Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Essentials isn't monitoring your pc ...


  • This topic is locked This topic is locked
12 replies to this topic

#1 diznanl

diznanl

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 26 August 2015 - 11:48 PM

After a few hours on the computer, I get this, "Security Essentials isn't monitoring your pc because the program's service has stopped"

 

Posting my FRST results below ... please help!

 

Thanks,

diznanl

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by diznanl (administrator) on diznanl-PC (24-08-2015 19:07:56)
Running from F:\Desktop
Loaded Profiles: Daniel (Available Profiles: diznanl)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Flawless Widescreen) C:\Program Files (x86)\Flawless Widescreen\FlawlessWidescreen.exe
() C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
() C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files (x86)\The Maxifier\The Maxifier.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\ABService.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Code 42 Software, Inc.) C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(http://www.ruby-lang.org/) H:\Temp\ocr536C.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) H:\Temp\ocr975E.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NRecord.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Moonchild Productions) C:\Program Files (x86)\Pale Moon\palemoon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)
HKLM\...\Run: [FWS_FlawlessWidescreen] => C:\Program Files (x86)\Flawless Widescreen\FlawlessWidescreen.exe [2607104 2014-05-30] (Flawless Widescreen)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [CrashPlanTray] => C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe [414208 2015-07-07] (Code 42 Software, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [KeepAliveHD] => C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe [305152 2013-05-30] ()
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [Amazon Music] => C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [ultracopier] => "C:\Program Files\Supercopier\supercopier.exe"
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [The Maxifier] => C:\Program Files (x86)\The Maxifier\The Maxifier.exe [212992 2009-10-25] ()
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [RGSC] => F:\Game\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [Google Update] => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc.)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [Dropbox Update] => C:\Users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe [2370560 2015-04-12] (i-Funbox.com)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-25] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TempPermissions.bat [2014-09-08] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-05] (Dropbox, Inc.)
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{59c9ea6d-ad75-11e2-a7d3-806e6f6e6963}\bootwiz\asrm.bin
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-09-26] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-09-26] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-09-26] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-09-26] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-09-26] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1400643829335
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: 127.0.0.1 activation.acronis.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{09DF7DEB-C32F-4ECD-A1E3-B7D04B6C4E6E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{280A034A-718E-4CFA-B3A2-575D6CCE64D1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{763768BB-72B0-43A7-B1C9-DE45B69BC7E1}: [DhcpNameServer] 10.177.0.34 10.168.185.116
Tcpip\..\Interfaces\{7FD91FD1-6A92-44D7-963A-C0589D2C5AE3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A9CC50F4-BC2F-47B6-B905-40334A58771C}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{AD1F72BF-2921-4945-8A76-F2EF0C364E91}: [DhcpNameServer] 172.20.10.2

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll [2011-03-23] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @talk.google.com/O1DPlugin -> C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2013-11-02] (Octoshape ApS)

Chrome:
=======
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-06-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\ABService.exe [29912 2014-04-08] (AOMEI Tech Co., Ltd.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-08-20] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [153088 2014-02-19] (Code 42 Software) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-02-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-23] (Creative Labs) [File not signed]
R2 Crypkey License; C:\WINDOWS\SYSTEM32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 Crypkey License; C:\WINDOWS\SysWOW64\crypserv.exe [0 2014-05-20] () <==== ATTENTION (zero byte File/Folder)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-12-18] (Creative Technology Ltd) [File not signed]
S3 DAUpdaterSvc; E:\Game2\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-05-03] (BioWare)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-02-28] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1718840 2015-07-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6871608 2015-07-26] (GOG.com)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 NPVR Recording Service; C:\Program Files (x86)\NPVR\NRecord.exe [60416 2015-06-02] (Menten Holdings Ltd) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
S3 Origin Client Service; G:\Game\Origin\OriginClientService.exe [1931632 2015-04-25] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [190464 2014-09-19] (Power Admin LLC) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-24] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-17] (Asmedia Technology) [File not signed]
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-04-12] (Broadcom Corporation.)
S3 cpuz136; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [25320 2013-08-24] (CPUID)
R3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-03] (Intel Corporation)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19912 2009-12-21] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13264 2009-12-21] ()
S3 qcusbser-forge; C:\Windows\System32\DRIVERS\qcusbser.sys [247872 2015-06-17] (FORGE Incorporated)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-05-27] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-04] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-19] (Acronis International GmbH)
S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain) [File not signed]
S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-04] (Unibrain) [File not signed]
S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-04] (Unibrain) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-04-26] (Acronis International GmbH)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GENERICDRV; \??\H:\Desktop\Z77 Extreme4(2.90)WIN\amifldrv64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-24 19:07 - 2015-08-24 19:07 - 00000000 ____D C:\FRST
2015-08-23 22:44 - 2015-08-24 02:02 - 00000000 ____D C:\Users\Public\NPVR
2015-08-23 22:44 - 2015-08-23 22:44 - 00000000 ____D C:\Program Files (x86)\NPVR
2015-08-23 22:38 - 2015-08-23 23:46 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Kodi
2015-08-23 22:38 - 2015-08-23 22:38 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-08-23 22:37 - 2015-08-23 22:38 - 00000000 ____D C:\Program Files (x86)\Kodi
2015-08-21 03:00 - 2015-08-10 18:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-21 03:00 - 2015-08-10 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-21 03:00 - 2015-08-10 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-21 03:00 - 2015-08-10 17:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-17 22:29 - 2015-08-17 22:29 - 00800960 _____ C:\Windows\Minidump\081715-24804-01.dmp
2015-08-12 03:21 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:21 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 11:22 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 11:22 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 11:22 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 11:22 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 11:22 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 11:22 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 11:22 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 11:22 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 11:22 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 11:22 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 11:22 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 11:22 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 11:22 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 11:22 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 11:22 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 11:22 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 11:22 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 11:22 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 11:22 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 11:22 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 11:22 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 11:22 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 11:22 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 11:22 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 11:22 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 11:22 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 11:22 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 11:22 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 11:22 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 11:22 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 11:22 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 11:22 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 11:22 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 11:22 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 11:22 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 11:22 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 11:22 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 11:22 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 11:22 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 11:22 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 11:22 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 11:22 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 11:22 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 11:22 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 11:22 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 11:22 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 11:22 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 11:22 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 11:22 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 11:22 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 11:22 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 11:22 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 11:22 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 11:22 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 11:22 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 11:22 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 11:22 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 11:22 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 11:22 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 11:22 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 11:22 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 11:22 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 11:22 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 11:22 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 11:22 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 11:22 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 11:22 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 11:22 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 11:22 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 11:22 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 11:22 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 11:22 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 11:22 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 11:22 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 11:22 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 11:22 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 11:22 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 11:22 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 11:22 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 11:22 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 11:22 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 11:22 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 11:22 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 11:22 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 11:22 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 11:22 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 11:22 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 11:22 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 11:22 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 11:22 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 11:22 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 11:22 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 11:22 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 11:22 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 11:22 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 11:22 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 11:22 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 11:22 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 11:22 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 11:22 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 11:22 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 11:22 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 11:22 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 11:22 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 11:22 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 11:22 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 11:22 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 11:22 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 11:22 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 11:22 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 11:22 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 11:22 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 11:22 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 08:09 - 2015-08-11 08:09 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-09 13:11 - 2015-08-09 13:11 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV
2015-08-01 15:06 - 2015-08-01 15:06 - 00003072 _____ C:\Windows\System32\Tasks\{AE180D8E-13B4-430D-AC65-1A077CC27726}
2015-07-31 23:10 - 2015-07-31 23:10 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2015-07-31 06:58 - 2015-07-31 06:58 - 00003072 _____ C:\Windows\System32\Tasks\{078BE44F-1612-4EA8-8F09-676129FFBA76}
2015-07-30 23:04 - 2015-07-30 23:04 - 00053615 _____ C:\Windows\SysWOW64\CCCInstall_201507302304405687.log
2015-07-29 20:51 - 2015-07-29 20:51 - 00000000 ____D C:\Program Files\Pale Moon
2015-07-27 18:42 - 2015-07-27 18:43 - 00000000 ____D C:\Program Files (x86)\Pale Moon

