-] -> Niet geselecteerd
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ALSysIO (\??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys) -> Niet geselecteerd
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALSysIO (\??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys) -> Niet geselecteerd
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALSysIO (\??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys) -> Niet geselecteerd
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.surfvox.com/ -> Niet geselecteerd
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.surfvox.com/ -> Niet geselecteerd
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{32213330-467A-4857-A860-1F0BDF01D5E2} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Niet geselecteerd
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32213330-467A-4857-A860-1F0BDF01D5E2} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Niet geselecteerd
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{32213330-467A-4857-A860-1F0BDF01D5E2} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)] -> Niet geselecteerd

¤¤¤ Taken : 0 ¤¤¤

¤¤¤ Bestanden : 0 ¤¤¤

¤¤¤ Host-bestand : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Niet geladen [0xc000036b]) ¤¤¤

¤¤¤ Web Browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ADATA SP900 ATA Device +++++
--- User ---
[MBR] a2828862074b9c9297605e870311a6a9
[BSP] ffb02511d2e61af1139478bfc17975f0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8 | Size: 99 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 203776 | Size: 122004 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EFRX-68PJCN0 ATA Device +++++
--- User ---
[MBR] 51f52269fc3742d5079a91f0d0d49965
[BSP] 1438215ec9fb6cdf281b544e48a4513b : Unknown|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2 | Size: 953869 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: OCZ-VERTEX2 ATA Device +++++
--- User ---
[MBR] 96b1dcd4199e7943029eb6a38a1395d9
[BSP] b2e0bd24fd3ef58de7fb5323395d687d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 228835 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive3: DurPower CF USB20Reader USB Device +++++
Error reading User MBR! ([15] Het apparaat is niet klaar. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )

+++++ PhysicalDrive4: DurPower SM USB20Reader USB Device +++++
Error reading User MBR! ([15] Het apparaat is niet klaar. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )

+++++ PhysicalDrive5: DurPower SD USB20Reader USB Device +++++
Error reading User MBR! ([15] Het apparaat is niet klaar. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )

+++++ PhysicalDrive6: DurPower MS USB20Reader USB Device +++++
Error reading User MBR! ([15] Het apparaat is niet klaar. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] De aanvraag wordt niet ondersteund. )

============================================
RKreport_SCN_06062015_134045.log

Broni · Jun 6, 2015

What exactly happens when you try to run MBAM?

Pjotr31 · Jun 6, 2015

When double-clicking on the setup executable, the computer asks permission to execute this file.
After that, I see no active program. I (still) cannot open Task Manager to check if something is running.

Broni · Jun 6, 2015

Skip MBAM for now.

Pjotr31 · Jun 7, 2015

No luck on AdwCleaner either.
Double-click on the exe file: computer asks permission to run this program.
Permission granted. AdwCleaner briefly shows message about download, and shows its start screen.
After clicking on Scan, it only reports Loading Database (in Dutch, so hopefully translated correctly), then reports something like Started Generic search.
Then the program halts and Windows reports: AdwCleaner stopped functioning.

Pjotr31 · Jun 7, 2015

(Maybe) sorry for trying, but gave MBAM another go after this.
Installed, updated & ran fine this time.

Report:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scandatum: 7-6-2015
Scantijd: 14:05:08
Logbestand: MBAM scan log.txt
Beheerder: Ja

Versie: 2.01.6.1022
Malware Gegevensbestand: v2015.06.07.03
Rootkit Gegevensbestand: v2015.06.02.01
Licentie: Proef
Malwarebescherming: Ingeschakeld
Kwaadaardige Website Bescherming: Ingeschakeld
Zelfbescherming: Uitgeschakeld

Besturingssysteem: Windows 7 Service Pack 1
Processor: x64
Bestandssysteem: NTFS
Gebruiker: PETER

Scantype: Bedreigingsscan
Resultaat: Voltooid
Objecten Gescand: 450249
Verstreken Tijd: 11 m, 41 s

Geheugen: Ingeschakeld
Opstarten: Ingeschakeld
Bestandssysteem: Ingeschakeld
Archieven: Ingeschakeld
Rootkits: Uitgeschakeld
Heuristiek: Ingeschakeld
POP: Ingeschakeld
POA: Ingeschakeld

Processen: 0
(Geen kwaadaardige items gedetecteerd)

Modules: 0
(Geen kwaadaardige items gedetecteerd)

Registersleutels: 2
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantaine, [4f902b8c6a20e84e82e45e2675907b85],
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantaine, [f1ee23948bff4de9f96dfc88f3126799],

Registerwaardes: 3
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantaine, [4f902b8c6a20e84e82e45e2675907b85]
PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantaine, [f1ee23948bff4de9f96dfc88f3126799]
PUP.Optional.SurfVox.A, HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|nvxasync, C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe, In Quarantaine, [e0ff9b1c79119d999d5c3cd8ca3a22de]

Registerdata: 0
(Geen kwaadaardige items gedetecteerd)

Mappen: 3
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\searchplugins, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],

Bestanden: 21
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\nvxasync.exe, In Quarantaine, [e0ff9b1c79119d999d5c3cd8ca3a22de],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\com.apple.Safari.plist, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\cvxasync.exe, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\klite.exe, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\oldfilenotused, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\Prefaddon, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\setting.dat, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\starter.xml, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\user.js, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\ProgramData\nvxasync\Web Data, In Quarantaine, [cc13bef986042a0cab857653966d16ea],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\com.apple.Safari.plist, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\klite.exe, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\oldfilenotused, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\Prefaddon, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\Preferences, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\Secure Preferences, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\setting.dat, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\starter.xml, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\user.js, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox.A, C:\Users\PETER\AppData\Roaming\nvxasync\Web Data, In Quarantaine, [d10ec1f6d5b56ec88ea256732ed59b65],
PUP.Optional.SurfVox, C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Goed: ("session":{"restore_on_startup":5}}), Slecht: ("session":{"restore_on_startup":4,"startup_urls":["http://www.surfvox.com/"]}}), Vervangen,[647b4e6933572a0c4f73fa80b353916f]

Fysieke Sectoren: 0
(Geen kwaadaardige items gedetecteerd)

(end)

Broni · Jun 7, 2015

Retry AdwCleaner now.

Pjotr31 · Jun 7, 2015

Same problem as before: starts to run, but soon gives the message Adwcleaner stopped functioning.

Broni · Jun 7, 2015

Go ahead with JRT

Pjotr31 · Jun 8, 2015

JRT ran fine:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.9.0 (06.07.2015:1)
OS: Windows 7 Ultimate x64
Ran by PETER on ma 08-06-2015 at 7:26:31,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5A72722A97D2BA40C91A2D5C9EAE26D7
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{828B376B-F2F6-4778-928C-E29EC877535E}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\Windows\syswow64\ai_recyclebin
Successfully deleted: [Folder] C:\ProgramData\ShoPDaropa [BHO.Multiplug]

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh

[C:\Users\PETER\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\PETER\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\PETER\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\PETER\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ma 08-06-2015 at 7:42:19,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Jun 8, 2015

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Pjotr31 · Jun 8, 2015

Combofix did run at once.
At the end, it gave me a number of fairly identical messages about not being able to reset or restore registry values.
After that, the system attempted to reboot but got stuck. Since Combofix screen was already gone, I rebooted manually.
Combofix then produced this log:

ComboFix 15-05-31.01 - PETER 08-06-2015 22:38:42.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.8100.5604 [GMT 2:00]
Gestart vanuit: c:\users\PETER\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\menu.lst
c:\users\PETER\AppData\Local\assembly\tmp
c:\users\PETER\AppData\Local\Temp\7zS0A4B\HPSLPSVC64.DLL
c:\users\PETER\AppData\Roaming\Launcher.rb4
c:\users\PETER\ViceVersa.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\SysWow64\zip32.dll
c:\windows\UnSb0009.exe
F:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2015-05-08 to 2015-06-08 ))))))))))))))))))))))))))))))
.
.
2015-06-07 11:05 . 2015-06-07 11:05 -------- d-----w- C:\RegBackup
2015-06-06 11:30 . 2015-06-07 10:54 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-06-06 11:30 . 2015-06-06 11:53 -------- d-----w- c:\programdata\RogueKiller
2015-06-04 14:52 . 2015-06-04 14:55 -------- d-----w- C:\FRST
2015-06-04 14:33 . 2015-06-04 14:33 -------- d-----w- c:\program files\CCleaner
2015-06-04 14:04 . 2015-06-04 14:27 290304 ----a-w- c:\windows\SysWow64\subinacl.exe
2015-06-04 14:03 . 2015-06-04 14:04 -------- d-----w- c:\program files\Adware-Removal-Tool
2015-06-04 14:03 . 2015-06-04 14:03 -------- d-----w- c:\program files\Common Files\Microsoft
2015-05-25 21:23 . 2015-05-25 21:23 -------- d-----w- c:\program files\avast software
2015-05-24 18:48 . 2015-05-24 18:48 -------- d-----w- c:\programdata\Muzzy Lane Software
2015-05-10 16:37 . 2015-05-10 16:37 -------- d-----w- c:\users\PETER\AppData\Roaming\Greenshot
2015-05-10 16:37 . 2015-05-10 16:37 -------- d-----w- c:\users\PETER\AppData\Local\Greenshot
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-06-08 20:55 . 2014-05-31 22:21 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-08 20:55 . 2012-05-04 15:05 151552 ----a-w- c:\windows\KMSEmulator.exe
2015-05-03 03:55 . 2014-08-22 09:03 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-23 20:10 . 2012-04-07 16:21 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-23 20:05 . 2015-04-23 20:05 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-23 20:05 . 2014-05-29 17:03 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-23 20:05 . 2014-01-11 21:23 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-23 20:05 . 2013-03-19 20:24 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-23 20:05 . 2013-03-19 20:24 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-23 20:05 . 2012-04-08 07:04 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-23 20:05 . 2012-04-08 07:04 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-23 20:05 . 2012-04-08 07:04 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-23 20:04 . 2015-04-23 20:04 43112 ----a-w- c:\windows\avastSS.scr
2015-04-23 20:04 . 2012-04-08 07:04 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-19 22:58 . 2015-04-23 20:10 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69DB9EB0-FC5E-4AF3-A5F8-7378AA86DCEE}\mpengine.dll
2015-04-15 20:08 . 2012-04-08 07:21 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 20:08 . 2012-04-08 07:21 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:37 . 2014-05-31 22:21 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 07:37 . 2014-05-31 22:21 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 07:37 . 2014-05-31 22:21 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-02 00:17 . 2015-04-23 20:09 389808 ----a-w- c:\windows\system32\iedkcs32.dll
2015-03-25 03:24 . 2015-04-23 20:08 3298816 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-23 20:08 98304 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-23 20:08 37376 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-23 20:08 35328 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-23 20:08 2553856 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-23 20:08 191488 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-23 20:08 696320 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-23 20:08 60416 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-23 20:08 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-23 20:08 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-23 20:08 135168 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-23 20:08 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-23 20:08 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-23 20:08 29696 ----a-w- c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-23 20:08 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-23 20:08 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-23 20:08 726528 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-23 20:08 769536 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-23 20:08 419840 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-23 20:08 957952 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-23 20:08 30720 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-23 20:08 192000 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:24 . 2015-04-23 20:08 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 03:17 . 2015-04-23 20:08 1111552 ----a-w- c:\windows\system32\aeinv.dll
2015-03-17 05:22 . 2015-04-23 20:08 5557696 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:22 . 2015-04-23 20:08 95672 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 05:22 . 2015-04-23 20:08 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 05:19 . 2015-04-23 20:08 1727904 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 05:17 . 2015-04-23 20:08 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-03-17 05:17 . 2015-04-23 20:08 243712 ----a-w- c:\windows\system32\wow64.dll
2015-03-17 05:17 . 2015-04-23 20:08 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2015-03-17 05:16 . 2015-04-23 20:08 215040 ----a-w- c:\windows\system32\winsrv.dll
2015-03-17 05:16 . 2015-04-23 20:08 210944 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 05:16 . 2015-04-23 20:08 86528 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 05:16 . 2015-04-23 20:08 29184 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 05:16 . 2015-04-23 20:08 136192 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 05:16 . 2015-04-23 20:08 503808 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 05:16 . 2015-04-23 20:08 50176 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 05:16 . 2015-04-23 20:08 28160 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 05:16 . 2015-04-23 20:08 341504 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 05:16 . 2015-04-23 20:08 309760 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 05:16 . 2015-04-23 20:08 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2015-03-17 05:16 . 2015-04-23 20:08 314880 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 05:16 . 2015-04-23 20:08 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 05:16 . 2015-04-23 20:08 424448 ----a-w- c:\windows\system32\KernelBase.dll
2015-03-17 05:16 . 2015-04-23 20:08 1163264 ----a-w- c:\windows\system32\kernel32.dll
2015-03-17 05:16 . 2015-04-23 20:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 05:16 . 2015-04-23 20:08 43520 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 05:16 . 2015-04-23 20:08 22016 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 05:16 . 2015-04-23 20:08 112640 ----a-w- c:\windows\system32\smss.exe
2015-03-17 05:16 . 2015-04-23 20:08 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 05:15 . 2015-04-23 20:08 31232 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 05:15 . 2015-04-23 20:08 338432 ----a-w- c:\windows\system32\conhost.exe
2015-03-17 05:15 . 2015-04-23 20:08 64000 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 05:13 . 2015-04-23 20:08 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 05:13 . 2015-04-23 20:08 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 05:11 . 2015-04-23 20:08 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 05:11 . 2015-04-23 20:08 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-03-17 05:11 . 2015-04-23 20:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 12:42 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 12:42 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 12:42 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27 158224 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Scan Buttons"="f:\program files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE" [2009-12-09 202576]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"AnyDVD"="f:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-08-16 6287008]
"Akamai NetSession Interface"="c:\users\PETER\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-05-19 21969480]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2015-06-04 2892992]
"AppleIEDAV"="c:\program files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe" [2014-08-04 1080104]
"Wunderlist"="c:\program files (x86)\Wunderlist2\Wunderlist.exe" [2013-12-02 13021792]
"DymoQuickPrint"="c:\program files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2014-03-20 1867056]
"EADM"="f:\program files (x86)\Origin\Origin.exe" [2015-06-02 3632472]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-05-08 8322328]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PMSpeed"="f:\program files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE" [2009-12-04 112464]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"AutoEJCD_0ACE20FF"="c:\program files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE" [2013-02-12 40960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2013-10-01 395656]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
"BCSSync"="h:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"Redirector"="c:\program files (x86)\Citrix\ICA Client\redirector.exe" [2013-10-01 153992]
"AvastUI.exe"="f:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Opware12"="h:\program files (x86)\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 49152]
"EaseUs Watch"="h:\program files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe" [2013-09-04 70728]
"EaseUs Tray"="h:\program files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe" [2013-09-04 1372232]
"EaseUs TB Tray Agent"="h:\program files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe" [2013-09-04 253512]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-12-03 3498728]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
"QuickTime Task"="f:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-08-22 7780696]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896]
.
c:\users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NPEService;NPEService;\192.168.1.65\software\NPE.exe;\192.168.1.65\software\NPE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UsbClientService;UsbClientService;f:\program files (x86)\Synology\Assistant\UsbClientService.exe;f:\program files (x86)\Synology\Assistant\UsbClientService.exe [x]
R2 VBoxAswDrv;VBoxAsw Support Driver;f:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;f:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
R3 ampa;ampa;c:\windows\system32\ampa.sys;c:\windows\SYSNATIVE\ampa.sys [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 AvastVBoxSvc;AvastVBox COM Service;f:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;f:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe;c:\program files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys;c:\windows\SYSNATIVE\drivers\IOMap64.sys [x]
R3 jakndis;Jaksta Service;c:\windows\system32\DRIVERS\jakndis.sys;c:\windows\SYSNATIVE\DRIVERS\jakndis.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 Origin Client Service;Origin Client Service;f:\program files (x86)\Origin\OriginClientService.exe;f:\program files (x86)\Origin\OriginClientService.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SaiH075C;SaiH075C;c:\windows\system32\DRIVERS\SaiH075C.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH075C.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SUNSTREAKER;Corsair USB HS40 Headphone Driver;c:\windows\system32\DRIVERS\Sunstreaker.sys;c:\windows\SYSNATIVE\DRIVERS\Sunstreaker.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 AiChargerPlus;ASUS Charger Plus Driver;c:\windows\system32\DRIVERS\AiChargerPlus.sys;c:\windows\SYSNATIVE\DRIVERS\AiChargerPlus.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BankingTools_Import_Service;Import Service (Cashflow);f:\program files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe -displayname Import Service (Cashflow) -servicename BankingTools_Import_Service;f:\program files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe -displayname Import Service (Cashflow) -servicename BankingTools_Import_Service [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 EaseUS Agent;EaseUS Agent Service;h:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;h:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Guard Agent;Guard Agent Service;h:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe;h:\program files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;f:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;f:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WTService;WTService;c:\windows\System32\atwtusb.exe;c:\windows\SYSNATIVE\atwtusb.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 ALSysIO;ALSysIO;c:\users\PETER\AppData\Local\Temp\ALSysIO64.sys;c:\users\PETER\AppData\Local\Temp\ALSysIO64.sys [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys;c:\windows\SYSNATIVE\DRIVERS\busenum.sys [x]
S3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\DRIVERS\cbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\cbfs3.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 jakndisMP;jakndisMP;c:\windows\system32\DRIVERS\jakndis.sys;c:\windows\SYSNATIVE\DRIVERS\jakndis.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - ALSYSIO
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 06:58 986440 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2015-01-03 c:\windows\Tasks\Adobe Acrobat Update Task.job
- c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 07:48]
.
2015-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 20:08]
.
2015-06-08 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-05-04 15:05]
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10 21:45]
.
2015-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10 21:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-04-14 14:30 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-04-14 14:30 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-04-14 14:30 2334936 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-23 20:05 722400 ----a-w- f:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-07 15:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-07 15:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-07 15:58 2820056 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-04-09 14:27 190480 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"MacroKeyManager"="WTMKM.exe" [2010-01-15 6105832]
"PrnStatusMX"="c:\program files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2012-07-04 1240064]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
"SUNSTREAKERSound"="c:\program files\Corsair Raptor HS40\CPL\CAHS40.exe" [2014-01-10 1611264]
"SUNSTREAKERHS64"="c:\windows\system\GfsMgr64.exe" [2013-04-25 286720]
"SUNSTREAKERHS"="c:\windows\syswow64\GfsMgr.exe" [2013-04-25 204800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 442328]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 518424]
"iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKCU-Run-Google+ Auto Backup - c:\users\PETER\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
Wow6432Node-HKCU-Run-MKLOL - c:\program files (x86)\MKJogo\MKLOL\MK.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
Wow6432Node-HKLM-Run-DLSService - c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-SmartDraw 2012 - f:\progra~2\SMARTD~1\UNWISE.EXE
AddRemove-File Property Edit Free - h:\users\PETER\AppData\Local\File Property Edit Free\uninstall.exe
AddRemove-MKLOL - c:\program files (x86)\MKJogo\MKLOL\MKuInst.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\SecuROM\License information*]
"datasecu"=hex:01,c2,71,05,77,8d,6a,b1,f1,67,76,6b,90,f2,1a,d3,30,cc,6c,11,8c,
43,7c,5f,fa,06,60,31,cb,7c,00,75,6a,89,36,df,6b,4e,01,96,af,19,bb,5a,4f,21,\
"rkeysecu"=hex:79,bc,0e,33,22,2e,b0,ab,e6,a1,5b,df,eb,f2,87,3a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
f:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
h:\program files (x86)\EaseUS\Todo Backup\bin\adb.exe
.
**************************************************************************
.
Voltooingstijd: 2015-06-08 23:13:46 - machine werd herstart
ComboFix-quarantined-files.txt 2015-06-08 21:13
.
Pre-Run: 87.843.672.064 bytes beschikbaar
Post-Run: 89.119.678.464 bytes beschikbaar
.
- - End Of File - - EF2476099A8DA442456F19C2A67939A8
A36C5E4F47E84449FF07ED3517B43A31

Broni · Jun 8, 2015

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Pjotr31 · Jun 8, 2015

Here we go (multiple parts)
FRST part 1

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by PETER (administrator) on PETER-PC on 09-06-2015 00:27:50
Running from C:\Users\PETER\Downloads
Loaded Profiles: PETER (Available Profiles: PETER)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
() C:\Program Files\Core Temp\Core Temp.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
() F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
() C:\Windows\System32\WTMKM.exe
(Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Windows\system\GfsMgr64.exe
() C:\Windows\SysWOW64\GfsMgr.exe
() C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NewSoft Technology Corporation) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Pmsb.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(SlySoft, Inc.) F:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Akamai Technologies, Inc.) C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Akamai Technologies, Inc.) C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(6 Wunderkinder GmbH) C:\Program Files (x86)\Wunderlist2\Wunderlist.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
(Electronic Arts) F:\Program Files (x86)\Origin\Origin.exe
(Dropbox, Inc.) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NewSoft Technology Corporation) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Avast Software s.r.o.) F:\Program Files\AVAST Software\Avast\avastui.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(ScanSoft, Inc.) H:\Program Files (x86)\ScanSoft\OmniPagePro12.0\opware12.exe
(CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe
() H:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
() F:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(TomTom) F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() F:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\System32\atwtusb.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Windows\System32\atwtusb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MacroKeyManager] => C:\Windows\system32\WTMKM.exe [6105832 2010-01-15] ()
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1240064 2012-07-04] (Marvell Semiconductor, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [SUNSTREAKERSound] => C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe [1611264 2014-01-10] ()
HKLM\...\Run: [SUNSTREAKERHS64] => C:\Windows\system\GfsMgr64.exe [286720 2013-04-25] ()
HKLM\...\Run: [SUNSTREAKERHS] => C:\Windows\syswow64\GfsMgr.exe [204800 2013-04-25] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [iTunesHelper] => F:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [PMSpeed] => f:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSpeed.EXE [112464 2009-12-04] (NewSoft Technology Corporation)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [AutoEJCD_0ACE20FF] => C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE [40960 2013-02-13] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [BCSSync] => H:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => f:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Opware12] => H:\Program Files (x86)\ScanSoft\OmniPagePro12.0\Opware12.exe [49152 2002-08-01] (ScanSoft, Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => h:\Program Files (x86)\EaseUS\Todo Backup\bin\EuWatch.exe [70728 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => h:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayNotify.exe [1372232 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs TB Tray Agent] => h:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253512 2013-09-04] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => F:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7780696 2013-08-22] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Scan Buttons] => f:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSB.EXE [202576 2009-12-09] (NewSoft Technology Corporation)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AnyDVD] => F:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [6287008 2012-08-16] (SlySoft, Inc.)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Akamai NetSession Interface] => C:\Users\PETER\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21969480 2015-05-19] (Google)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [Wunderlist] => C:\Program Files (x86)\Wunderlist2\Wunderlist.exe [13021792 2013-12-02] (6 Wunderkinder GmbH)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-03-20] (Sanford, L.P.)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [EADM] => F:\Program Files (x86)\Origin\Origin.exe [3632472 2015-06-03] (Electronic Arts)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)
Startup: C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => f:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-23] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
BootExecute:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Pjotr31 · Jun 8, 2015

FRST part 2

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> DefaultScope {828B376B-F2F6-4778-928C-E29EC877535E} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> f:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-23] (Avast Software s.r.o.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-03-04] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> f:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-23] (Avast Software s.r.o.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2013-10-01] (Citrix Systems, Inc.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-08-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> f:\Program Files\VideoLAN\VLC\npvlc.dll [2012-12-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2013-10-01] (Citrix Systems, Inc.)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> f:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> H:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-03-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2012-12-13] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> f:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: synology.com/SurveillancePlugin -> C:\Program Files (x86)\Synology\SurveillancePlugin\1.0.0.423\npSurveillancePlugin.dll [2014-08-04] (Synology)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-06-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - f:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - f:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-08]

Chrome:
=======
CHR Profile: C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-07]
CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-07]
CHR Extension: (Google Drive) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-07]
CHR Extension: (Adblock Plus) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-07]
CHR Extension: (No Name) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-07]
CHR Extension: (Bookmark Manager) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-28]
CHR Extension: (Google Wallet) - C:\Users\PETER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-12]
CHR HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\PETER\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-04-22]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - f:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2013-02-25] (Autodesk)
R2 avast! Antivirus; f:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-23] (Avast Software s.r.o.)
R2 BankingTools_Import_Service; F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe [33280 2014-04-03] () [File not signed]
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 EaseUS Agent; h:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36936 2013-12-02] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 Guard Agent; h:\Program Files (x86)\EaseUS\Todo Backup\bin\GuardAgent.exe [23624 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; H:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S3 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [1997168 2015-06-03] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-21] ()
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TomTomHOMEService; F:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-12-19] (TomTom)
R2 UsbClientService; f:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248704 2013-01-04] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTService; C:\Windows\System32\atwtusb.exe [665320 2010-01-27] () [File not signed]
S3 AvastVBoxSvc; f:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [X]
S2 NPEService; "\\192.168.1.65\software\NPE.exe" /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-12-18] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-12-18] ()
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138360 2012-05-02] (SlySoft, Inc.)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S3 asusgsb; C:\Windows\System32\drivers\asusgsb.sys [17792 2009-02-17] (ASUSTeK Computer Inc.) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-23] ()
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1061888 2007-08-17] (Atheros Communications, Inc.)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [61000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48200 2013-09-04] () [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [18504 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUFDDISK; C:\Windows\system32\drivers\EuFdDisk.sys [189000 2013-09-04] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 IOMap; C:\Windows\system32\drivers\IOMap64.sys [23680 2010-02-22] (ASUSTeK Computer Inc.)
S3 jakndis; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
R3 jakndisMP; C:\Windows\System32\DRIVERS\jakndis.sys [35648 2011-07-21] (Jaksta Technologies Pty Ltd)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider)
S0 MtxDma0; C:\Windows\SysWOW64\drivers\MtxDma0.sys [182248 2002-07-10] (Matrox Electronic Systems Ltd.) [File not signed]
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2010-10-06] (Marvell Semiconductor, Inc.)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SaiH075C; C:\Windows\System32\DRIVERS\SaiH075C.sys [171144 2007-05-01] (Saitek)
S3 SUNSTREAKER; C:\Windows\System32\DRIVERS\Sunstreaker.sys [388096 2013-08-07] (C-Media Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2015-03-07] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2015-03-07] (Acronis)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-06-07] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2015-03-07] (Acronis International GmbH)
R3 ALSysIO; \??\C:\Users\PETER\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 EIO64; system32\DRIVERS\EIO64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S2 VBoxAswDrv; \??\f:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Pjotr31 · Jun 8, 2015