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-24 18:38 - 2013-04-24 22:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-24 18:34 - 2014-05-29 06:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-24 18:20 - 2013-04-25 00:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-24 18:18 - 2015-06-17 21:07 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA.job
2015-08-24 18:16 - 2015-04-12 10:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA.job
2015-08-24 17:39 - 2015-06-29 20:34 - 00000344 ____H C:\Windows\Tasks\KYOUUYBQNCGKODSN.job
2015-08-24 16:05 - 2009-07-13 21:45 - 00025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-24 16:05 - 2009-07-13 21:45 - 00025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-24 13:45 - 2015-06-29 20:35 - 00001022 _____ C:\Windows\Tasks\1ZjCPP5Yxze2RL2eX2hefr7.job
2015-08-24 13:38 - 2013-04-24 22:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 07:18 - 2015-06-17 21:07 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core.job
2015-08-24 07:07 - 2014-05-15 03:20 - 01565854 _____ C:\Windows\WindowsUpdate.log
2015-08-23 20:54 - 2013-04-25 00:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\foobar2000
2015-08-23 19:16 - 2015-04-12 10:00 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core.job
2015-08-23 00:22 - 2009-07-13 22:13 - 00788438 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-23 00:16 - 2015-07-05 16:37 - 00000000 ___RD C:\Users\Daniel\iCloudDrive
2015-08-23 00:16 - 2015-06-29 20:34 - 00000338 _____ C:\Windows\Tasks\GPJUGXWBQ1.job
2015-08-23 00:16 - 2015-01-25 17:08 - 00025296 _____ C:\Windows\error.log
2015-08-23 00:16 - 2015-01-25 16:36 - 00073532 _____ C:\Windows\setupact.log
2015-08-23 00:16 - 2013-04-24 22:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2015-08-23 00:16 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-23 00:15 - 2015-04-26 23:29 - 00003026 _____ C:\Windows\System32\Tasks\MSIAfterburner
2015-08-23 00:15 - 2015-01-29 23:40 - 00145740 _____ C:\Windows\PFRO.log
2015-08-23 00:15 - 2015-01-25 17:07 - 00005768 _____ C:\Windows\errord.log
2015-08-23 00:15 - 2013-06-19 22:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\KeePass
2015-08-22 16:20 - 2015-04-14 23:56 - 00000080 _____ C:\Users\Daniel\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-08-22 10:50 - 2013-05-03 19:31 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2015-08-22 03:57 - 2013-04-25 13:52 - 00000000 ____D C:\Windows\Panther
2015-08-22 03:37 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-21 19:45 - 2014-03-25 08:03 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-20 20:42 - 2015-04-14 23:56 - 00000000 ____D C:\Program Files\Rockstar Games
2015-08-20 20:42 - 2015-01-27 23:34 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-08-20 10:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-17 22:29 - 2015-01-26 08:47 - 687224002 ____N C:\Windows\MEMORY.DMP
2015-08-17 22:29 - 2013-04-29 15:08 - 00000000 ____D C:\Windows\Minidump
2015-08-17 16:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system
2015-08-16 13:08 - 2013-08-21 21:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-08-12 07:20 - 2013-04-25 00:28 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 07:20 - 2013-04-25 00:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 07:20 - 2013-04-25 00:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 04:27 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 03:39 - 2015-01-26 21:38 - 00000000 ___RD C:\Users\Daniel\Virtual Machines
2015-08-12 03:38 - 2015-02-11 23:05 - 05060552 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:38 - 2014-05-29 06:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:38 - 2014-05-29 06:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:37 - 2014-12-16 04:15 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:37 - 2014-04-27 20:37 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:14 - 2009-07-13 19:34 - 00000521 _____ C:\Windows\win.ini
2015-08-12 03:13 - 2013-08-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:00 - 2013-04-24 23:10 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-09 13:11 - 2015-01-31 12:02 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\New Technology Studio
2015-08-09 12:26 - 2013-06-19 22:01 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2015-08-08 11:46 - 2013-04-24 22:12 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-08-04 07:24 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\LiveKernelReports
2015-08-01 15:06 - 2013-07-23 21:36 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Skype
2015-08-01 14:50 - 2014-05-29 06:41 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-30 23:03 - 2015-04-29 19:39 - 00000000 ____D C:\Program Files\AMD
2015-07-30 23:00 - 2014-09-19 00:42 - 00000000 ____D C:\AMD
2015-07-26 11:21 - 2015-01-28 00:18 - 00171118 _____ C:\Windows\DirectX.log
2015-07-25 02:38 - 2015-04-04 03:00 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2013-02-07 05:22 - 2013-02-07 05:22 - 0050330 _____ () C:\Program Files (x86)\AntiDust.exe
2014-10-29 23:30 - 2014-10-29 23:30 - 2919548 _____ (Popcorn Official) C:\Program Files (x86)\update.exe
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Daniel\AppData\Roaming\1ZjCPP5Yxze2RL2eX2hefr7
2013-06-01 13:37 - 2015-02-09 22:42 - 0000600 _____ () C:\Users\Daniel\AppData\Roaming\winscp.rnd
2015-02-17 00:28 - 2015-06-29 21:00 - 0269408 _____ () C:\Users\Daniel\AppData\Local\ars.cache
2015-02-17 00:28 - 2015-06-29 21:01 - 0709228 _____ () C:\Users\Daniel\AppData\Local\census.cache
2015-06-07 04:00 - 2015-06-07 04:00 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-17 00:15 - 2015-02-17 00:15 - 0000036 _____ () C:\Users\Daniel\AppData\Local\housecall.guid.cache
2015-02-17 00:20 - 2015-06-29 22:32 - 0000010 _____ () C:\Users\Daniel\AppData\Local\sponge.last.runtime.cache
2015-08-23 00:16 - 2015-08-23 00:16 - 0000000 ____H () C:\ProgramData\cm-lock

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\crypserv.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-22 09:21

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:33 AM

Posted 31 August 2015 - 07:06 AM

Hey, :)

 

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is selected and click Start Scan.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
  •  

STEP 2
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 3

BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning
  • Follow the prompts and allow your computer to reboot
  • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[S1].txt.

 
======================================================

STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM log
  • JRT.txt
  • AdwCleaner[C1].txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:33 AM

Posted 03 September 2015 - 05:00 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:33 AM

Posted 05 September 2015 - 07:16 AM

User returned.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 diznanl

diznanl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 05 September 2015 - 12:34 PM

Thank you, Machiavelli.  Here are my logs:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/3/2015
Scan Time: 8:24 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.04.01
Rootkit Database: v2015.08.16.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Daniel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 464131
Time Elapsed: 20 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.0 (08.31.2015:1)
OS: Windows 7 Professional x64
Ran by Daniel on Sat 09/05/2015 at 12:13:54.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\REN58AA.tmp



~~~ Folders



~~~ Chrome


[C:\Users\Daniel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Daniel\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Daniel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Daniel\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/05/2015 at 12:16:16.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

# AdwCleaner v5.003 - Logfile created 03/09/2015 at 21:18:20
# Updated 20/08/2015 by Xplode
# Database : 2015-08-31.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Daniel - DANIEL-PC
# Running from : F:\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : C:\Program Files\Pale Moon\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Program Files (x86)\Pale Moon\browser\searchplugins\yahoo.xml

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec

***** [ Web browsers ] *****

[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Proxy settings cleared
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1079 bytes] ##########
 

 

 

 

 

 

 

Attached Files


Edited by diznanl, 05 September 2015 - 02:17 PM.


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:33 AM

Posted 06 September 2015 - 12:36 PM

Well done. :)

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST.exe or FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 diznanl

diznanl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 08 September 2015 - 12:20 AM

Hello, Machiavelli.  Thank you for your help!  Please see attached for my logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-09-2015
Ran by Daniel (administrator) on DANIEL-PC (07-09-2015 22:15:55)
Running from F:\Desktop
Loaded Profiles: Daniel (Available Profiles: Daniel)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files\pia_manager\pia_manager.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Flawless Widescreen) C:\Program Files (x86)\Flawless Widescreen\FlawlessWidescreen.exe
() C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
() C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Program Files (x86)\The Maxifier\The Maxifier.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Evoluent) C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NTray.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Code 42 Software, Inc.) C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
(Menten Holdings Ltd) C:\Program Files (x86)\NPVR\NRecord.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(http://www.ruby-lang.org/) H:\Temp\ocr6891.tmp\bin\rubyw.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) H:\Temp\ocr70FA.tmp\bin\rubyw.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Mozilla Corporation) C:\Program Files\Pale Moon\plugin-container.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)
HKLM\...\Run: [FWS_FlawlessWidescreen] => C:\Program Files (x86)\Flawless Widescreen\FlawlessWidescreen.exe [2607104 2014-05-30] (Flawless Widescreen)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-10-31] (Wondershare)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe [241789 2010-02-18] (Creative Technology Ltd)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2015-04-07] (Apple Inc.)
HKLM-x32\...\Run: [CrashPlanTray] => C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe [414208 2015-07-07] (Code 42 Software, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-15] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [KeepAliveHD] => C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe [305152 2013-05-30] ()
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [Amazon Music] => C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe [6277952 2014-12-07] ()
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [ultracopier] => "C:\Program Files\Supercopier\supercopier.exe"
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [The Maxifier] => C:\Program Files (x86)\The Maxifier\The Maxifier.exe [212992 2009-10-25] ()
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [RGSC] => F:\Game\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [Google Update] => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-05] (Google Inc.)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [Dropbox Update] => C:\Users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [iFunBox Fast App Install Handler] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe [2370560 2015-04-12] (i-Funbox.com)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-25] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TempPermissions.bat [2014-09-08] ()
BootExecute: autocheck autochk * auto_reactivate \\?\Volume{59c9ea6d-ad75-11e2-a7d3-806e6f6e6963}\bootwiz\asrm.bin
GroupPolicyScripts: Group Policy detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 activation.acronis.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{09DF7DEB-C32F-4ECD-A1E3-B7D04B6C4E6E}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{280A034A-718E-4CFA-B3A2-575D6CCE64D1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{763768BB-72B0-43A7-B1C9-DE45B69BC7E1}: [DhcpNameServer] 10.177.0.34 10.168.185.116
Tcpip\..\Interfaces\{7FD91FD1-6A92-44D7-963A-C0589D2C5AE3}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A9CC50F4-BC2F-47B6-B905-40334A58771C}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{AD1F72BF-2921-4945-8A76-F2EF0C364E91}: [DhcpNameServer] 172.20.10.2