FRST part 3

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 00:27 - 2015-06-09 00:28 - 00047451 _____ C:\Users\PETER\Downloads\FRST.txt
2015-06-08 23:14 - 2015-06-08 23:14 - 00044623 _____ C:\ComboFix.txt
2015-06-08 22:45 - 2015-06-08 22:45 - 00000000 ____D C:\Users\PETER\AppData\Local\TempTaskUpdateDetection086A95E3-5088-41B7-9D7C-F5C7738E03DC
2015-06-08 22:37 - 2015-06-08 23:14 - 00000000 ____D C:\Qoobox
2015-06-08 22:37 - 2015-06-08 23:06 - 00000000 ____D C:\Windows\erdnt
2015-06-08 22:37 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-08 22:37 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-08 22:37 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-08 22:37 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-08 22:37 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-08 22:37 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-08 22:37 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-08 22:37 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-08 22:24 - 2015-06-08 22:25 - 05628238 ____R (Swearware) C:\Users\PETER\Desktop\ComboFix.exe
2015-06-08 21:19 - 2015-06-08 21:19 - 00000222 _____ C:\Users\PETER\Desktop\Crest.url
2015-06-08 07:42 - 2015-06-08 08:10 - 00002482 _____ C:\Users\PETER\Desktop\JRT.txt
2015-06-08 07:42 - 2015-06-08 07:42 - 00001182 _____ C:\Users\PETER\Desktop\JRT 2.txt
2015-06-08 07:26 - 2015-06-08 02:23 - 02943232 _____ (Thisisu) C:\Users\PETER\Desktop\JRT.exe
2015-06-08 00:27 - 2015-06-08 00:27 - 00000000 ____D C:\Users\PETER\Desktop\Systeem schonen
2015-06-07 13:06 - 2015-06-07 13:06 - 00000207 _____ C:\Windows\tweaking.com-regbackup-PETER-PC-Windows-7-Ultimate-(64-bit).dat
2015-06-07 13:05 - 2015-06-07 13:05 - 00000000 ____D C:\RegBackup
2015-06-06 13:30 - 2015-06-07 12:54 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-06-06 13:30 - 2015-06-06 13:53 - 00000000 ____D C:\ProgramData\RogueKiller
2015-06-05 14:10 - 2015-06-05 14:16 - 00015520 _____ C:\Users\PETER\Desktop\Feest T&P.xlsx
2015-06-04 16:55 - 2015-06-04 16:55 - 00114856 _____ C:\Users\PETER\Downloads\Addition 1.txt
2015-06-04 16:54 - 2015-06-04 16:55 - 00061869 _____ C:\Users\PETER\Downloads\FRST 1.txt
2015-06-04 16:52 - 2015-06-09 00:27 - 00000000 ____D C:\FRST
2015-06-04 16:52 - 2015-06-04 16:52 - 02108928 _____ (Farbar) C:\Users\PETER\Downloads\FRST64.exe
2015-06-04 16:40 - 2015-06-04 16:40 - 01121785 _____ C:\Users\PETER\Downloads\ProcessExplorer.zip
2015-06-04 16:33 - 2015-06-04 16:33 - 00002790 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-06-04 16:33 - 2015-06-04 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-06-04 16:33 - 2015-06-04 16:33 - 00000000 ____D C:\Program Files\CCleaner
2015-06-04 16:28 - 2015-06-04 16:28 - 06549184 _____ (Piriform Ltd) C:\Users\PETER\Downloads\ccsetup506.exe
2015-06-04 16:04 - 2015-06-04 16:27 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-06-04 16:03 - 2015-06-04 16:04 - 00000000 ____D C:\Program Files\Adware-Removal-Tool
2015-06-04 16:00 - 2015-06-04 16:00 - 00753184 _____ C:\Users\PETER\Downloads\Adware-Removal-Tool-v3.9.1.exe
2015-06-04 15:47 - 2015-06-04 15:47 - 00000446 _____ C:\Users\PETER\Downloads\teetimeics.ics
2015-06-02 22:28 - 2015-06-02 22:28 - 00000000 _____ C:\autoexec.bat
2015-06-02 22:27 - 2015-06-02 22:27 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\PETER\Downloads\SpyHunter-Installer.exe
2015-06-02 08:14 - 2015-06-02 08:14 - 00002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-05-25 23:23 - 2015-05-25 23:23 - 00000000 ____D C:\Program Files\avast software
2015-05-24 20:48 - 2015-05-24 20:48 - 00000000 ____D C:\ProgramData\Muzzy Lane Software
2015-05-23 00:59 - 2015-05-23 00:59 - 06289130 _____ C:\Users\PETER\Downloads\mbam-chameleon-3.1.16.0 (1).zip
2015-05-23 00:59 - 2015-05-23 00:59 - 00000000 ____D C:\Users\PETER\Downloads\Chameleon
2015-05-23 00:58 - 2015-05-23 00:59 - 06289130 _____ C:\Users\PETER\Downloads\mbam-chameleon-3.1.16.0.zip
2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Greenshot
2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\Users\PETER\AppData\Local\Greenshot
2015-05-10 18:37 - 2015-05-10 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-09 00:28 - 2009-07-14 11:16 - 00745764 _____ C:\Windows\system32\perfh013.dat
2015-06-09 00:28 - 2009-07-14 11:16 - 00153716 _____ C:\Windows\system32\perfc013.dat
2015-06-09 00:28 - 2009-07-14 07:13 - 01670960 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-09 00:26 - 2015-03-01 13:35 - 00005050 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PETER-PC-PETER PETER-PC
2015-06-09 00:26 - 2014-06-01 00:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-09 00:26 - 2012-06-10 23:45 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-09 00:26 - 2012-04-08 09:21 - 00000940 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-09 00:26 - 2009-07-14 04:34 - 00000593 _____ C:\Windows\win.ini
2015-06-08 23:30 - 2012-04-07 18:27 - 01194800 _____ C:\Windows\WindowsUpdate.log
2015-06-08 23:27 - 2013-08-23 21:33 - 00000000 ____D C:\ProgramData\Origin
2015-06-08 23:27 - 2012-05-10 21:47 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Dropbox
2015-06-08 23:27 - 2012-05-04 17:05 - 00151552 _____ C:\Windows\KMSEmulator.exe
2015-06-08 23:27 - 2012-05-04 17:05 - 00002982 _____ C:\Windows\System32\Tasks\AutoKMS
2015-06-08 23:27 - 2012-05-04 17:05 - 00000292 _____ C:\Windows\Tasks\AutoKMS.job
2015-06-08 23:26 - 2013-05-31 19:32 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-08 23:26 - 2012-07-18 22:54 - 00000000 ____D C:\Users\PETER\AppData\Roaming\.oit
2015-06-08 23:26 - 2012-06-10 23:45 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-08 23:26 - 2012-04-07 18:34 - 00000000 ____D C:\ProgramData\NVIDIA
2015-06-08 23:26 - 2010-08-15 21:05 - 00000040 ___SH C:\ProgramData\.zreglib
2015-06-08 23:26 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 23:26 - 2009-07-14 06:51 - 00236262 _____ C:\Windows\setupact.log
2015-06-08 23:03 - 2009-07-14 06:45 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 23:03 - 2009-07-14 06:45 - 00019568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 22:55 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2015-06-08 22:54 - 2012-04-07 20:50 - 01382742 _____ C:\Windows\PFRO.log
2015-06-08 22:44 - 2012-04-07 18:26 - 00000000 ____D C:\Users\PETER
2015-06-08 16:09 - 2014-08-26 20:37 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Skype
2015-06-08 07:26 - 2014-06-14 08:57 - 00000000 ____D C:\Users\PETER\AppData\Local\Adobe
2015-06-08 00:28 - 2012-04-26 21:35 - 00000000 ____D C:\Users\PETER\AppData\Local\Apple Computer
2015-06-07 23:41 - 2015-01-06 19:01 - 00000000 ____D C:\Users\PETER\AppData\Local\CrashDumps
2015-06-07 23:38 - 2014-05-31 23:41 - 00000000 ____D C:\AdwCleaner
2015-06-07 14:04 - 2014-06-01 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-07 14:04 - 2014-06-01 00:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-07 14:00 - 2012-04-29 17:32 - 00000000 ____D C:\Users\PETER\AppData\Roaming\MediaMonkey
2015-06-07 12:22 - 2015-05-05 22:43 - 00000001 _____ C:\Users\PETER\AppData\Roaming\update.dat
2015-06-07 09:11 - 2012-07-15 23:07 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-06 14:46 - 2014-04-21 14:05 - 00000000 ____D C:\Users\PETER\Desktop\Bureaublad documenten
2015-06-06 14:22 - 2012-04-07 17:27 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Adobe
2015-06-05 20:29 - 2013-05-29 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-06-05 17:59 - 2014-08-26 20:37 - 00000000 ____D C:\ProgramData\Skype
2015-06-04 16:14 - 2009-07-14 07:08 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 08:14 - 2012-05-08 18:54 - 00000000 ____D C:\Program Files (x86)\Google
2015-05-28 15:33 - 2009-07-14 06:45 - 05379248 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-26 00:23 - 2012-04-07 18:41 - 00203344 _____ C:\Users\PETER\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-24 17:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-22 22:17 - 2013-04-21 21:46 - 00000000 ____D C:\Users\PETER\Desktop\Spellen
2015-05-19 15:46 - 2015-03-01 13:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-05-18 21:37 - 2012-06-10 23:45 - 00004052 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-18 21:37 - 2012-06-10 23:45 - 00003800 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 09:06 - 2015-05-07 16:04 - 00000000 ____D C:\Users\PETER\AppData\Roaming\chportu
2015-05-15 14:29 - 2013-02-24 22:12 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 16:31 - 2012-05-10 21:48 - 00000000 ____D C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2014-04-27 21:53 - 2014-04-27 21:55 - 0052828 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2014-06-23 15:47 - 2014-06-23 15:47 - 0000272 _____ () C:\Users\PETER\AppData\Roaming\.backup.dm
2012-11-21 08:50 - 2013-07-09 12:08 - 0000624 _____ () C:\Users\PETER\AppData\Roaming\All CPU MeterV3_Settings.ini
2012-06-08 01:00 - 2012-06-08 02:14 - 0000412 _____ () C:\Users\PETER\AppData\Roaming\All CPU Meter_Settings.ini
2013-04-17 21:04 - 2013-11-30 00:54 - 0000093 _____ () C:\Users\PETER\AppData\Roaming\ARCompanion.log
2013-06-30 20:29 - 2015-01-23 19:51 - 0000839 _____ () C:\Users\PETER\AppData\Roaming\Drives Meter_Settings.ini
2013-10-02 00:46 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.Desktop.Exception.log
2013-10-02 00:41 - 2013-10-02 00:41 - 0001153 _____ () C:\Users\PETER\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-10-02 00:46 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-10-02 00:50 - 2015-03-27 15:27 - 0002310 _____ () C:\Users\PETER\AppData\Roaming\Rim.Transcoder.Exception.log
2015-05-05 22:43 - 2015-06-07 12:22 - 0000001 _____ () C:\Users\PETER\AppData\Roaming\update.dat
2013-06-11 00:08 - 2013-06-11 00:08 - 0001456 _____ () C:\Users\PETER\AppData\Local\Adobe Save for Web 12.0 Prefs
2012-10-16 18:44 - 2014-10-01 21:45 - 0023040 _____ () C:\Users\PETER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-03 21:38 - 2015-05-03 21:38 - 0000000 ___SH () C:\Users\PETER\AppData\Local\LumaEmu
2013-11-21 17:50 - 2014-11-07 22:15 - 0007623 _____ () C:\Users\PETER\AppData\Local\resmon.resmoncfg
2010-08-15 21:05 - 2015-06-08 23:26 - 0000040 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\PETER\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpofofsn.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-03 00:20