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-09-26] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-03] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-03] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-09-26] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-03] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: No Name -> {D5FEC983-01DB-414a-9456-AF95AC9ED7B5} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-09-26] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2013-09-26] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2013-09-26] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1400643829335
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @adobe.com/AuthorwarePlayer -> C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [2013-05-30] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-03-25] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll [2011-03-23] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @talk.google.com/O1DPlugin -> C:\Users\Daniel\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2615940715-1781691088-1086637195-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npMeetingJoinPluginAOCUser.dll [2014-05-01] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Daniel\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2013-11-02] (Octoshape ApS)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=U027&ocid=U027DHP
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll No File
CHR Plugin: (Java™ Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-06-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-06-29]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\ABService.exe [29912 2014-04-08] (AOMEI Tech Co., Ltd.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-08-20] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [153088 2014-02-19] (Code 42 Software) [File not signed]
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-02-18] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-07-23] (Creative Labs) [File not signed]
R2 Crypkey License; C:\WINDOWS\SYSTEM32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
R2 Crypkey License; C:\WINDOWS\SysWOW64\crypserv.exe [0 2014-05-20] () <==== ATTENTION (zero byte File/Folder)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-12-18] (Creative Technology Ltd) [File not signed]
S3 DAUpdaterSvc; E:\Game2\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2011-05-03] (BioWare)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-02-28] (Futuremark)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1718840 2015-07-26] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6871608 2015-07-26] (GOG.com)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 NPVR Recording Service; C:\Program Files (x86)\NPVR\NRecord.exe [60416 2015-06-02] (Menten Holdings Ltd) [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
S3 Origin Client Service; G:\Game\Origin\OriginClientService.exe [1931632 2015-04-25] (Electronic Arts)
S3 PAExec; C:\Windows\PAExec.exe [190464 2014-09-19] (Power Admin LLC) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-24] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-05-07] () [File not signed]
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-05-07] () [File not signed]
S3 ampa; C:\Windows\system32\ampa.sys [17008 2013-11-29] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [17008 2013-11-29] ()
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-02-06] () [File not signed]
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49560 2012-09-17] (Asmedia Technology) [File not signed]
R0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-04-12] (Broadcom Corporation.)
S3 cpuz136; C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [25320 2013-08-24] (CPUID)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [25144 2010-06-23] (Evoluent)
R3 EvoMouseDriverMini; C:\Windows\System32\drivers\EvoMouseDriverMini.sys [22584 2010-06-23] ()
R3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-03] (Intel Corporation)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-02-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19912 2009-12-21] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13264 2009-12-21] ()
S3 qcusbser-forge; C:\Windows\System32\DRIVERS\qcusbser.sys [247872 2015-06-17] (FORGE Incorporated)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13536 2015-05-27] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-04] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-07-19] (Acronis International GmbH)
S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain) [File not signed]
S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-04] (Unibrain) [File not signed]
S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-04] (Unibrain) [File not signed]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-04-26] (Acronis International GmbH)
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 cpuz135; \??\C:\Program Files (x86)\CPUID\PC Wizard 2012\pcwiz_x64.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GENERICDRV; \??\H:\Desktop\Z77 Extreme4(2.90)WIN\amifldrv64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 10:37 - 2015-09-05 10:37 - 00001062 _____ C:\MBAM-09032015.txt
2015-09-04 08:13 - 2015-09-04 23:25 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\MediaMonkey
2015-09-04 08:13 - 2015-09-04 08:13 - 00000000 ____D C:\Program Files (x86)\MediaMonkey
2015-09-04 07:55 - 2015-09-04 07:55 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopyTrans Control Center
2015-09-03 21:24 - 2015-09-03 21:25 - 00000000 ____D C:\Users\Daniel\.oracle_jre_usage
2015-09-03 21:24 - 2015-09-03 21:24 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Sun
2015-09-03 19:29 - 2015-09-03 19:29 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 18:41 - 2015-09-02 18:41 - 00000655 _____ C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-08-27 08:34 - 2015-08-27 08:34 - 00000000 ____D C:\Program Files\Pale Moon
2015-08-27 08:32 - 2015-08-27 08:32 - 00000000 ____D C:\Program Files (x86)\Pale Moon
2015-08-24 19:18 - 2015-08-24 19:18 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2015-08-24 19:09 - 2015-09-03 21:18 - 00000000 ____D C:\AdwCleaner
2015-08-24 19:07 - 2015-09-07 22:15 - 00000000 ____D C:\FRST
2015-08-23 22:44 - 2015-09-06 23:14 - 00000000 ____D C:\Users\Public\NPVR
2015-08-23 22:44 - 2015-08-23 22:44 - 00000000 ____D C:\Program Files (x86)\NPVR
2015-08-23 22:38 - 2015-08-23 23:46 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Kodi
2015-08-23 22:38 - 2015-08-23 22:38 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-08-23 22:37 - 2015-08-23 22:38 - 00000000 ____D C:\Program Files (x86)\Kodi
2015-08-21 03:00 - 2015-08-10 18:20 - 25191936 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-21 03:00 - 2015-08-10 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-21 03:00 - 2015-08-10 17:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-21 03:00 - 2015-08-10 17:20 - 19871232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-17 22:29 - 2015-08-17 22:29 - 00800960 _____ C:\Windows\Minidump\081715-24804-01.dmp
2015-08-12 03:21 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:21 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-11 11:22 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-11 11:22 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-11 11:22 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-11 11:22 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-11 11:22 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-11 11:22 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-11 11:22 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-11 11:22 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-11 11:22 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-11 11:22 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-11 11:22 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-11 11:22 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-11 11:22 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-11 11:22 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-11 11:22 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-11 11:22 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-11 11:22 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-11 11:22 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-11 11:22 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-11 11:22 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-11 11:22 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-11 11:22 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-11 11:22 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-11 11:22 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-11 11:22 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-11 11:22 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-11 11:22 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-11 11:22 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-11 11:22 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-11 11:22 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-11 11:22 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-11 11:22 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-11 11:22 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-11 11:22 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-11 11:22 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-11 11:22 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-11 11:22 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-11 11:22 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-11 11:22 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-11 11:22 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-11 11:22 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-11 11:22 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-11 11:22 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-11 11:22 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-11 11:22 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-11 11:22 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-11 11:22 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-11 11:22 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-11 11:22 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-11 11:22 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-11 11:22 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-11 11:22 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-11 11:22 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-11 11:22 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-11 11:22 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-11 11:22 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-11 11:22 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-11 11:22 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-11 11:22 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-11 11:22 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-11 11:22 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-11 11:22 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-11 11:22 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-11 11:22 - 2015-07-16 12:12 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 11:22 - 2015-07-16 12:11 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-11 11:22 - 2015-07-16 12:11 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-11 11:22 - 2015-07-16 12:11 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-11 11:22 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-11 11:22 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-11 11:22 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-11 11:22 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-11 11:22 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-11 11:22 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-11 11:22 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-11 11:22 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-11 11:22 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-11 11:22 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-11 11:22 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-11 11:22 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-11 11:22 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-11 11:22 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-11 11:22 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-11 11:22 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-11 11:22 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-11 11:22 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-11 11:22 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-11 11:22 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-11 11:22 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-11 11:22 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-11 11:22 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-11 11:22 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-11 11:22 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-11 11:22 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-11 11:22 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-11 11:22 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-11 11:22 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-11 11:22 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-11 11:22 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-11 11:22 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-11 11:22 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-11 11:22 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-11 11:22 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-11 11:22 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-11 11:22 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-11 11:22 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-11 11:22 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-11 11:22 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-11 11:22 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-11 11:22 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-08-11 11:22 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-11 11:22 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-11 11:22 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-11 11:22 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-08-11 11:22 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-11 11:22 - 2015-07-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-11 11:22 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-11 11:22 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 11:22 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-11 11:22 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 11:22 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 11:22 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-11 11:22 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-11 11:22 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 11:22 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-09 13:11 - 2015-08-09 13:11 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenIV

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-07 21:43 - 2013-04-24 22:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-07 21:22 - 2015-04-12 10:00 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA.job
2015-09-07 21:20 - 2013-04-25 00:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-07 21:18 - 2015-06-17 21:07 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA.job
2015-09-07 20:35 - 2015-06-29 20:35 - 00001022 _____ C:\Windows\Tasks\1ZjCPP5Yxze2RL2eX2hefr7.job
2015-09-07 17:56 - 2009-07-13 21:45 - 00025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-07 17:56 - 2009-07-13 21:45 - 00025232 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-07 17:20 - 2014-05-29 06:37 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-07 13:43 - 2013-04-24 22:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-07 13:17 - 2014-05-15 03:20 - 01277820 _____ C:\Windows\WindowsUpdate.log
2015-09-07 07:18 - 2015-06-17 21:07 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core.job
2015-09-07 02:22 - 2015-04-12 10:00 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core.job
2015-09-05 16:26 - 2013-04-25 00:56 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\foobar2000
2015-09-05 12:25 - 2009-07-13 22:13 - 00788438 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-05 12:19 - 2015-07-05 16:37 - 00000000 ___RD C:\Users\Daniel\iCloudDrive
2015-09-05 12:19 - 2015-01-25 17:08 - 00026908 _____ C:\Windows\error.log
2015-09-05 12:19 - 2015-01-25 16:36 - 00074372 _____ C:\Windows\setupact.log
2015-09-05 12:19 - 2013-04-24 22:14 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\Dropbox
2015-09-05 12:19 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 12:18 - 2015-01-25 17:07 - 00006132 _____ C:\Windows\errord.log
2015-09-05 12:12 - 2013-05-03 19:31 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\vlc
2015-09-04 08:13 - 2013-04-24 21:56 - 00000000 ____D C:\Users\Daniel
2015-09-04 07:59 - 2013-05-11 12:39 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\WindSolutions
2015-09-03 21:25 - 2015-07-01 08:47 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-03 21:25 - 2014-12-28 18:08 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-09-03 21:25 - 2013-04-24 22:12 - 00000000 ____D C:\Program Files\Java
2015-09-03 21:03 - 2015-01-29 23:40 - 00146678 _____ C:\Windows\PFRO.log
2015-09-03 21:02 - 2013-06-19 22:12 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\KeePass
2015-09-03 08:46 - 2015-04-26 23:29 - 00003026 _____ C:\Windows\System32\Tasks\MSIAfterburner
2015-09-01 08:42 - 2015-04-14 23:56 - 00000080 _____ C:\Users\Daniel\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-08-29 02:17 - 2015-04-12 10:00 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA
2015-08-29 02:17 - 2015-04-12 10:00 - 00003492 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core
2015-08-27 13:38 - 2013-04-24 22:11 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-27 13:38 - 2013-04-24 22:11 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-22 03:57 - 2013-04-25 13:52 - 00000000 ____D C:\Windows\Panther
2015-08-22 03:37 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-21 19:45 - 2014-03-25 08:03 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-20 20:42 - 2015-04-14 23:56 - 00000000 ____D C:\Program Files\Rockstar Games
2015-08-20 20:42 - 2015-01-27 23:34 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-08-20 10:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-17 22:29 - 2015-01-26 08:47 - 687224002 ____N C:\Windows\MEMORY.DMP
2015-08-17 22:29 - 2013-04-29 15:08 - 00000000 ____D C:\Windows\Minidump
2015-08-17 16:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system
2015-08-16 13:08 - 2013-08-21 21:03 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-08-12 07:20 - 2013-04-25 00:28 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 07:20 - 2013-04-25 00:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 07:20 - 2013-04-25 00:28 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 04:27 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-08-12 03:39 - 2015-01-26 21:38 - 00000000 ___RD C:\Users\Daniel\Virtual Machines
2015-08-12 03:38 - 2015-02-11 23:05 - 05060552 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 03:38 - 2014-05-29 06:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 03:38 - 2014-05-29 06:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 03:37 - 2014-12-16 04:15 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-12 03:37 - 2014-04-27 20:37 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-12 03:14 - 2009-07-13 19:34 - 00000521 _____ C:\Windows\win.ini
2015-08-12 03:13 - 2013-08-14 03:00 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 03:00 - 2013-04-24 23:10 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-09 13:11 - 2015-01-31 12:02 - 00000000 ____D C:\Users\Daniel\AppData\Roaming\New Technology Studio
2015-08-09 12:26 - 2013-06-19 22:01 - 00000000 ____D C:\Program Files (x86)\KeePass Password Safe 2
2015-08-08 11:46 - 2013-04-24 22:12 - 00000000 ____D C:\Program Files (x86)\Notepad++

==================== Files in the root of some directories =======

2013-02-07 05:22 - 2013-02-07 05:22 - 0050330 _____ () C:\Program Files (x86)\AntiDust.exe
2014-10-29 23:30 - 2014-10-29 23:30 - 2919548 _____ (Popcorn Official) C:\Program Files (x86)\update.exe
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Daniel\AppData\Roaming\1ZjCPP5Yxze2RL2eX2hefr7
2013-06-01 13:37 - 2015-02-09 22:42 - 0000600 _____ () C:\Users\Daniel\AppData\Roaming\winscp.rnd
2015-02-17 00:28 - 2015-06-29 21:00 - 0269408 _____ () C:\Users\Daniel\AppData\Local\ars.cache
2015-02-17 00:28 - 2015-06-29 21:01 - 0709228 _____ () C:\Users\Daniel\AppData\Local\census.cache
2015-06-07 04:00 - 2015-06-07 04:00 - 0003584 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-17 00:15 - 2015-02-17 00:15 - 0000036 _____ () C:\Users\Daniel\AppData\Local\housecall.guid.cache
2015-02-17 00:20 - 2015-06-29 22:32 - 0000010 _____ () C:\Users\Daniel\AppData\Local\sponge.last.runtime.cache
2015-09-05 12:19 - 2015-09-05 12:19 - 0000000 ____H () C:\ProgramData\cm-lock

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\crypserv.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-01 00:52

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by Daniel (2015-09-07 22:16:10)
Running from F:\Desktop
Windows 7 Professional Service Pack 1 (X64) (2013-04-25 04:56:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2615940715-1781691088-1086637195-500 - Administrator - Disabled)
Daniel (S-1-5-21-2615940715-1781691088-1086637195-1000 - Administrator - Enabled) => C:\Users\Daniel
Guest (S-1-5-21-2615940715-1781691088-1086637195-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2615940715-1781691088-1086637195-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29544 - BitTorrent Inc.)
3DMark (HKLM-x32\...\Steam App 223850) (Version:  - Futuremark)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ableton Live 9 Lite (HKLM-x32\...\{74A6E854-0D65-4DAB-8DF9-86BE41824EBF}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{F6BA3E9F-8637-4DCE-BBA8-75A6A57A9D0B}) (Version: 9.0.0.0 - Ableton)
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Shockwave Player + Authorware Web Player (HKLM-x32\...\Adobe Shockwave Player + Authorware Web Player) (Version: v12.1.0.150 - Adobe Systems, Inc.)
Alan Wake version 1.06.17.0155 (HKLM-x32\...\{74611C18-BF63-415E-91A0-2876E46BBE67}_is1) (Version: 1.06.17.0155 - Remedy Entertainment, Inc.)
Amazon Music (HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Amazon Amazon Music) (Version: 3.7.1.698 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{8DF1EF50-AEB6-902C-F68C-4683C45784E6}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AnyTrans 4.3.0 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.3.0 - iMobie Inc.)
AOMEI Backupper Standard Edition 2.0 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Standard Edition 5.5 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{06A333EA-4E9D-4848-865F-FE5A1E12AB30}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.16.0 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Avidemux 2.6 - 64bits (HKLM-x32\...\Avidemux 2.6 - 64bits (64-bit)) (Version: 2.6.7.8981 - )
Back to the Future: Ep 1 - It's About Time (HKLM-x32\...\Steam App 31290) (Version:  - Telltale Games)
Back to the Future: Ep 2 - Get Tannen! (HKLM-x32\...\Steam App 94500) (Version:  - Telltale Games)
Back to the Future: Ep 3 - Citizen Brown (HKLM-x32\...\Steam App 94510) (Version:  - Telltale Games)
Back to the Future: Ep 4 - Double Visions (HKLM-x32\...\Steam App 94520) (Version:  - Telltale Games)
Back to the Future: Ep 5 - OUTATIME (HKLM-x32\...\Steam App 94530) (Version:  - Telltale Games)
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
Beneath a Steel Sky (HKLM-x32\...\Beneath a Steel Sky_is1) (Version:  - GOG.com)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BOSS Userlist Manager (HKLM-x32\...\{F0AB569C-99EF-4F4D-992D-2206E354C903}) (Version: 6.7.2 - Surazal)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 14.8.5.1 - Broadcom Corporation)
Brothers - A Tale of Two Sons (HKLM-x32\...\Steam App 225080) (Version:  - Starbreeze Studios AB)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{019D043C-13E9-49D2-851A-667AB4D5D154}) (Version: 4.5.5.5571 - Canneverbe Limited)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Clear Sky Complete (HKLM-x32\...\{Clear Sky Complete v1.1.3}}_is1) (Version:  - )
CM Installer (HKLM-x32\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Cool Edit Pro 2.1 (HKLM-x32\...\Cool Edit Pro 2.1) (Version:  - )
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
CPUID CPU-Z 1.64.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.22 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CPUID PerfMonitor 2.00 (HKLM\...\CPUID PerfMonitor2_is1) (Version: 2.00 - CPUID, Inc.)
CrashPlan (HKLM-x32\...\{9854AEDC-EEB0-4182-B137-626CFC2F38E8}) (Version: 3.6.3 - Code 42 Software)
Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.44 - Creative Technology Limited)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative AutoMode Switcher (HKLM-x32\...\Creative AutoMode Switcher) (Version: 1.00 - Creative Technology Limited)
Creative Console Launcher (HKLM-x32\...\Console Launcher) (Version: 2.61 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.41 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: 1.03 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DayZ Commander (HKLM-x32\...\{99C28455-E285-4639-B4C6-9F747C0C3D4C}) (Version: 0.92.90 - Dotjosh Studios)
Dead Space™ (HKLM-x32\...\{9789E33B-317A-44B2-AF9A-FF8708AD93E0}) (Version: 1.0.0.222 - Electronic Arts)
Debloater (HKLM-x32\...\{2045C97A-8D9A-47E2-A76A-E6A69CB7030B}) (Version: 3.90 - Gatesjunior Developer)
D-Fend Reloaded 1.3.4 (deinstall) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.4 - Alexander Herzog)
Dimension Pro 1.5 (HKLM-x32\...\DimensionPro_x64_is1) (Version: 18.0 - Cakewalk Music Software)
Dropbox (HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
DVDFab 9.0.4.7 (26/06/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
EA Installer (HKLM-x32\...\EA Installer.-550179308) (Version: 2.2.0.62 - Electronic Arts, Inc.)
EA Shared Game Component: Activation (HKLM-x32\...\com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 2.2.0.62 - Electronic Arts)
EA Shared Game Component: Activation (x32 Version: 2.2.0 - Electronic Arts) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Evoluent Mouse Manager (HKLM\...\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}) (Version: 4.0.0 - Evoluent)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Fallout (HKLM-x32\...\GOGPACKFALLOUT_is1) (Version: 2.0.0.14 - GOG.com)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout Fixt alpha 6.7.2 - Full Custom (HKLM-x32\...\{83D6B5DC-9C8C-4DE2-B66C-14FA5C8680B5}_is1) (Version: alpha 6.7.2 - Full Custom - Sduibek)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Final Fantasy VII (HKLM-x32\...\Final Fantasy VII) (Version:  - )
FL Studio 10 (HKLM-x32\...\FL Studio 10) (Version:  - Image-Line)
Flawless Widescreen version 1.0.15 (HKLM-x32\...\{7348D82E-8C68-48FF-BA2D-8C97B5B4B3D8}_is1) (Version: 1.0.15 - Flawless Widescreen)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
FOMM 0.14.11.12 (HKLM-x32\...\{072C2AEF-16B2-46B7-BA7F-D0CAA7B4F89F}_is1) (Version:  - Prideslayer)
foobar2000 v1.3.1 (HKLM-x32\...\foobar2000) (Version: 1.3.1 - Peter Pawlowski)
FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
Full Combat Rebalance 2 version 1.2 (HKLM-x32\...\Full Combat Rebalance 2_is1) (Version: 1.2 - Andrzej Kwiatkowski)
Futuremark SystemInfo (HKLM-x32\...\{EF7EA37B-C009-4D53-AE2A-FF7C6AEC35CE}) (Version: 4.26.386 - Futuremark)
Game of Thrones - A Telltale Games Series (HKLM-x32\...\Steam App 330840) (Version:  - Telltale Games)
GameStop App (HKLM-x32\...\GameStop App) (Version: 4.00 - GameStop)
GameStop App (x32 Version: 4.00 - GameStop) Hidden
GECK - New Vegas Edition (HKLM-x32\...\Steam App 22480) (Version:  - )
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\{037FADB6-2BF2-33F9-B7AA-6E48A4543749}) (Version: 65.96.32832 - Google, Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
Grim Fandango Remastered (HKLM-x32\...\1207667183_is1) (Version: 2.1.0.5 - GOG.com)
GTA San Andreas 2013 version 1.0 (HKLM-x32\...\{193B8177-B13F-4267-85EC-E31F9145269B}_is1) (Version: 1.0 - JOKER)
GTA San Andreas Control Center v2.1.1 (HKLM-x32\...\GTA San Andreas Control Center v2.1.1) (Version: Release 2.1.1 - open source)
H&R Block Deluxe + Efile + State 2013 (HKLM-x32\...\{EDE796DE-0A72-464D-9D21-F04BC41A092B}) (Version: 13.05.7601 - HRB Technology, LLC.)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version:  - Filip Victor)
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
HDHomeRun (HKLM\...\{DBB4E17D-09D8-47A6-96B9-876093092284}) (Version: 1.0.12225.0 - Silicondust)
I Have No Mouth, and I Must Scream (HKLM-x32\...\GOGPACKIHAVENOMOUTH_is1) (Version: 2.0.0.7 - GOG.com)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iFunbox (v2.95.2610.819), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.95.2610.819 - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Jade Empire (HKLM-x32\...\1207659237_is1) (Version: 2.1.0.8 - GOG.com)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Jurassic Park: The Game (HKLM-x32\...\Steam App 201830) (Version:  - Telltale Games)
KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.1.28.137 - Recisio)
Karaoki (HKLM-x32\...\{9F576D1C-99D7-4FBD-8859-56E9DE4AB68B}_is1) (Version: 0.8.5155.23763 - APW Electronic Services)
KeepAliveHD 1.3 beta (HKLM-x32\...\{8623BFAD-9E79-4188-9EB4-9740CEDD3B44}_is1) (Version:  - Megabit d.o.o.)
KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
K-Lite Codec Pack 11.1.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.1.0 - )
Kodi (HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Kodi) (Version:  - XBMC-Foundation)