==================== End of log ============================

Pjotr31 · Jun 8, 2015

Addition.txt part 1:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by PETER at 2015-06-09 00:28:41
Running from C:\Users\PETER\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3467867667-3157156364-2699428233-500 - Administrator - Disabled)
Gast (S-1-5-21-3467867667-3157156364-2699428233-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3467867667-3157156364-2699428233-1003 - Limited - Enabled)
PETER (S-1-5-21-3467867667-3157156364-2699428233-1000 - Administrator - Enabled) => C:\Users\PETER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Aangifte inkomstenbelasting 2012 (HKLM-x32\...\Aangifte inkomstenbelasting 2012) (Version: - Belastingdienst)
Aangifte inkomstenbelasting 2013 (HKLM-x32\...\Aangifte inkomstenbelasting 2013) (Version: - Belastingdienst)
Acronis True Image 2014 (HKLM-x32\...\{1F91344A-B963-4431-89E8-4F80DEE282BE}Visible) (Version: 17.0.5560 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.5560 - Acronis) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2014 (HKLM-x32\...\{07BE616F-9E42-4C90-AF4F-0F32A5B088E7}) (Version: 8.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Nederlands (HKLM-x32\...\{AC76BA86-7AD7-1043-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Advanced Archive Password Recovery (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Advanced Archive Password Recovery) (Version: 4.53 - ElcomSoft Co. Ltd.)
AdVenture Capitalist (HKLM-x32\...\Steam App 346900) (Version: - Hyper Hippo Games)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.01.14 - ASUSTeK)
Akamai NetSession Interface (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Alcatel PC Suite V7.0.40 (HKLM-x32\...\{93DB-0E9758B0D131_PCS_Alcatel_Union}_is1) (Version: - Singularity Software Co., Ltd.)
Among Ripples (HKLM-x32\...\Steam App 341720) (Version: - Eat Create Sleep)
Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.0.7.0 - SlySoft)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassins Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
Assassin's Creed Unity (HKLM-x32\...\Assassin's Creed Unity_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
ASUS nVidia Driver (x32 Version: 1.00.0000 - ASUSTek) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
AutoCAD 2007 - English (HKLM-x32\...\{5783F2D7-5001-0409-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Besiege (HKLM-x32\...\Steam App 346010) (Version: - Spiderling Studios)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Manager 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.40 - Research In Motion Ltd.)
BlackBerry Device Manager 7.0 (x32 Version: 7.0.0.40 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre 64bit (HKLM\...\{EB3D23E3-91A7-46A0-9D7F-698151973A41}) (Version: 2.12.0 - Kovid Goyal)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc)
Cashflow 4.3 (HKLM-x32\...\{387962FD-1BDE-41CB-9DBC-16BBDCD56CA2}) (Version: 4.3.20.20 - BankingTools)
Cashflow 5 (HKLM-x32\...\{19bf98d8-43fd-4ed1-a269-96ea37fba88f}) (Version: 5.0.4.0 - BankingTools)
Cashflow 5 (x32 Version: 5.0.4.0 - BankingTools) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Cities - Skylines (HKLM-x32\...\Cities - Skylines_R.G. Mechanics_is1) (Version: - R.G. Mechanics, markfiter)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
ClickAid (HKLM-x32\...\ClickAid) (Version: - )
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - BR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Capture (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Extra Content (HKLM-x32\...\_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}) (Version: - Corel Corporation)
CorelDRAW Graphics Suite X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FontNav (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - NL (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Photozoom Plugin (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VBA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VideoBrowser (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - VSTA (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 - WT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
CorelDRAW(R) Graphics Suite X5 (HKLM-x32\...\_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}) (Version: 15.2.0.686 - Corel Corporation)
Corsair Raptor HS40 (HKLM-x32\...\{B77575BE-73DB-43C6-A555-82BB713BCB79}) (Version: - Corsair Components, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Crest (HKLM-x32\...\Steam App 341710) (Version: - Eat Create Sleep)
DDPB (HKLM-x32\...\{748590DB-44CD-48D2-8585-2496BBFE919F}) (Version: 1.0.9 - DauDen.vn)
De Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
De Sims™ 3 Creëer een Wereld-tool - Beta (HKLM-x32\...\{65761BAE-11E8-48FE-B30F-1F01011AB906}) (Version: 1.19.6 - Electronic Arts)
De Sims™ 3 Jaargetijden (HKLM-x32\...\{3DE92282-CB49-434F-81BF-94E5B380E889}) (Version: 16.0.136 - Electronic Arts)
De Sims™ 3 Levensweg (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
De Sims™ 3 Wereldavonturen (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
De Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.625.10 - Electronic Arts Inc.)
De Sims™ 4 Creëer-een-Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
EaseUS Todo Backup Free 6.5 (HKLM-x32\...\EaseUS Todo Backup Free 6.5_is1) (Version: 6.5 - CHENGDU YIWO Tech Development Co., Ltd)
Easy CD-DA Extractor 16 (HKLM-x32\...\Easy CD-DA Extractor 16) (Version: 16.0.8 - Poikosoft)
EPSON BX620FWD Series Handboek (HKLM-x32\...\EPSON BX620FWD Series Manual) (Version: - )
EPSON BX620FWD Series Printer Uninstall (HKLM\...\EPSON BX620FWD Series) (Version: - SEIKO EPSON Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{39F58DDB-B2B8-4B86-AF20-4706A80EB30D}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3a - SEIKO EPSON CORPORATION)
FFmpeg (Windows) for Audacity versie 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
Folder Size 2.0.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}}_is1) (Version: 2.0.0.0 - MindGems, Inc.)
Game Dev Tycoon v1.4.13 (HKLM-x32\...\Game Dev Tycoon v1.4.131.4.13) (Version: 1.4.13 - Friends in War)
Ghost Master (HKLM-x32\...\Steam App 6200) (Version: - Sick Puppies)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{CBC9F5FD-5CFA-4A33-81CD-369EAB77E3A6}) (Version: 1.22.9403.0223 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
HandBrake 0.9.6 (HKLM-x32\...\HandBrake) (Version: 0.9.6 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Color LaserJet CP1210 Series (HKLM\...\HP Color LaserJet CP1210 Series) (Version: - )
HP Color LaserJet CP1210 Series Toolbox (HKLM\...\{F323676A-B911-4B57-827F-32D02DCD4971}) (Version: 1.0.21 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Uw bedrijfsnaam)
iBomber Attack Demo (HKLM-x32\...\Steam App 224800) (Version: - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iExplorer 3.2.2.4 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
iFunbox (v2.1.2228.731), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.1.2228.731 - )
Insider Tales - Vanished in Rome (HKLM-x32\...\Denda Games Insider Tales - Vanished in Rome) (Version: 1.0.0.0 - Denda Games)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version: - Aleksey Abramenko)
IPCMonitor_en version 1.0.1.2 (HKLM-x32\...\{8EC13308-5065-43FA-A5E8-E225F18DAB89}_is1) (Version: 1.0.1.2 - IPCMonitor, Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.35 - Irfan Skiljan)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Jaksta Streaming Media Recorder (4.4.5) (HKLM-x32\...\Jaksta Streaming Media Recorder) (Version: 4.4.5 - Jaksta Technologies)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)
MacroKey Manager (HKLM-x32\...\InstallShield_{66A4349A-AA55-43E5-A781-62867A701A90}) (Version: - )
MacroKey Manager (Version: 1.00.0000 - Uw bedrijfsnaam) Hidden
MagicBerry for Blackberry version 3.5 (HKLM-x32\...\{404CBB42-3EF1-4ECF-BFBD-A557807CBF3B}_is1) (Version: 3.5 - Mena Step Innovative Solutions (Ashraf Awwad))
Making History: The Calm & The Storm Demo (HKLM-x32\...\Steam App 6260) (Version: - Muzzy Lane)
Malwarebytes Anti-Malware versie 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
marvell 61xx (HKLM-x32\...\mv61xxDriver) (Version: 1.2.0.7600 - Marvell)
Matrox Imaging Products (HKLM-x32\...\Matrox Imaging Products) (Version: - )
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MediaMonkey Gold (HKLM-x32\...\MediaMonkey Gold4) (Version: 4 - MediaMonkey Gold)
MediaMonkey Gold Cracked (HKLM-x32\...\MediaMonkey Gold Cracked2012) (Version: 2012 - MediaMonkey Gold Cracked)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6) (Version: 10.0.61355.0 - Microsoft Game Studios)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 365 ProPlus - nl-nl (HKLM\...\O365ProPlusRetail - nl-nl) (Version: 15.0.4719.1002 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Mp3tag v2.54 (HKLM-x32\...\Mp3tag) (Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.1 - MusicBrainz)
Napoleon: Total War (HKLM-x32\...\Steam App 34030) (Version: - The Creative Assembly)
NavDesk 7.50 (HKLM-x32\...\{AB756389-9A03-44f3-ABAF-3699C01B4868}-Navman-7.50) (Version: 7.50.0109.128 - Navman Technology NZ Limited)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Need For Speed™ World (HKLM-x32\...\{3AF1B16A-7DC9-4C80-BAEC-70B088A7C5B8}) (Version: 1.0.0.0 - Electronic Arts)
Netwerkhandleiding EPSON BX620FWD Series (HKLM-x32\...\EPSON BX620FWD Series Network Guide) (Version: - )
NL2000V4_installer (HKLM-x32\...\{0372FD44-1579-45C9-96E9-4B2CAEE8BF84}) (Version: 4.0.20 - NL2000)
NVIDIA 3D Vision controllerstuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision stuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Grafisch stuurprogramma 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX systeemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden
Offline Rekening Overzicht (HKLM-x32\...\{80D2DAFC-A65D-4317-8A75-15286181EC23}) (Version: 1.0.2.0 - J.J.F. Verhaag)
Oil Rush (HKLM-x32\...\Steam App 200390) (Version: - Unigine Corp.)
OmniPage Pro 12.0 (HKLM-x32\...\{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}) (Version: 12.00.0000 - ScanSoft, Inc.)
ONE TOUCH Upgrade (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version: - TCL Communication Technology Holdings Limited)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
Palringo (HKLM-x32\...\Palringo) (Version: - Palringo Limited)
Pazera Free MP4 to AVI Converter 1.6 (HKLM-x32\...\{42442BC6-5A92-4BC2-9E0C-3D359D548A21}_is1) (Version: 1.6 - Jacek Pazera)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Philips Wireless Music Receiver Utility (HKLM-x32\...\ST6UNST #1) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
plist Editor for Windows 1.0.2 (HKLM-x32\...\plist Editor for Windows) (Version: 1.0.2 - VOWSoft,Ltd.)
plist Editor Pro 2.0.0 (HKLM-x32\...\plist Editor Pro) (Version: 2.0.0 - VOWSoft, Ltd.)
Popcorn Time (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Popcorn Time) (Version: - Popcorn Official)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Presto! PageManager 9.00.11 SE (HKLM-x32\...\{04AF7536-446D-4F5A-8920-B4E885E4581B}) (Version: 9.00.11 - Newsoft Technology Corporation)
Primal Carnage (HKLM-x32\...\Steam App 215470) (Version: - )
Print To Go 2.0 (HKLM-x32\...\Print_To_Go) (Version: 2.0.110.0 - Uw bedrijfsnaam)
Print To Go 2.0 (x32 Version: 2.0.110.0 - Uw bedrijfsnaam) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Replay Media Catcher 4 (4.3.2) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.3.2 - Applian Technologies)
ScanSoft RealSpeak (HKLM-x32\...\{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}) (Version: 12.00.0000 - ScanSoft Inc.)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shelter 2 (HKLM-x32\...\Steam App 275100) (Version: - Might and Delight)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Should I Remove It (HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
SimCity 2000 Special Edition (HKLM-x32\...\{59D2C751-F7BE-4E9F-9C8C-1F16013802C7}) (Version: 2.0.0.1 - Electronic Arts)
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version: - )
Sims 4 by BuZeR version final (HKLM-x32\...\{ED118F10-E516-4245-160F-6213F508F71F}_is1) (Version: final - )
SKTimeStamp (HKLM\...\{EED7256E-46F0-4C1D-89E4-BD2A0595FEBF}) (Version: 1.3.3 - Stefans Tools)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SmartDraw 2012 (HKLM-x32\...\SmartDraw 2012) (Version: - SmartDraw.com)
SmartDraw 2013 (HKLM-x32\...\SmartDraw 2013) (Version: - SmartDraw.com)
SPORE™ Anthology RePack by SxSxL (HKLM-x32\...\SPORE™ Anthology_is1) (Version: 1.05.0001 - )
Spy EasyUpdate (HKLM-x32\...\InstallShield_{38FF3704-9DAD-44E2-A15D-9C6BD1901D65}) (Version: 1.33.0407 - SPY)
Spy EasyUpdate (x32 Version: 1.33.0407 - SPY) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Steinberg WaveLab (HKLM-x32\...\Steinberg WaveLab6) (Version: 6 - Steinberg WaveLab)
Subnautica (HKLM-x32\...\Steam App 264710) (Version: - Unknown Worlds Entertainment)
Subtitle Edit 3.2.8 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.2.8.1220 - Nikse)
SurveillancePlugin (HKLM-x32\...\{B4637DBD-7E8E-46D4-BC9C-EC1C9F1DC561}) (Version: 1.0.0.423 - Synology)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syncios versie 2.0.6 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 2.0.6 - Anvsoft, Inc.)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x64) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - NLD) (Version: 10.0.50903 - Microsoft Corporation)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.03 - Ubisoft)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Uw bedrijfsnaam)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft)
Utility (x32 Version: 1.00.0002 - Uw bedrijfsnaam) Hidden
ViceVersa Pro 2.5 64-bit (Build 2502) (HKLM\...\ViceVersa Pro 2.5_is1) (Version: 2 - TGRMN Software)
Visual Similarity Duplicate Image Finder Corporate 4.2.0.1 (HKLM-x32\...\{72D6BE71-2A6F-4D01-809E-A3174D1738A0}_is1) (Version: 4.2.0.1 - MindGems, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows Driver Package - Prolific (Ser2pl) Ports (03/12/2010 3.3.11.152) (HKLM\...\1368C87DCBC1A47DB78AD625B2C7E102AF9F447F) (Version: 03/12/2010 3.3.11.152 - Prolific)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 15.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}) (Version: 15.0.9302 - WinZip Computing, S.L. )
Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH)
Wunderlist (HKLM-x32\...\{1ca68332-4ba1-4943-9010-eaa1aa45b492}) (Version: 2.3.0.31 - 6 Wunderkinder GmbH)
Wunderlist (x32 Version: 2.3.0.31 - 6 Wunderkinder GmbH) Hidden
Xilisoft iPod Rip (HKLM-x32\...\Xilisoft iPod Rip) (Version: 5.4.10.20130320 - Xilisoft)
XviD MPEG-4 Video Codec (HKLM-x32\...\xvid) (Version: - XviD Development Team)
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3467867667-3157156364-2699428233-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\PETER\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