Lands Of Lore - Guardians of Destiny (HKLM-x32\...\1207662563_is1) (Version: 2.1.0.17 - GOG.com)
Lands Of Lore - The Throne of Chaos (HKLM-x32\...\1207662513_is1) (Version: 2.1.0.19 - GOG.com)
Lands of Lore 3 (HKLM-x32\...\1207659094_is1) (Version: 2.1.0.10 - GOG.com)
MakeMKV v1.8.3 (HKLM-x32\...\MakeMKV) (Version: v1.8.3 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47CD-87CD-13E68B676E4F}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4E70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Max Payne 2 (HKLM-x32\...\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}) (Version: 1.01.102 - )
Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version:  - Remedy Entertainment)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEGAsync 1.0.22 (HKLM-x32\...\MEGAsync) (Version: 1.0.22 - Mega Limited)
Melodyne Runtime 4.1 (x64) (HKLM\...\{53EE2829-E9DB-4913-B3EA-96F10F84E98B}) (Version: 1.0.1 - Celemony Software GmbH)
Melodyne singletrack (HKLM-x32\...\{16DF894D-FC3F-4B87-908D-671E201CD7A8}) (Version: 2.01.0202 - Celemony Software GmbH)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Metro - Last Light Redux (HKLM-x32\...\1430740172_is1) (Version: 2.0.0.2 - GOG.com)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Lync 2010 Attendee (HKLM-x32\...\{6F72D695-5188-4484-B21E-E16CD89C4008}) (Version: 4.0.7577.4446 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2010 (HKLM-x32\...\{FA8E7AF5-C70E-3274-9740-9E697FBD5BB7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
MiniTool Partition Wizard Professional Edition 7.5 (HKLM-x32\...\{160479AF-4A05-4EE5-B3E7-1625227567EB}_is1) (Version:  - MiniTool Solution Ltd.)
MKVcleaver 64 bit (HKLM\...\{CFD81FD9-3D51-4C3B-80C8-09A9F193ED53}) (Version: 6.0.2 - Ilia Bakhmoutski (sheck))
MKVToolNix 6.3.0 (HKLM-x32\...\MKVToolNix) (Version: 6.3.0 - Moritz Bunkus)
MSI Afterburner 4.1.1 (HKLM-x32\...\Afterburner) (Version: 4.1.1 - MSI Co., LTD)
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
NextPVR (HKLM-x32\...\NextPVR) (Version:  - )
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.0 - Vitalwerks Internet Solutions LLC)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Octoshape Streaming Services (HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
ownCloud (HKLM-x32\...\ownCloud) (Version: 1.5.4.2686 - ownCloud)
Pale Moon 25.7.0 (x64 en-US) (HKLM\...\Pale Moon 25.7.0 (x64 en-US)) (Version: 25.7.0 - Moonchild Productions)
Pale Moon 25.7.0 (x86 en-US) (HKLM-x32\...\Pale Moon 25.7.0 (x86 en-US)) (Version: 25.7.0 - Moonchild Productions)
Papers, Please (HKLM-x32\...\GOGPACKPAPERSPLEASE_is1) (Version: 2.4.0.10 - GOG.com)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PC Wizard 2013.2.12 (HKLM-x32\...\PC Wizard 2013_is1) (Version:  - CPUID)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.1 - pdfforge)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PhoneRescue 1.6.2 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 1.6.2 - iMobie Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
Pillars of Eternity (HKLM-x32\...\Steam App 291650) (Version:  - Obsidian Entertainment)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Popcorn Time (HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\Popcorn Time) (Version:  - Popcorn Official)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.7 comtypes-0.6.2 (HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\...\comtypes-py2.7) (Version:  - )
Python 2.7 pywin32-219 (HKLM-x32\...\pywin32-py2.7) (Version:  - )
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
Quest for Glory II: Trial by Fire (2.0) (HKLM-x32\...\{486CC64F-030A-4C9A-8716-87E26D28FQFG2VGA}_is1) (Version: 2.0 - AGD Interactive, LLC)
Rapture 1.2.2 (HKLM-x32\...\Rapture_x64_is1) (Version: 18.0 - Cakewalk Music Software)
Red 2 & Red 3 Plug-in Suite version 1.0 (HKLM\...\Red 2 & Red 3 Plug-in Suite_is1) (Version: 1.0 - Focusrite Audio Engineering Limited)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Roberta Williams' Phantasmagoria (HKLM-x32\...\1207658834_is1) (Version: 2.1.0.15 - GOG.com)
RoboForm 7-9-2-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-2-2 - Siber Systems)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version:  - Ubisoft - San Francisco)
Rockstar Games Social Club (HKLM-x32\...\{08B3869E-D282-424C-9AFC-870E04A4BA14}) (Version: 1.00.0000 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
S.T.A.L.K.E.R. - Lost Alpha (HKLM-x32\...\S.T.A.L.K.E.R. - Lost Alpha_is1) (Version: S.T.A.L.K.E.R. - Lost Alpha - RePack by SeregA-Lus)
S.T.A.L.K.E.R. Call of Pripyat (HKLM-x32\...\GOGPACKSTALKERCOP_is1) (Version: 2.0.0.12 - GOG.com)
S.T.A.L.K.E.R. Clear Sky (HKLM-x32\...\GOGPACKSTALKERSTCS_is1) (Version: 2.0.0.8 - GOG.com)
S.T.A.L.K.E.R.: Lost Alpha version 1.3003 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3003 - dezowave)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Scarlett Plug-in Suite 1.7 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.7 - Focusrite)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
SDK Debuggers (x32 Version: 8.100.26837 - Microsoft Corporation) Hidden
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SimCity 4 Deluxe Edition (HKLM-x32\...\1207664593_is1) (Version: 2.1.0.11 - GOG.com)
Skyrim Performance Monitor (HKLM-x32\...\{84AEB93A-ECBB-4568-8F59-D4516EF59079}) (Version: 3.54 - SirGarnon on Skyrim Nexus)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
SONAR X3 Producer (x64) (HKLM-x32\...\SONARX3Producer_x64_is1) (Version: 20.0 - Cakewalk Music Software)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Star Wars - Jedi Knight II: Jedi Outcast (HKLM-x32\...\Steam App 6030) (Version:  - Raven Software)
Star Wars Jedi Knight: Dark Forces II (HKLM-x32\...\Steam App 32380) (Version:  - LucasArts)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version:  - LucasArts)
Star Wars Starfighter (HKLM-x32\...\Steam App 32350) (Version:  - LucasArts)
Star Wars: Dark Forces (HKLM-x32\...\Steam App 32400) (Version:  - LucasArts)
Star Wars: Empire at War Gold (HKLM-x32\...\Steam App 32470) (Version:  - Petroglyph)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version:  - Obsidian Entertainment)
Star Wars: The Force Unleashed II (HKLM-x32\...\Steam App 32500) (Version:  - Aspyr Studios)
Star Wars: The Force Unleashed Ultimate Sith Edition (HKLM-x32\...\Steam App 32430) (Version:  - LucasArts)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
Syndicate (HKLM-x32\...\{64CFBAAB-46F7-4628-8D9B-E656A8C11CDB}) (Version: 2.0.0.3 - Electronic Arts)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
TextPad 7 (HKLM\...\{52C23381-8FED-4DB0-A07F-CCE9C9061475}) (Version: 7.1.0 - Helios)
The Elder Scrolls IV: Oblivion  (HKLM-x32\...\Steam App 22330) (Version:  - Bethesda Game Studios)
The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Maxifier (HKLM-x32\...\The Maxifier) (Version:  - Gary Smith)
The Maxifier (x32 Version: 1.4 - Gary Smith) Hidden
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\GOGPACKTHEWITCHER2EE_is1) (Version: 3.4.0.25 - GOG.com)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.7.0 - GOG.com)
Thief (HKLM-x32\...\Steam App 239160) (Version:  - Eidos-Montréal)
THX Setup Console (HKLM-x32\...\THX_Console_Unicode) (Version:  - )
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
TSLRCM 1.8.3 (HKLM-x32\...\The Sith Lords Restored Content Mod_is1) (Version:  - )
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{A7500970-FE98-11E1-B560-F04DA23A5C58}) (Version: 12.0.367 - Sony)
Vegas Pro 13.0 (64-bit) (HKLM\...\{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}) (Version: 13.0.290 - Sony)
VidCoder 1.4.22 (x64) (HKLM\...\VidCoder-x64_is1) (Version: 1.4.22 - RandomEngy)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version:  - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Volume Panel (HKLM-x32\...\Creative Volume Panel) (Version: 2.21 - Creative Technology Limited)
Wasteland (HKLM-x32\...\GOGPACKWASTELAND_is1) (Version: 2.0.0.5 - GOG.com)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5800 - Broadcom Corporation)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Palm (WinUSB) Palm Devices  (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{dfe9c941-2d53-42eb-8631-05ab80216136}) (Version: 8.100.26837 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinSCP 5.7.4 (HKLM-x32\...\winscp3_is1) (Version: 5.7.4 - Martin Prikryl)
Wondershare MobileTrans ( Version 6.0.5 ) (HKLM-x32\...\{18CDCEAA-A9E4-4A4C-AC0E-C15E87C30EA5}_is1) (Version: 6.0.5 - Wondershare)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
Zona (HKLM-x32\...\Zona)) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2615940715-1781691088-1086637195-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

27-08-2015 21:45:47 Windows Update
31-08-2015 09:33:22 Windows Update
03-09-2015 20:55:54 JRT Pre-Junkware Removal
04-09-2015 21:30:20 Windows Update
05-09-2015 12:13:55 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-04-26 17:30 - 00000915 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activation.acronis.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01C76CB8-B34E-4E12-B395-E53075DF1CEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {09C8D99E-F683-4AA3-8A8F-915AC2BBAA77} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {0DF89A0F-804C-406E-BA9C-B40C9E812A00} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-11-09] ()
Task: {1AFEF97D-F888-407D-8D39-2F22770A0E6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {1CC9BD3E-1067-405C-AB14-B99917581B13} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-05] (Google Inc.)
Task: {1E7FCBA7-9043-4E6D-8F88-0E82C6207052} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {2864F35F-C0F1-41DB-BE79-77E0390FC7CA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {2D7DBEDF-B150-4587-8E36-AC59CD92F525} - System32\Tasks\SKY => E:\Game2\Steam\SteamApps\common\skyrim\skse_loader.exe
Task: {346B3104-6FCD-4BB1-B120-784213D1108C} - System32\Tasks\{4CF20475-6433-421D-AAA2-8E80888D0486} => msiexec.exe /package "H:\Desktop\SlimDX Runtime .NET 2.0 (January 2012).msi"
Task: {371FC374-1D47-4084-A700-C4A2CA4306FC} - System32\Tasks\{AE180D8E-13B4-430D-AC65-1A077CC27726} => c:\program files\pale moon\palemoon.exe [2015-08-27] (Moonchild Productions)
Task: {374D65C6-EA03-4FE5-9B66-5AFDBB59FA36} - System32\Tasks\{A0A5FFC1-54F0-4281-8E95-08186263930A} => pcalua.exe -a H:\TEMP\jre-8u51-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {3B23F731-AFA0-4CF8-8C04-538757BD9784} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-09-26] (Siber Systems)
Task: {439C485D-AB68-4251-8D4E-361BC1D9FF8D} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2015-05-27] ()
Task: {4B82F49D-4022-470B-B59D-283E4C98EEC3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {4C91C0C2-5A9F-4972-B5B5-48662C3744F4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {5D83A2EC-8447-405F-B0F3-3A9B983FCD34} - \ProPCCleaner_Popup -> No File <==== ATTENTION
Task: {69640584-60DC-422B-9338-F78C60F3CB41} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMOMGMKJJMNJLJLJOMCNLJPMLMHMCNLMMJOMPMCNGMOMLJNJCNIMNJPMJJLJKMLJNJJJMMJMIMJNJICMIMCNGMCNNMFMGMCNOMPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMNMIMIMJNHICMNIJJHJPIOMJNBJCMLLOJBJGJKJDJJNKJCMJNNICMJNDJCMKJBJ"
Task: {70559F50-072F-4A83-B450-88175E52129C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core => C:\Users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {7ECE86BB-CAEA-484F-B41D-99AB62E5F922} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {8C771C54-6F0E-4580-B7FA-0CF885725636} - System32\Tasks\{078BE44F-1612-4EA8-8F09-676129FFBA76} => c:\program files\pale moon\palemoon.exe [2015-08-27] (Moonchild Productions)
Task: {AC2775B5-81C2-4429-93A0-DD15C7A72F45} - System32\Tasks\Amazon Music Helper => C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe [2014-12-07] ()
Task: {B1BCD84A-BC1C-42D9-94DE-4AB17B3C8CD0} - System32\Tasks\{BAF8F1EE-FBCC-4841-9C77-26E99E17589D} => msiexec.exe /package "F:\Desktop\OPO\UniversalAdbDriverSetup.msi"
Task: {C0193C8C-DFB4-445E-9781-17AB8585D247} - \ProPCCleaner_Start -> No File <==== ATTENTION
Task: {CE4B94B8-B68A-4037-96EE-EF68A8DF412D} - System32\Tasks\1ZjCPP5Yxze2RL2eX2hefr7 => C:\Users\Daniel\AppData\Roaming\1ZjCPP5Yxze2RL2eX2hefr7.exe <==== ATTENTION
Task: {D5B81DDA-42D7-4CF2-8E3E-4CE94F72F50F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {DC7A46BF-DAC0-43C9-9261-A0A0749E0FE5} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {EAF83529-010A-4F98-9823-1F0E173EDA5C} - System32\Tasks\{1F56D254-6C4C-4D29-A538-F5BFA4B681B8} => pcalua.exe -a F:\Desktop\winsdk_web.exe -d F:\Desktop
Task: {F1958275-4E21-4B30-A449-75AA0378B013} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA => C:\Users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\1ZjCPP5Yxze2RL2eX2hefr7.job => C:\Users\Daniel\AppData\Roaming\1ZjCPP5Yxze2RL2eX2hefr7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core.job => C:\Users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA.job => C:\Users\Daniel\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000Core.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2615940715-1781691088-1086637195-1000UA.job => C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2010-07-14 21:44 - 2010-07-14 21:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-04-15 13:13 - 2015-04-15 13:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-05-01 07:13 - 2014-05-01 07:13 - 00470016 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 08817658 _____ () C:\Program Files\pia_manager\pia_manager.exe
2015-05-27 03:05 - 2015-05-27 03:05 - 00578272 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2015-02-15 01:44 - 2014-05-25 02:33 - 00222720 _____ () C:\Program Files (x86)\Flawless Widescreen\BeaEngine.dll
2013-08-06 21:39 - 2013-05-30 14:23 - 00305152 _____ () C:\Program Files (x86)\Megabit\KeepAliveHD\KeepAliveHD.exe
2015-08-09 12:26 - 2015-08-09 12:26 - 00046080 _____ () C:\Users\Daniel\AppData\Local\KeePass\PluginCache\jebjdIGjgINUTRghJrXC\Fleck2.dll
2013-06-19 22:01 - 2015-08-09 09:50 - 00385968 _____ () C:\Program Files (x86)\KeePass Password Safe 2\KeePass.XmlSerializers.dll
2014-06-27 00:12 - 2014-12-07 23:27 - 06277952 _____ () C:\Users\Daniel\AppData\Local\Amazon Music\Amazon Music Helper.exe
2009-10-25 23:20 - 2009-10-25 23:20 - 00212992 _____ () C:\Program Files (x86)\The Maxifier\The Maxifier.exe
2014-03-25 08:03 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-04-28 14:01 - 2013-12-24 23:43 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-04-25 01:57 - 2014-11-09 11:19 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2015-08-27 08:34 - 2015-08-27 08:34 - 04091904 _____ () C:\Program Files\Pale Moon\mozjs.dll
2015-08-12 07:20 - 2015-08-12 07:20 - 24105672 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll
2015-05-18 04:43 - 2015-05-18 04:43 - 00071680 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2015-05-18 04:43 - 2015-05-18 04:43 - 00057856 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2015-05-18 04:43 - 2015-05-18 04:43 - 00218624 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2015-05-22 03:56 - 2015-05-22 03:56 - 00357888 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2015-05-22 04:36 - 2015-05-22 04:36 - 00649216 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-05-15 16:27 - 2015-05-15 16:27 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-09-05 12:19 - 2015-09-05 12:19 - 00071168 _____ () h:\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxsw8zy.dll
2015-03-04 14:45 - 2015-08-04 22:26 - 00012800 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-08-04 22:26 - 00779776 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 20:20 - 2015-08-04 22:26 - 00056320 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 14:45 - 2015-08-04 22:26 - 00012288 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00237272 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\UiLogic.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\diskmgr.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00171736 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\Comn.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\Ldm.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\Device.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00257752 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\BrFat.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00368344 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\BrNtfs.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\FuncLogic.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\Clone.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00335576 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\ImgFile.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\Encrypt.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00073432 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\Compress.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00093912 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\BrVol.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00188120 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\GptBcd.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00138968 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\FlBackup.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00478936 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\EnumFolder.dll
2014-05-29 06:04 - 2014-04-08 18:51 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper Standard Edition 2.0\Backup.dll
2014-02-19 16:17 - 2014-02-19 16:17 - 00013312 _____ () C:\Program Files (x86)\CrashPlan\md5.dll
2015-07-07 05:32 - 2015-07-07 05:32 - 00197120 _____ () C:\Program Files (x86)\CrashPlan\cpnative.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-01-07 20:29 - 2014-10-31 17:37 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-01-07 20:29 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2013-04-25 00:34 - 2009-03-26 15:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-04-25 00:34 - 2009-02-06 19:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2014-03-01 01:20 - 2014-03-01 01:20 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2015-05-27 10:26 - 2015-05-27 10:26 - 01024000 _____ () C:\Program Files (x86)\NPVR\Unmanaged.dll
2015-09-05 12:19 - 2015-09-05 12:19 - 00012800 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00009728 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00014848 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00094208 _____ () H:\TEMP\ocr6891.tmp\src\rgloader\rgloader193.mswin.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00009216 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00094208 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00126976 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00087552 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00016384 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00127316 _____ () H:\TEMP\ocr6891.tmp\bin\libffi-6.dll
2015-09-05 12:19 - 2015-09-05 12:19 - 00008704 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00013312 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00095744 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00026624 _____ () H:\TEMP\ocr6891.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00012800 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00009728 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00014848 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00094208 _____ () H:\TEMP\ocr70FA.tmp\src\rgloader\rgloader193.mswin.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00094208 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00118784 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00069120 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00083968 _____ () H:\TEMP\ocr70FA.tmp\bin\zlib1.dll
2015-09-05 12:19 - 2015-09-05 12:19 - 00026624 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00275968 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00015360 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00008192 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00009216 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00023552 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00008704 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00008704 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00008704 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00008704 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00036352 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00126976 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00087552 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00016384 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00127316 _____ () H:\TEMP\ocr70FA.tmp\bin\libffi-6.dll
2015-09-05 12:19 - 2015-09-05 12:19 - 00013312 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00095744 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2015-09-05 12:19 - 2015-09-05 12:19 - 00026624 _____ () H:\TEMP\ocr70FA.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2013-04-25 01:57 - 2014-11-09 11:19 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00180224 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00368640 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2013-04-25 01:57 - 2014-11-09 11:19 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Daniel\Local Settings:Jua5QM82rRiVPWhOUfwTR4Cl
AlternateDataStreams: C:\Users\Daniel\AppData\Local:Jua5QM82rRiVPWhOUfwTR4Cl