08-06-2015 22:34:47 Voor combofix

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-06-08 22:49 - 2015-06-08 22:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00062427-1F11-4946-ACAF-971366C6390E} - \GPUpdateCheck No Task File <==== ATTENTION
Task: {054C3F8F-3C8D-4997-BE9E-DE87E0EB4356} - System32\Tasks\avast! Emergency Update => f:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-23] (Avast Software s.r.o.)
Task: {09261BDD-5A90-4CB5-9CB0-92976F64F954} - System32\Tasks\{987AA731-C4F4-4880-9E40-A27D08442C09} => C:\Users\PETER\Desktop\mcedit.exe
Task: {1A222DF8-C9D1-4032-8668-5CE98020625A} - System32\Tasks\avastBCLRestartS-1-5-21-3467867667-3157156364-2699428233-1000 => Chrome.exe
Task: {2169A842-E2A7-4BDA-9298-7ABA8CCE5BD2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {237ACA19-AFC7-4E33-AA4D-25D3C86C1E9E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {43507FE9-5007-4D09-AAF5-A402B18035CC} - System32\Tasks\{EFB4BAC0-49EE-4629-ACB4-784E5B7C047A} => pcalua.exe -a G:\Sims3Setup.exe -d G:\
Task: {5103D209-95B4-4AB1-B7D2-BD50BA918E18} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-05-19] (Microsoft Corporation)
Task: {55676619-6742-41E5-B2A0-DA9AEE8ADC46} - System32\Tasks\{84199BFE-F4BE-47AC-A700-6EF83A1D9340} => F:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\fsx.exe [2007-05-11] (Microsoft Corp.)
Task: {5C07C886-689E-4FE9-B399-20988EA1828D} - System32\Tasks\{2EB0EDA3-300B-4D00-8365-7121B7238563} => pcalua.exe -a C:\Users\PETER\Downloads\DLS8Setup.8.5.1.exe -d C:\Users\PETER\Downloads
Task: {6CF87493-211D-4915-9C0D-E0813F011329} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {6D23F2FB-5D87-405E-93AA-2E6E3F0FD676} - System32\Tasks\AdobeAAMUpdater-1.0-PETER-PC-PETER => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {71D275FF-1E23-48C5-8D02-92E5763BF4EF} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {76BA195A-1A61-4087-8D2C-A862B8361ABE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {7A2EB2DA-A2C7-4208-A5AA-CAEB34243122} - System32\Tasks\{4F6292D1-D0B7-4130-A106-A7B64B814B73} => pcalua.exe -a D:\setup.exe -d D:\
Task: {7D8C42F7-71B1-43D6-B046-B1D9D5ED4BDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
Task: {86C7192E-2179-4A46-BE28-C9024AD07030} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PETER-PC-PETER PETER-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-03-10] (Microsoft Corporation)
Task: {88E6B132-B394-4031-AAED-0387C056E446} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8C7CE49C-84C9-4BAB-9FD2-6C09FCDF45D7} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {8E236520-8A6E-49AD-89F1-C0D193F198BC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8F546D21-542A-4ED9-8177-178F4ACF1170} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {A3671559-5715-41B6-94BC-45D213D07C81} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {AB7730AC-C901-4369-8FB0-FE1C0C5BEE1D} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {B2E8F254-BC04-45F0-B8F5-92DF5E4B061C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2012-05-04] ()
Task: {BB861009-ACA9-4EAA-8349-F2823E57A8E8} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe
Task: {BE9D1902-EA3D-4F06-AF30-B5DE28EF2964} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-10] (Google Inc.)
Task: {C711643B-3D60-413C-8E1D-F5F9EE3BFF22} - System32\Tasks\Core Temp Autostart PETER => C:\Program Files\Core Temp\Core Temp.exe [2012-01-25] ()
Task: {C7C3D25D-0B67-4B4D-B12E-C850EB533167} - System32\Tasks\{715E8390-AA93-4D41-91A4-A65996FA9886} => pcalua.exe -a "F:\Program Files (x86)\Middle Earth Shadow of Mordor\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "F:\Program Files (x86)\Middle Earth Shadow of Mordor\_CommonRedist\vcredist\2010"
Task: {CB5646F3-5ECF-411D-A901-FC94FA254193} - System32\Tasks\ASUS\ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [2010-11-08] (ASUSTek Computer Inc.)
Task: {D0A53063-BB3B-43B9-B9D1-0454F5A50943} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D799CB6B-1CE2-4945-B79C-09D6A0BF3592} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {DB152F2D-6810-46B1-8DED-78BAF59633C8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation)
Task: {F1A98632-2A4C-406A-8CD6-CA6DF5A00BE8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {F48FB331-A186-4D70-9970-14F53238A981} - System32\Tasks\{D0E9A8DE-5013-4D63-820D-245884D5BFB1} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe"
Task: C:\Windows\Tasks\Adobe Acrobat Update Task.job => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Pjotr31 · Jun 8, 2015

Addition.txt part 2

==================== Loaded Modules (Whitelisted) ==============

2014-03-11 11:05 - 2014-11-12 23:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-08 01:40 - 2012-01-25 14:59 - 00848336 _____ () C:\Program Files\Core Temp\Core Temp.exe
2010-11-03 11:30 - 2010-11-03 11:30 - 00918144 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
2010-12-02 04:15 - 2010-12-02 04:15 - 00915584 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
2012-04-07 17:27 - 2010-10-21 11:52 - 00586880 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
2013-07-25 16:21 - 2014-04-03 10:44 - 00033280 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\CwmImportService.exe
2013-07-25 16:09 - 2014-01-30 19:52 - 00238080 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Topshelf.dll
2013-07-25 16:12 - 2014-03-28 13:27 - 00015360 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Invers.Cwm.Import.SNSBank.dll
2013-07-25 16:10 - 2014-03-28 13:27 - 00005632 _____ () F:\Program Files (x86)\BankingTools\Cashflow 4.1\importService\Invers.Cwm.Import.AXABank.dll
2015-03-01 13:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-01-15 08:05 - 2010-01-15 08:05 - 06105832 _____ () C:\Windows\System32\WTMKM.exe
2015-01-25 11:16 - 2013-04-25 06:16 - 00286720 ____N () C:\Windows\system\GfsMgr64.exe
2015-01-25 11:16 - 2013-04-25 06:16 - 00204800 ____N () C:\Windows\SysWOW64\GfsMgr.exe
2015-01-25 11:16 - 2014-01-10 08:13 - 01611264 ____N () C:\Program Files\Corsair Raptor HS40\CPL\CAHS40.exe
2012-12-14 02:42 - 2012-12-14 02:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-06-30 20:27 - 2013-06-30 20:27 - 00012520 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll
2013-06-30 20:27 - 2013-06-30 20:27 - 00015080 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll
2013-06-30 20:27 - 2013-06-30 20:27 - 00014056 _____ () C:\Users\PETER\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll
2014-11-09 13:31 - 2014-11-09 13:31 - 01672704 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\ReactiveUI\666d557e394b3b85bce3ae699946817e\ReactiveUI.ni.dll
2014-04-27 20:58 - 2014-04-27 20:58 - 00035328 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinde6f42a4a9#\a03d5c47c984346008ba13e9c563a958\Wunderkinder.Wunderlist.Data.Realtime.ni.dll
2014-11-09 13:31 - 2014-11-09 13:31 - 00529408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Akavache.Portable\98c66719d8e468f7da71a684a3b5b75f\Akavache.Portable.ni.dll
2014-11-09 13:31 - 2014-11-09 13:31 - 00050176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Wunderkinded9c6edae#\6fe7a413a861fd42508636309dbedad7\Wunderkinder.Wunderlist.Presentation.ni.dll
2013-02-13 01:37 - 2013-02-13 01:37 - 00040960 _____ () C:\Program Files (x86)\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
2015-05-08 20:50 - 2015-05-08 20:50 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1043.dll
2014-12-03 12:06 - 2013-09-04 11:59 - 00253512 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe
2010-02-03 15:36 - 2010-02-03 15:36 - 00087488 _____ () F:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2013-12-21 18:03 - 2013-12-21 23:51 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-01-04 08:25 - 2013-01-04 08:25 - 00248704 _____ () f:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2010-01-27 10:27 - 2010-01-27 10:27 - 00665320 _____ () C:\Windows\System32\atwtusb.exe
2010-01-27 10:27 - 2010-01-27 10:27 - 00665320 _____ () C:\Windows\system32\atwtusb.exe
2015-04-23 22:04 - 2015-04-23 22:04 - 00104400 _____ () f:\Program Files\AVAST Software\Avast\log.dll
2015-04-23 22:04 - 2015-04-23 22:04 - 00081728 _____ () f:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-08 22:31 - 2015-06-08 22:31 - 02952192 _____ () f:\Program Files\AVAST Software\Avast\defs\15060801\algo.dll
2012-04-07 17:26 - 2015-06-08 23:26 - 00020992 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.13\PEbiosinterface32.dll
2012-04-07 17:26 - 2010-06-29 04:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.13\ATKEX.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00098888 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2014-12-03 12:06 - 2013-11-14 14:59 - 00031304 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2014-12-03 12:06 - 2008-11-25 17:18 - 01291264 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2014-12-03 12:06 - 2004-10-05 03:08 - 00055808 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00029768 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00050248 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2014-12-03 12:06 - 2014-01-13 18:06 - 00105544 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00030280 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00293960 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSize.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00578632 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00468040 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ExchBackupSizeEx.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00192072 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2014-12-03 12:06 - 2013-12-23 11:01 - 00281672 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00068680 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00069192 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00022600 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00115784 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00192584 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00135752 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2014-12-03 12:06 - 2013-10-22 17:31 - 00037960 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00135240 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2014-12-03 12:06 - 2013-12-24 17:42 - 00017992 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00096840 _____ () h:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2012-04-07 17:28 - 2009-05-21 04:14 - 00053248 ____N () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
2012-04-07 17:28 - 2009-05-21 10:14 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
2012-07-18 22:51 - 2009-07-08 14:23 - 00057344 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PerformOcr.dll
2012-07-18 22:51 - 2009-12-04 17:21 - 00057344 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMISM.dll
2012-07-18 22:51 - 2009-11-20 13:20 - 00147456 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMCommon.dll
2012-07-18 22:51 - 2008-08-25 17:19 - 00069632 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PHooKDlg.dll
2012-07-18 22:52 - 2007-03-30 10:24 - 00104528 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Qem.dll
2012-07-18 22:51 - 2009-12-08 10:51 - 00151552 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ScanModule.dll
2012-07-18 22:51 - 2009-09-02 09:25 - 00098304 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\CategoryManager.dll
2012-07-18 22:51 - 2009-11-27 17:50 - 00135168 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSet.dll
2012-07-18 22:51 - 2009-12-18 19:10 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMSave.dll
2012-07-18 22:51 - 2009-10-16 15:04 - 00614400 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDB_N.dll
2012-07-18 22:51 - 2009-08-06 10:22 - 00421888 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\FT.dll
2012-07-18 22:51 - 2009-12-18 16:12 - 00061440 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMINSO.dll
2012-07-18 22:51 - 2009-09-09 14:44 - 00151552 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMANO.dll
2012-07-18 22:51 - 2007-03-30 09:49 - 00104528 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\ComClass.dll
2012-07-18 22:51 - 2007-12-20 14:37 - 00176128 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\DocCate.dll
2012-07-18 22:51 - 2009-12-07 13:55 - 00253952 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMScnSet.dll
2012-07-18 22:51 - 2009-11-26 17:49 - 00081920 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NetFun2k.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-23 18:30 - 2015-04-16 19:40 - 00776192 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-25 16:26 - 2015-04-23 04:16 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-25 16:26 - 2015-04-23 04:16 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-25 16:26 - 2015-04-23 04:16 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-22 07:38 - 2015-06-04 20:56 - 02407104 _____ () C:\Program Files (x86)\Steam\video.dll
2014-09-06 21:07 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-09-06 21:07 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-09-06 21:07 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-09-06 21:07 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-09-06 21:07 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2013-05-03 15:35 - 2015-06-04 20:56 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-03-20 22:50 - 2014-03-20 22:50 - 00093696 _____ () C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.Common.dll
2014-02-08 08:53 - 2015-06-03 00:02 - 01007104 _____ () F:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-02-08 08:53 - 2015-06-03 00:02 - 00023552 _____ () F:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-02-08 08:53 - 2015-06-03 00:02 - 00024576 _____ () F:\Program Files (x86)\Origin\imageformats\qico.dll
2014-02-08 08:53 - 2015-06-03 00:02 - 00216576 _____ () F:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-02-08 08:53 - 2015-06-03 00:02 - 00261120 _____ () F:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-02-08 08:53 - 2015-06-03 00:02 - 00019456 _____ () F:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-02-08 08:53 - 2015-06-03 00:02 - 00337408 _____ () F:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-02-08 08:53 - 2015-06-03 00:02 - 00018944 _____ () F:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-06-08 23:26 - 2015-06-08 23:26 - 00043008 _____ () c:\users\peter\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpofofsn.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00750080 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00047616 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00865280 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:45 - 2015-03-04 23:45 - 00200704 _____ () C:\Users\PETER\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2012-07-18 22:51 - 2008-11-17 14:56 - 00102400 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\nsSign.dll
2012-07-18 22:51 - 2009-12-07 11:07 - 00352256 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMTree.dll
2012-07-18 22:51 - 2008-12-12 16:52 - 00106496 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMProp.dll
2012-07-18 22:51 - 2007-08-31 17:51 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMVoice.dll
2012-07-18 22:51 - 2008-12-12 17:00 - 00073728 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\OutlookVBA.dll
2012-07-18 22:51 - 2009-11-27 17:38 - 00331776 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAppBar.dll
2012-07-18 22:51 - 2009-12-04 17:21 - 04567040 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMView.dll
2012-07-18 22:51 - 2007-03-30 10:01 - 00038992 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\NsOEMKey.dll
2012-07-18 22:51 - 2009-11-11 17:21 - 00450560 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPageVW.dll
2012-07-18 22:51 - 2009-11-11 17:20 - 00098304 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMDocVW.dll
2012-07-18 22:51 - 2009-06-26 09:03 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMApSet.dll
2012-07-18 22:51 - 2009-11-20 11:30 - 01032192 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\SlideBarDLL.dll
2012-07-18 22:51 - 2009-12-04 17:20 - 00323584 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMAnoSet.dll
2012-07-18 22:51 - 2009-11-09 18:35 - 00184320 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImgVW.dll
2012-07-18 22:51 - 2008-08-25 16:16 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMIEVW.dll
2012-07-18 22:51 - 2009-07-14 13:25 - 00040960 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMPDFView.dll
2012-07-18 22:51 - 2009-10-22 17:50 - 00065536 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMStatus.dll
2012-07-18 22:51 - 2007-03-30 09:57 - 00034896 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\Import.dll
2012-07-18 22:51 - 2008-04-24 10:46 - 00086016 _____ () F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\PMImageSplitter.dll
2012-04-07 17:27 - 2010-12-02 17:28 - 00143360 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
2012-04-07 17:27 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
2012-04-07 17:27 - 2009-08-12 20:15 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
2012-04-07 17:27 - 2010-11-08 19:10 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite II\AI Charger+\AIChargerPlus.dll
2012-04-07 17:27 - 2010-10-15 17:40 - 01031680 _____ () C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
2012-04-07 17:27 - 2010-11-19 10:53 - 00963584 _____ () C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
2012-04-07 17:28 - 2010-12-01 12:33 - 01244672 _____ () C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
2012-04-07 17:28 - 2011-01-06 10:38 - 01027072 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
2012-04-07 17:27 - 2010-09-27 20:51 - 00881664 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
2012-04-07 17:27 - 2010-09-27 20:51 - 01607168 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
2012-04-07 17:27 - 2010-11-19 10:55 - 01246208 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
2012-04-07 17:27 - 2010-08-06 18:11 - 00850944 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
2012-04-07 17:27 - 2010-08-06 18:13 - 00886272 _____ () C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
2012-04-07 17:26 - 2010-08-23 04:17 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll
2013-03-26 16:16 - 2015-05-11 21:01 - 36302728 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-04-23 22:04 - 2015-04-23 22:05 - 40540672 _____ () F:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-23 22:04 - 2015-04-23 22:04 - 00104400 _____ () F:\Program Files\AVAST Software\Avast\log.dll
2015-04-23 22:04 - 2015-04-23 22:04 - 00081728 _____ () F:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2014-12-03 12:06 - 2013-09-04 11:19 - 00098888 _____ () H:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2014-12-03 12:06 - 2013-09-04 11:57 - 00222792 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\traynet.dll
2014-12-03 12:06 - 2013-09-04 11:57 - 00275528 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\libcurl.dll
2014-12-03 12:06 - 2013-08-15 09:18 - 00113166 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\zlib1.dll
2014-12-03 12:06 - 2013-08-22 17:13 - 00249928 _____ () H:\Program Files (x86)\EaseUS\TrayPopup\uexper.dll
2012-09-23 20:44 - 2012-09-23 20:44 - 00010240 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\locale\nl_nl\acrotray.nld
2013-08-22 12:38 - 2013-08-22 12:38 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-08-22 12:38 - 2013-08-22 12:38 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2012-04-07 17:27 - 2010-06-21 15:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
2013-08-22 12:41 - 2013-08-22 12:41 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2015-05-26 08:59 - 2015-05-22 22:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 08:59 - 2015-05-22 22:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\PETER\AppData\Local\Temp:LmAjdtQQ1dSkIKvgkIP09sgjs
AlternateDataStreams: C:\Users\PETER\AppData\Local\Temporary Internet Files:fOBqou0JeYgRSHjpJLl8PRUU
AlternateDataStreams: C:\Users\PETER\AppData\Local\Wqh8DMoH:h8nv3BQO5rAsx7BcRHtSb

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3467867667-3157156364-2699428233-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\PETER\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: avast! Antivirus => 2
MSCONFIG\startupreg: avast => "f:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

Pjotr31 · Jun 8, 2015

Addition.txt part 3

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{27A73A8E-8DBF-4795-8135-A15E4CB455BE}C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe] => (Allow) C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe
FirewallRules: [UDP Query User{F7AEC6C1-64C4-4E0D-8677-CEB875EC3D81}C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe] => (Allow) C:\users\peter\downloads\dsassistant_1920\win\dsassistant.exe
FirewallRules: [TCP Query User{0B17D3D1-89E1-42A3-B5EB-CFE7B015E26D}F:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) F:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [UDP Query User{8DAA733C-0E93-4A59-85AF-9EEEE22F81D2}F:\program files (x86)\synology\assistant\dsassistant.exe] => (Allow) F:\program files (x86)\synology\assistant\dsassistant.exe
FirewallRules: [{C6FD8151-B4D1-4A22-AB76-9EF1D25B4379}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe
FirewallRules: [{23A954D6-8A72-4C7D-948C-46F377E3671E}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe
FirewallRules: [{92B84CD9-395D-421E-B744-0949177EB45C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{07B36B45-A3C0-4671-B44C-8F954ECBD5EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5AE1E9E-EA62-4544-9A96-6FE5C4A067FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E3A0D677-CA90-40D7-8C36-ECF5FB8B915E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6A49E4B2-C60E-4BDA-A575-8CAD9FC5FBD5}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{0F23E57C-29D9-4458-9FB7-74E88CE46578}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{D291499E-8C23-49AD-9CD7-7691FDB72F17}] => (Allow) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{78CEEE0C-E87B-422B-9F2B-1BECD1ADEC3E}] => (Allow) C:\Users\PETER\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{0B162A81-5777-466B-9962-E32CE42C85A3}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Block) F:\Program Files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{A28E22B2-29CF-4056-A085-8C8BDB4F4691}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Block) F:\Program Files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{58B73435-A7AD-4B79-B6FB-EE81DED5A260}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{473DD8DC-DF30-4BDA-AB31-38F5284AAFCB}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{342AAFEE-3FB2-47A7-B16E-77AF4401CA75}] => (Allow) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\LicenseCheck.exe
FirewallRules: [{1E643EA1-FF15-4D15-AD4E-38FC0A6AD334}] => (Allow) F:\Program Files (x86)\NewSoft\Presto! PageManager 9 for EP\LicenseCheck.exe
FirewallRules: [TCP Query User{8603AC8B-9EA2-4457-A106-BA029E012E3A}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{7C2E3E67-2D25-4B67-BD2C-88E7D181C38F}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\peter\appdata\local\akamai\netsession_win.exe
FirewallRules: [{45FF855D-8BF5-48C3-BA74-AD420F944E8E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{45DF2001-4E8D-46D4-8653-B4572AD353C3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{CA767D67-084C-42BA-90BA-D22B2575FBF2}F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe] => (Allow) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe
FirewallRules: [UDP Query User{950F6719-ECA2-4804-AD54-0DBA770C8768}F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe] => (Allow) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe
FirewallRules: [{680449C8-AFC6-4A93-B4F1-39CC4E5083D5}] => (Block) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe
FirewallRules: [{9D7038A5-AD5E-4053-A85D-63C1933D06F3}] => (Block) F:\Program Files (x86)\microsoft games\microsoft flight simulator x\fsx.exe
FirewallRules: [TCP Query User{9BBA7FAE-5818-4132-B2F7-9CDA527D3E99}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{FA83606C-EE3B-4764-9BF2-35B823126AC5}C:\windows\syswow64\javaw.exe] => (Allow) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{67C70BB8-F163-4A98-89E4-039CAC26D9FA}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{61C3A176-4DAA-48AC-85E7-BCBEAADF3F8F}C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\peter\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{70938B3D-8056-4BAF-87B7-3910B5B1C9D7}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\peter\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{18DD193C-0963-420C-8260-0268A850405B}C:\users\peter\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\peter\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{FEB4C52E-72EC-42E0-BD82-ECD3E9D80AED}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [UDP Query User{270E5A61-677C-46BD-B71C-2C6174872EA2}C:\windows\syswow64\javaw.exe] => (Block) C:\windows\syswow64\javaw.exe
FirewallRules: [TCP Query User{D0AAEFCC-D7A9-4D57-B320-E4FB560E2077}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{192D84B2-DDE3-4BBB-B58A-91CEFBB5F800}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{95D11C2E-4A1A-4E3F-A25C-6B8E95C539A4}F:\Program Files (x86)\orbitdownloader\orbitnet.exe] => (Allow) F:\Program Files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [UDP Query User{F8F2D8D9-7ADC-4889-BA07-97266F881A73}F:\Program Files (x86)\orbitdownloader\orbitnet.exe] => (Allow) F:\Program Files (x86)\orbitdownloader\orbitnet.exe
FirewallRules: [TCP Query User{846A7AF8-041F-4362-BBB9-5B7421549EC1}F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe] => (Block) F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe
FirewallRules: [UDP Query User{133F23DB-EE4F-487D-BF4F-3F638A49D7B7}F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe] => (Block) F:\Program Files (x86)\NewSoft\presto! pagemanager 9 for ep\licensecheck.exe
FirewallRules: [TCP Query User{3DC95A7C-2E54-4A50-B13C-000010E7C341}F:\Program Files (x86)\parallel password recovery\run_server.exe] => (Block) F:\Program Files (x86)\parallel password recovery\run_server.exe
FirewallRules: [UDP Query User{9606A9FD-7B80-449D-9D3F-B3471E995FF5}F:\Program Files (x86)\parallel password recovery\run_server.exe] => (Block) F:\Program Files (x86)\parallel password recovery\run_server.exe
FirewallRules: [TCP Query User{9D341BDA-B1AB-4669-BDAB-F85017AA60FD}F:\Program Files (x86)\musicbrainz picard\picard.exe] => (Allow) F:\Program Files (x86)\musicbrainz picard\picard.exe
FirewallRules: [UDP Query User{2653BCD1-6DC7-41F6-8917-1F715955089D}F:\Program Files (x86)\musicbrainz picard\picard.exe] => (Allow) F:\Program Files (x86)\musicbrainz picard\picard.exe
FirewallRules: [TCP Query User{EBA8804C-D4D9-48F5-BED8-AD723334006A}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe
FirewallRules: [UDP Query User{556DF46A-05AD-42E5-8090-F860EBBF30FC}C:\windows\syswow64\java.exe] => (Block) C:\windows\syswow64\java.exe
FirewallRules: [TCP Query User{1D466C6B-F644-44E7-8884-C5D92581FACD}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Allow) F:\Program Files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{432C5F99-06E8-47AA-B7E9-2A628D7A6A4C}F:\Program Files (x86)\mediamonkey\mediamonkey.exe] => (Allow) F:\Program Files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{9F5FDE20-3E33-4DDF-A702-198FFC783E32}F:\program files\java\jre6\bin\javaw.exe] => (Block) F:\program files\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{991F9134-FF1A-48D6-8217-790CBD162AA8}F:\program files\java\jre6\bin\javaw.exe] => (Block) F:\program files\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{7AF46388-E99A-4BDE-8D89-CB853C34B262}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{B2F6E93F-BD5A-4E70-A57A-EC48BC74D0F8}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E86B5A3F-D959-4652-BD85-A59D0DFC595F}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe
FirewallRules: [{D3E5B9EA-F47B-4645-A796-C18D4000FB04}] => (Allow) F:\Program Files (x86)\BankingTools\Cashflow 4.1\CashflowApp.exe
FirewallRules: [{FBC46965-880F-4464-A02D-58F9E09134F7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3E673A76-EBB6-41AC-ADAA-EC07A830C9CE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EA2C6A9D-7EE2-411B-B416-57C80E05858E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{16AE6B8C-FFDD-4D40-A146-1AD46EECB08C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [TCP Query User{A4274554-A386-46B1-AAED-86B368975B5D}F:\steam library folder\steamapps\common\team fortress 2\hl2.exe] => (Allow) F:\steam library folder\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [UDP Query User{50D24CD5-9EA0-4092-8ACE-A5F8CA38FF58}F:\steam library folder\steamapps\common\team fortress 2\hl2.exe] => (Allow) F:\steam library folder\steamapps\common\team fortress 2\hl2.exe
FirewallRules: [{16BBB312-9033-4820-869F-3F2CC3D2A428}] => (Block) F:\Program Files\Adobe\Adobe Photoshop CS5.1 (64 Bit)\Photoshop.exe
FirewallRules: [{43430466-8C72-4962-8039-25B59D3ED988}] => (Block) %ProgramFiles% (x86)\SmartDraw 2013\SmartDraw.exe
FirewallRules: [{FF510CB7-8BBD-4319-9972-13E03703E32E}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [{C0F419B2-B110-4FD9-8B22-9456B590C58A}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe
FirewallRules: [TCP Query User{E5AFDC18-C741-423C-AB90-0799CE5DA075}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{3EC10302-257C-4016-A0D7-F85944A7D297}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{310E119F-1EFC-44A6-8E33-7E3A56E869DB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5C8C216F-84B1-4E67-B6C3-9617CB15E4C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{DDDC73B9-D769-45C4-8EE1-1E381FE8EC94}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5C7DBD6E-2A12-49F3-9BFC-0D93BA1BA1CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8A6F432F-0BC5-4C20-B14B-8EBCD62B06EC}] => (Allow) F:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe
FirewallRules: [{0B620597-8CBD-4B8F-B8C9-915DC1156398}] => (Allow) F:\Program Files (x86)\Origin Games\Need for Speed World\GameLauncher.exe
FirewallRules: [TCP Query User{4BC4AFC2-6468-4170-9975-605F1C22897C}F:\programdata\electronic arts\data\nfsw.exe] => (Allow) F:\programdata\electronic arts\data\nfsw.exe
FirewallRules: [UDP Query User{FC5E1BD7-0972-434F-B82B-CE4F9D9EE771}F:\programdata\electronic arts\data\nfsw.exe] => (Allow) F:\programdata\electronic arts\data\nfsw.exe
FirewallRules: [{3A489C46-31DD-4FDC-A24A-B4EF12CB838F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iBomber Attack Demo\iBomberAttackDemo.exe
FirewallRules: [{B86254E1-F2B3-4495-B221-A790E7FF5BE5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\iBomber Attack Demo\iBomberAttackDemo.exe
FirewallRules: [{576B8718-6276-4B50-9094-2B125A54AC07}] => (Allow) H:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{0334F8F1-ECC7-47D4-849A-D01CB087326E}] => (Allow) H:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{018BF4CC-17E1-4C29-B276-36867CCBE75F}] => (Allow) LPort=4481
FirewallRules: [{8A42A4E5-FB7D-435D-8287-CCDAE04E5115}] => (Allow) LPort=4481
FirewallRules: [{60A253E4-538E-4210-A1E1-F9880F759431}] => (Allow) LPort=4482
FirewallRules: [{649FC64B-E70A-4B72-B65B-29205BD2E040}] => (Allow) LPort=4482
FirewallRules: [TCP Query User{85764ABF-76D8-42CC-85F2-B6854B5A047F}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{421481C5-BD43-439A-98AF-88B4E470D418}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{15DCD1F1-0B06-4184-9FA9-8D5CE531B044}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{963C2386-7C8E-41F5-B8EF-D888173AFB7C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BBD38712-CBEA-4573-9F39-AABBB38DFC82}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9DD622B4-88E1-4809-8FC7-025DF2E2A553}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{3FD0A622-4157-4072-85F3-7C3D20E06BCE}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{76090457-16A7-4ED9-80A7-414F45AFF7B9}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [{77F72CCF-3486-42C2-A2B8-A787A03123DF}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5C49F74A-5520-4093-B3CC-4CD138062598}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{851ACB82-334B-4B37-8B31-805178C9CD5A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{19062B4F-F524-4351-8D9F-6A5AC1C9BE65}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FB007FC0-052A-4366-8509-0953A20EBC19}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{076BCE0F-5B1B-4D18-8AEE-D87A6A5E235E}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFSP.exe
FirewallRules: [{EFB7688A-14CD-473A-9CF9-4219A84F571F}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{33BA2308-4790-43A2-AD6A-A2E3505A7E73}] => (Allow) H:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Assassin's Creed IV Black Flag\AC4BFMP.exe
FirewallRules: [{CF6FC813-C14F-4723-913E-D47DDB556FE0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{84EF5FE2-7C13-42EC-B54C-E6DE798E8C1F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{84649655-4E50-41DB-8429-8F53F4826FF5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{42271F38-6BBB-46C0-B7D6-A473DC1C4EE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{63A2593E-37A2-4248-9886-FBB4DF85C720}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E3F75D13-7967-4BA9-A09E-66705A63E672}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{71077BE5-DBA2-4DE8-8A81-2BB94D19BFD4}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{4B8C1F86-162D-41CA-AED3-8941D85C1500}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{4591F867-BCE9-4232-BBF1-32341FE60A0F}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{B74579CE-FF49-41F2-9072-33D02CE7D951}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{78A79EA0-77B2-4735-81D9-E3BD85D3DC85}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{AC61B826-F949-4B03-AB1E-E2E76B4C1F6F}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{6C0877C0-CC83-4E60-9BAB-279FC291C3E5}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{3F242F30-B190-4690-A8CC-54DC951AE268}] => (Allow) H:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [TCP Query User{DD239C72-D7B8-4C27-B586-158585286D9A}H:\games\battlefield 4\bf4_x86.exe] => (Allow) H:\games\battlefield 4\bf4_x86.exe
FirewallRules: [UDP Query User{365B97CE-CFA1-4F44-9D01-46723F3D18B9}H:\games\battlefield 4\bf4_x86.exe] => (Allow) H:\games\battlefield 4\bf4_x86.exe
FirewallRules: [{02AE2090-1D55-403D-863F-FF7C970D2D37}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A438C9B7-A184-4945-A04B-DEA5F389F9D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FAA91DA7-00C8-4B56-86D1-10FE6B6B59BF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{C96AE375-0A3C-4DB7-954D-59C61E623DCB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{81D121AE-586B-4955-BFD7-0716B34A8D57}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FF095264-834A-41BC-BAA8-1D5D8BBD91D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D17791ED-592F-42E2-B069-6B1CC31EAA4A}] => (Allow) H:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{AF574895-63E4-4A46-871A-D9E619E5966C}] => (Allow) H:\SteamLibrary\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{E2801422-3D22-41B8-B83F-58E1A0B7A210}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{E972BA8E-8951-44AE-84A8-514919EF150E}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{D9AE9D59-7F50-4496-A9EA-55F2B052D126}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{52B7BA08-CE46-4CA2-B1EE-A6BFDCB2025F}] => (Allow) H:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{EBECC55C-1D7B-46A0-8163-357D744AA8E4}] => (Allow) h:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [{DAB03E88-0021-4248-B79B-7E1FD0635D9D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{DEEBDA1D-1EFE-4BE0-AB88-BEE4A5E211E7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{CF0E2D4E-CBBB-4961-9586-3EB4048A6553}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{60C265C8-C649-4857-898F-70877F019F1F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Little Inferno Beta\Little Inferno.exe
FirewallRules: [{B636CFEA-76AC-4114-BFD5-B4D2118AEA2E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Capsized\Capsized.exe
FirewallRules: [{0789103C-A70A-493C-B611-5F62F223AB16}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Capsized\Capsized.exe
FirewallRules: [{72FA1FA6-6F5E-4155-90CE-E8E0D261F4D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{8BB8E852-9A0E-4EB7-88C5-5EB5D55346E2}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\thomaswasalone\ThomasWasAlone.exe
FirewallRules: [{633321D3-F0D4-44A9-AD40-65D7A0D90176}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe
FirewallRules: [{3DF5F331-F675-4E23-BEDD-9E4B94E27BB1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Intrusion 2\intrusion2.exe
FirewallRules: [{C2A69856-6BE6-427F-9DC9-32E29DD97544}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe
FirewallRules: [{149BB1C6-0A30-4891-A11F-7634FB9E553F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Command and Conquer Red Alert 3 Uprising\RA3EP1.exe
FirewallRules: [{D8F14BAF-7E04-48EA-8C16-A8EC1574B78E}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{C3443A49-8355-4C3D-BE7D-11FFB872A653}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe
FirewallRules: [{F9BD63E6-5169-4C2B-AFEC-0DDC8EB72289}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{551FB3C0-4645-41CB-AB00-9F43CCE46493}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe
FirewallRules: [{06B9A16A-DDFD-4148-BE6E-A3993B89763D}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [{084C05C5-D121-44F8-9DC2-17C34CEF9E70}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed II\UPlayBrowser.exe
FirewallRules: [TCP Query User{A320347E-3FA3-4680-9126-2847785FE7DA}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe
FirewallRules: [UDP Query User{7C9DB469-8EA9-45E9-A658-8F663792212E}C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe] => (Allow) C:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe
FirewallRules: [{1EDF5DD5-B89C-4763-BB46-0C2FDE76CBF8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{6DA3F26F-26F0-471D-904E-0CE5544B5989}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{258F0458-EA44-41E3-8D2D-E7B472D90DE8}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{7EAF7120-A808-42F0-A1AD-823682797941}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{37899513-D87A-4672-B457-BE0597B097F1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{9C0FBBE6-B157-467E-A8CB-81B611BDB45C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{F61D0966-19B4-4876-853A-D9CC2C4B5E06}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{4A0D555E-1B26-4F42-8D04-70904BC2B645}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
FirewallRules: [{4E82FF9E-1B30-4337-8BBB-8D4941149862}] => (Allow) F:\Battle.net\Battle.net.exe
FirewallRules: [{6EEA3D04-B5DD-49C8-AB80-D3C8EA2C3AA1}] => (Allow) F:\Battle.net\Battle.net.exe
FirewallRules: [{A09646E5-0904-4146-BD89-498F842891CD}] => (Allow) F:\Hearthstone\Hearthstone.exe
FirewallRules: [{193EAC09-7FE7-4F2E-9C38-F62ACE11D341}] => (Allow) F:\Hearthstone\Hearthstone.exe
FirewallRules: [{40D55099-AEF6-4F68-92B0-CED770C66723}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [TCP Query User{68EC577C-593F-43D2-AB46-BE816E6F92F8}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe
FirewallRules: [UDP Query User{64D917BB-F870-40FB-A7A9-004F3C68E4B6}C:\program files (x86)\mkjogo\mklol\bin\mkim.exe] => (Allow) C:\program files (x86)\mkjogo\mklol\bin\mkim.exe
FirewallRules: [{19902B20-026B-44CA-95C4-D0070D2E5BEE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{48F747B9-5B80-44D1-AEC8-AD6F8D85E9B6}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3235\Agent.exe
FirewallRules: [{CE7FD005-D9E2-44C5-A8FD-E140543B155B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{0D7C0248-A5F3-4657-B029-9410676F13FF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BC7F1360-AE9E-4539-A60D-4D75D2198A50}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{AF6C5CEB-3FD9-46F6-8B77-C3AC4D517133}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3286\Agent.exe
FirewallRules: [{5137591F-531C-44DE-87F9-C975F47B7073}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{5276F6D8-50D3-4669-A308-11B8201F2D3F}\\192.168.1.65\software\ip camera\bsearch_en.exe] => (Allow) \\192.168.1.65\software\ip camera\bsearch_en.exe
FirewallRules: [UDP Query User{D1C000F0-BCB3-4B94-91B4-72FE1C6145BB}\\192.168.1.65\software\ip camera\bsearch_en.exe] => (Allow) \\192.168.1.65\software\ip camera\bsearch_en.exe
FirewallRules: [{2D7BEC0E-3E4B-4820-B719-36F0C4A766DC}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{4611DF3B-8FE3-4DE5-BFC1-1AAF772EF1AC}] => (Allow) C:\Program Files (x86)\IPCMonitor_en\IPCMonitor.exe
FirewallRules: [{E8D4D07D-02C2-40BF-8731-30F375434CAB}] => (Allow) F:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{E141A120-842F-4823-ABA9-E73239B654B1}] => (Allow) F:\Program Files (x86)\Origin Games\The Sims 4 Create A Sim Demo\Game\Bin\TS4CAS.exe
FirewallRules: [{F4C786A9-CD6D-4125-BA0E-2EEDE0C5F345}] => (Allow) F:\Sims 4\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\TS4.exe
FirewallRules: [{024D86F8-1879-4561-9350-792DEF60BBDF}] => (Allow) F:\Sims 4\The SIMS 4-Deluxe Edition-SKIDROWCRACK\Game\Bin\TS4.exe
FirewallRules: [{2055DF16-9A4E-428D-A024-9C46F3A596F7}] => (Allow) F:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{0AC28A61-C3F2-46B7-B621-DE1DB834A69E}] => (Allow) F:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{BF593F61-7723-4A82-8549-63B634DA96A6}] => (Allow) F:\steam library folder\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{CDE6C2BA-1873-4695-BA61-182C8A50DBD8}] => (Allow) F:\steam library folder\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{620F44A6-70E9-4C16-A114-D86C3A0194FB}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{A569FC0D-BA47-443C-9340-742FB75D25BA}] => (Allow) F:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{EC201D03-44EF-403A-A921-21C43F119B8F}] => (Block) F:\Program Files (x86)\Middle Earth Shadow of Mordor\x64\ShadowOfMordor.exe
FirewallRules: [{40BDA590-D721-405A-B3F5-3F4B5EF595F8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C8DC17BD-5717-4DE0-A27B-6407B4B25010}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{7C118354-3226-4360-9FD1-65DC71389647}] => (Block) F:\Program Files (x86)\Adobe\Adobe Premiere Pro CC 2014\Adobe Premiere Pro.exe
FirewallRules: [TCP Query User{8BCB95E3-7A95-45FD-8E6F-B253FAFC207F}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [UDP Query User{D5729ED5-36F5-40B3-A63C-C18DAC8A2E36}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe
FirewallRules: [TCP Query User{FDA90FF7-1159-45B9-9D0D-831E450A55BF}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [UDP Query User{8EB5D2A2-1CCA-4C33-923F-4D7E2B69F6BF}F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe] => (Allow) F:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe
FirewallRules: [{FE978480-D164-4FD9-A835-879C7D9801A6}] => (Allow) F:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{A2F44525-A511-457C-9B1C-F17B3C6EEF24}] => (Allow) F:\Program Files (x86)\Origin Games\SimCity 2000 SE\Game\Game\DOSBox\DOSBox.exe
FirewallRules: [{2D26ABDB-A8DD-4825-8504-1F761B66993E}] => (Allow) F:\steam library folder\SteamApps\common\AmongRipples\AmongRipples.exe
FirewallRules: [{9429715E-8373-4C0D-A795-8956BA81F12A}] => (Allow) F:\steam library folder\SteamApps\common\AmongRipples\AmongRipples.exe
FirewallRules: [{545E2D5F-3588-48A2-8DE3-09EF2D1C0BBD}] => (Allow) F:\steam library folder\SteamApps\common\Ghost Master\ghost.exe
FirewallRules: [{D9583C59-40A7-4B1B-B077-62E363F0F4C1}] => (Allow) F:\steam library folder\SteamApps\common\Ghost Master\ghost.exe
FirewallRules: [{2C78F406-76FF-4F25-A7E5-0D411857C7DB}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hppiw.exe
FirewallRules: [{0C26C0A9-B6FA-4B81-9A83-909F27312618}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0A4B\hppiw.exe
FirewallRules: [{1F83F92F-3833-421F-A244-C0E3FB694569}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0B7B\hppiw.exe
FirewallRules: [{0EB9F89D-2FDC-49AD-AAFA-577ABD30B928}] => (Allow) C:\Users\PETER\AppData\Local\Temp\7zS0B7B\hppiw.exe
FirewallRules: [{A58AA986-58ED-4F18-9DDD-C50BF2940A8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{87FA797F-6129-465C-8603-70B35453452A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{E054CB61-66C9-42AE-B92F-6C05F6A2923C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{FB9A5A6E-ECF4-4A26-8C2D-2AE7D429034E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{1E4BE5AA-B482-475F-93AD-CBD990B06701}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B22B92E9-5FB1-4EC2-93FF-4B38D1BB8F1B}] => (Allow) F:\steam library folder\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{201F1F9F-1CD7-4F6D-B569-481023F6A437}] => (Allow) F:\steam library folder\SteamApps\common\Besiege\Besiege.exe
FirewallRules: [{090FDD4B-E896-43DE-87CF-3893E8383E8E}] => (Allow) F:\steam library folder\SteamApps\common\Shelter2\Shelter2.exe
FirewallRules: [{D7F3A4EE-1ABD-412B-8E85-9F424BD0B1AE}] => (Allow) F:\steam library folder\SteamApps\common\Shelter2\Shelter2.exe
FirewallRules: [{2FB00F36-4544-4E26-955C-439372EC888B}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{0A176B48-A3F5-438B-A247-43EFD650232F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E53E7E62-76B9-49CF-87A0-9EB2753AC14F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0C0E2572-34EC-486C-9919-77E842139269}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{49B73444-5D64-4F25-8412-0285B66AB032}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E20D0868-1E0C-4F3E-99DF-68E89A91EF4D}] => (Allow) F:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E64CE403-77F0-4F2F-8F52-B083DA0AC171}] => (Allow) F:\steam library folder\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [{93BB2153-5431-48C4-B9A2-1D98A4E8112C}] => (Allow) F:\steam library folder\SteamApps\common\Napoleon Total War\Napoleon.exe
FirewallRules: [TCP Query User{DE52C308-F913-49AA-9AED-446CA547CD87}F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{7D64ED70-3060-4ED4-AC21-5C843510BA7D}F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) F:\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{5A4F6B44-6B7C-4642-B704-F37C2289B06C}] => (Allow) F:\steam library folder\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{2501C92A-CFF4-4007-A072-D712A7F8A6CE}] => (Allow) F:\steam library folder\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{F2C88D33-4F8B-4AF5-86FE-84EAEA525979}F:\steam library folder\dota 2 beta\dota.exe] => (Allow) F:\steam library folder\dota 2 beta\dota.exe
FirewallRules: [UDP Query User{945C1935-0881-4C64-B612-025DEBE74F86}F:\steam library folder\dota 2 beta\dota.exe] => (Allow) F:\steam library folder\dota 2 beta\dota.exe
FirewallRules: [{C514BCB0-0981-4C42-BDA3-CA7A7012710E}] => (Allow) F:\steam library folder\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [{50AC0A48-284E-4FD1-A8AC-5918C6207E75}] => (Allow) F:\steam library folder\SteamApps\common\Subnautica\Subnautica.exe
FirewallRules: [TCP Query User{8460AE0B-4376-4BB0-81E5-6CE3B421B243}C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{F6557E35-67F5-4E20-B191-B18F274A13AC}C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\peter\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{66EFA9DC-A369-4C74-881D-13F9CB007118}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{07D4652B-BFA7-41DA-8C85-33FD00EC6750}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{FA0FDA31-3C1E-4B0F-8F0B-ADA829CF08C3}] => (Allow) F:\steam library folder\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{2DBD8A65-6F03-44B2-99D6-33EB46B3E7A3}] => (Allow) F:\steam library folder\SteamApps\common\AdVenture Capitalist\adventure-capitalist.exe
FirewallRules: [{CF58AB2A-ABB0-4110-858D-3A9829623E8D}] => (Allow) F:\steam library folder\SteamApps\common\The Plan\The Plan.exe
FirewallRules: [{3F6F67DC-539E-4DEB-9386-DC23614FE541}] => (Allow) F:\steam library folder\SteamApps\common\The Plan\The Plan.exe
FirewallRules: [{62829CAD-2988-43EF-B31A-3904917A680E}] => (Allow) F:\steam library folder\SteamApps\common\Making History The Calm and The Storm Demo\bin\makehist.exe
FirewallRules: [{0F0D9699-855E-4069-B909-9FC00A237973}] => (Allow) F:\steam library folder\SteamApps\common\Making History The Calm and The Storm Demo\bin\makehist.exe
FirewallRules: [{3D83D1DF-D0C5-4BB6-8864-833BB379638A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{C044B64E-5969-4925-A5C0-C312BD205E17}] => (Allow) F:\steam library folder\SteamApps\common\Crest\Crest.exe
FirewallRules: [{ED5CF348-0F0B-4DE5-A0EE-5BC7463C78AC}] => (Allow) F:\steam library folder\SteamApps\common\Crest\Crest.exe

==================== Faulty Device Manager Devices =============

Name: VBoxAsw Support Driver
Description: VBoxAsw Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VBoxAswDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/08/2015 11:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2137

Error: (06/08/2015 11:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2137

Error: (06/08/2015 11:31:29 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2015 11:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1139

Error: (06/08/2015 11:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1139

Error: (06/08/2015 11:31:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/08/2015 07:58:54 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Kan activeringscontext voor 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1' niet maken. Fout in manifest of beleidsbestand 'UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 op regel UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Onderdeel-id in manifest komt niet overeen met de id van het gevraagde onderdeel.
Verwijzing is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definitie is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Gebruik sxstrace.exe voor gedetailleerde diagnose.

Error: (06/07/2015 11:38:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: adwcleaner_4.206.exe, versie: 4.2.0.6, tijdstempel: 0x556b7f98
Naam van module met fout: unknown, versie: 0.0.0.0, tijdstempel: 0x00000000
Uitzonderingscode: 0xc0000005
Foutoffset: 0x0747a53e
Id van proces met fout: 0x18fc
Starttijd van toepassing met fout: 0xadwcleaner_4.206.exe0
Pad naar toepassing met fout: adwcleaner_4.206.exe1
Pad naar module met fout: adwcleaner_4.206.exe2
Rapport-id: adwcleaner_4.206.exe3

Error: (06/07/2015 05:06:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6021

Error: (06/07/2015 05:06:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6021

System errors:
=============
Error: (06/08/2015 11:27:04 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Onverwachte fout. Foutcode: D@01010004

Error: (06/08/2015 11:27:04 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Onverwachte fout. Foutcode: D@01010004

Error: (06/08/2015 11:27:04 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Onverwachte fout. Foutcode: D@01010004

Error: (06/08/2015 11:27:04 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Onverwachte fout. Foutcode: D@01010004

Error: (06/08/2015 11:26:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: De volgende opstartstuurprogramma's zijn niet geladen:
MtxDma0

Error: (06/08/2015 11:26:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De VBoxAsw Support Driver-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (06/08/2015 11:26:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De NPEService-service kan vanwege de volgende fout niet worden gestart:
%%2

Error: (06/08/2015 11:26:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: De vorige afsluiting van het systeem om 23:24:27 op ‎8-‎6-‎2015 is onverwacht gebeurd.

Error: (06/08/2015 11:14:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De EaseUS Agent Service-service is onverwacht beëindigd. Dit is nu 299 keer gebeurd.

Error: (06/08/2015 11:14:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: De EaseUS Agent Service-service is onverwacht beëindigd. Dit is nu 298 keer gebeurd.

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
Date: 2015-06-08 22:44:15.571
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2015-06-08 22:44:15.524
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\ComboFix\catchme.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2015-03-22 20:29:02.603
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2015-03-22 20:29:02.550
Description: De integriteit van de kopie van het bestand \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys kan niet worden geverifieerd omdat de bestands-hash niet is gevonden op het systeem. Tijdens een recente hardware- of softwarewijziging is mogelijk een bestand geïnstalleerd dat onjuist ondertekend of beschadigd is, of dat mogelijk kwaadwillende software van een onbekende bron is.

Date: 2013-11-21 17:34:52.563
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:34:52.503
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:34:52.453
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:34:52.393
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:33:45.255
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

Date: 2013-11-21 17:33:45.195
Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Windows\System32\atklumdispx.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 35%
Total physical RAM: 8099.93 MB
Available physical RAM: 5223.69 MB
Total Pagefile: 18198.04 MB
Available Pagefile: 14233.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.47 GB) (Free:83.06 GB) NTFS
Drive e: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (TeraDisk) (Fixed) (Total:931.51 GB) (Free:376.58 GB) NTFS
Drive h: (SSD 120GB) (Fixed) (Total:119.15 GB) (Free:17.99 GB) NTFS
Drive m: () (Network) (Total:1830.83 GB) (Free:196.82 GB)
Drive p: () (Network) (Total:913.94 GB) (Free:37.16 GB)
Drive s: () (Network) (Total:1830.83 GB) (Free:196.82 GB)
Drive v: () (Network) (Total:913.94 GB) (Free:37.16 GB)
Drive w: () (Network) (Total:1830.83 GB) (Free:196.82 GB)
Drive z: () (Network) (Total:0.24 GB) (Free:0.16 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5352E724)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 2F0AD043)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 3373616B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Solved Surfvox on Win7-64bit system

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Similar threads