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2615940715-1781691088-1086637195-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: EADM => "E:\Game2\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Daniel\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "E:\Game2\Steam\Steam.exe" -silent
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: Volume2 => F:\Desktop\Volume2_1_1_3_247\Volume2\Volume2.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{C9B48B31-71AB-4560-A20B-38309BF1AED6}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{272A5C1E-B372-48B2-84E0-4D9A09672092}] => (Allow) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{23D77E98-E95D-4035-B776-D526ACD19F5A}] => (Allow) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3FF575B0-78C7-452D-8F15-7E64A31FB71F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{71977040-3DAA-4C9B-9164-55DA3E35068F}] => (Allow) LPort=2869
FirewallRules: [{FF124293-8402-4223-957B-39A0A28D0D43}] => (Allow) LPort=1900
FirewallRules: [{3CE95402-B2FE-4BE3-B7A7-B9EA9AA70DA1}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FBBB626A-02CB-44BA-B60D-C94F04704502}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{16C77F9E-38CC-47C7-B003-3260D41AA313}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_quicktv.exe
FirewallRules: [{6155C987-A244-4AFD-A103-2C44A9E31B90}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_setup.exe
FirewallRules: [{ECB9EA6E-AF40-45EA-935C-45205BECFB44}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config_gui.exe
FirewallRules: [{19337D57-E9B8-409A-83C0-EE49E987A17A}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config.exe
FirewallRules: [{2EEFB9F2-A420-46F7-8B36-2ABC230D075C}] => (Allow) C:\Windows\ehome\ehRecvr.exe
FirewallRules: [TCP Query User{63799121-F839-4CED-BEBB-733B40C9D19A}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daniel\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DF4EA186-E75B-43F5-89B4-8B22F9D1526A}C:\users\daniel\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\daniel\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C486816F-6DE8-42EB-B2F6-0CB1D3A6F1B5}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{12576ADF-C407-4FB1-9D70-46832A850B63}] => (Allow) C:\Users\Daniel\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{45CDC95B-DD3B-4D66-8078-B3C3E4FF34FF}] => (Allow) E:\Game2\Steam\Steam.exe
FirewallRules: [{2825BA5D-A29E-4C43-9E3B-154F1474082D}] => (Allow) E:\Game2\Steam\Steam.exe
FirewallRules: [{D58703AE-FF3C-4C23-8D34-56442F0ABAB5}] => (Allow) G:\Game\Battlefield 3\bf3.exe
FirewallRules: [{4D2102B8-D926-4E81-ABBE-776C5F361A60}] => (Allow) G:\Game\Battlefield 3\bf3.exe
FirewallRules: [{64A779F7-2E71-42FA-A1A9-28AEF3E37C1E}] => (Allow) G:\Game\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{A5136785-190F-476C-9586-1A70CBC014FD}] => (Allow) G:\Game\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{19CBAD7D-4DC4-4BE4-AD85-711CC56201F0}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{42C5B6F3-0C8E-4F22-958D-3A9814A971B0}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{1AE85D89-F79C-45BB-B751-B323D5FFD07E}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7CA424C0-7ECD-43AD-AD16-E82DCB0CA532}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
FirewallRules: [{7B7765F1-0D70-43D2-838D-8D0C276C26F1}] => (Allow) G:\Game\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{5747C403-8209-4027-B497-6429A06CD07C}] => (Allow) G:\Game\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{31C11A6E-5E25-45E0-8004-4C31195E64AE}] => (Allow) G:\Game\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{FE308EB3-010B-465C-8E47-E84C6A19D9AD}] => (Allow) G:\Game\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{FC0EAED9-D3A5-48E2-A09E-2A71C733CF72}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{0AAC6091-CE25-40B6-9F62-632CFEB106B0}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{BFBFC970-07A1-4B10-BE77-7B95728C44D0}] => (Allow) E:\Game2\Steam\SteamApps\common\costume quest\Cq.exe
FirewallRules: [{765BA28C-00F0-4161-A76F-0A1CF957DA9B}] => (Allow) E:\Game2\Steam\SteamApps\common\costume quest\Cq.exe
FirewallRules: [{F6F90AC7-3BA5-4671-ABA2-57455D33DAEA}] => (Allow) E:\Game2\Steam\SteamApps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{679F3019-7718-4E2F-A767-D0C5A1F0BCF2}] => (Allow) E:\Game2\Steam\SteamApps\common\Psychonauts\Psychonauts.exe
FirewallRules: [{1E32E2FF-E35E-4FD5-951E-90E9B1D36666}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe
FirewallRules: [{31B6EAB7-CEC8-4457-AA0B-91F147D7DED4}] => (Block) %ProgramFiles% (x86)\Adobe\Acrobat 11.0\Acrobat\AcroRd32.exe
FirewallRules: [{06803A6D-D2FA-444C-9A15-CFC3F34B4498}] => (Block) %ProgramFiles%\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe
FirewallRules: [{17C12633-B638-4428-A82D-60D3C6E45E62}] => (Allow) E:\Game2\Steam\SteamApps\common\Hitman Absolution\HMA.exe
FirewallRules: [{FDDF4500-8BD6-45D6-A130-69C3E22FCF25}] => (Allow) E:\Game2\Steam\SteamApps\common\Hitman Absolution\HMA.exe
FirewallRules: [{A45A341D-09EC-4A85-B669-62BBFB39121D}] => (Block) %ProgramFiles%\Sony\Vegas Pro 12.0\vegas120.exe
FirewallRules: [{23431E1A-6C4F-4EBD-824E-270FDA888606}] => (Allow) E:\Game2\Steam\SteamApps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{90E15D1C-138C-4D17-8576-E7CF822C1075}] => (Allow) E:\Game2\Steam\SteamApps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{CFB04DE3-36C3-4DAF-893A-0853CF930EF8}] => (Allow) E:\Game2\Steam\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{FA76196B-1973-45D8-B485-28F21B4B08D2}] => (Allow) E:\Game2\Steam\SteamApps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{692BF89D-B01B-4C09-86F3-730F8EE3E6E9}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{30FDA2A6-CB8A-4BA9-8A48-C6383C7B10DA}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{4EEBDA7A-FD4C-490B-B798-277C776ECF8F}] => (Allow) E:\Game2\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{684D049C-5E0A-4985-82A9-51A251B1E008}] => (Allow) E:\Game2\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{33B682B0-0FBB-4CDF-AB9D-80F19ABBF0EC}] => (Allow) E:\Game2\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{99A142CC-CE35-48F6-BE58-3567ED6F41D2}] => (Allow) E:\Game2\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{5FBABF7A-3E5F-4CA0-9EAF-8A9F9A8ED9BF}] => (Allow) E:\Game2\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{546DD030-8C87-4997-9A2C-F3F1B241F3E7}] => (Allow) E:\Game2\Steam\SteamApps\common\Portal\hl2.exe
FirewallRules: [{A550B001-A772-442E-9727-46AD03072183}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{7B6943F0-0FE9-468D-ABF7-A4050239A66B}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{727CFCDF-3CDE-4BB3-84C1-7D8D2E627386}] => (Allow) E:\Game2\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{8B23CC04-E9DE-466A-8F21-BC8B7E7DC10F}] => (Allow) E:\Game2\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{4AB252CD-4BA3-4CD5-AB6E-E046B77E54ED}] => (Allow) E:\Game2\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{7725DB24-D392-45EF-8884-61D1702C1BB2}] => (Allow) E:\Game2\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [TCP Query User{6EACAA76-3679-435F-AED1-A356350069A7}E:\game2\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) E:\game2\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [UDP Query User{CDD3E575-B311-4678-9B93-045703822E4B}E:\game2\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe] => (Allow) E:\game2\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe
FirewallRules: [{7B900A01-7CB7-45F9-AA36-720421B48390}] => (Allow) E:\Game2\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{937A1AF4-4D29-4685-875A-4C0E856EA85C}] => (Allow) E:\Game2\Steam\SteamApps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{90ADD89E-9565-4FA8-BC2E-463802510E03}] => (Allow) E:\Game2\Steam\SteamApps\common\bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{6DE82A03-60B9-4F7D-B00E-52399AAD1A78}] => (Allow) E:\Game2\Steam\SteamApps\common\bioshock 2\SP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{11798BAB-DD51-49DC-A0F3-C5A687D491E8}] => (Allow) E:\Game2\Steam\SteamApps\common\bioshock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{DCCC1444-9A23-4E2D-8F9C-747C739FE165}] => (Allow) E:\Game2\Steam\SteamApps\common\bioshock 2\MP\Builds\Binaries\Bioshock2Launcher.exe
FirewallRules: [{DE6CA86D-2204-49BE-BF7F-C46EA66A3D90}] => (Allow) E:\Game2\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{125F5CD5-FCE5-44B5-8541-43BA47D26D0B}] => (Allow) E:\Game2\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{F490BECB-0D10-4ABA-8B71-41A74D86FFE5}] => (Allow) E:\Game2\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{8ECA851D-DEC3-4E82-813D-E6DCE8CD31B9}] => (Allow) E:\Game2\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{6ECDBE10-9185-4C40-B950-E1588186477F}] => (Allow) E:\Game2\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [{EC552E8E-536B-45DA-B71B-84E689596F1A}] => (Allow) E:\Game2\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe
FirewallRules: [TCP Query User{746D58B3-C71B-45C7-9776-7BE3C0EB4FEF}C:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [UDP Query User{2E0480B9-BBB8-4C1B-BAB8-51300F2C3DF8}C:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe] => (Allow) C:\users\daniel\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe
FirewallRules: [{4728E1BF-E60D-4907-A194-517ACE496A28}] => (Allow) E:\Game2\Steam\SteamApps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{46BCA3C9-3EB1-4230-997F-39CCE217224C}] => (Allow) E:\Game2\Steam\SteamApps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{9A887306-88AC-4279-9310-2BD24B66983F}] => (Allow) E:\Game2\Steam\SteamApps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{D3DCB635-1495-4F35-B671-7DDC483980AF}] => (Allow) E:\Game2\Steam\SteamApps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{1453D707-DC71-4F19-85BD-131F1451B563}] => (Allow) E:\Game2\Steam\SteamApps\common\YNAB 4\YNAB 4.exe
FirewallRules: [{F423D28C-7438-45B7-B3CE-F4ABC39F8C83}] => (Allow) E:\Game2\Steam\SteamApps\common\YNAB 4\YNAB 4.exe
FirewallRules: [{30FFED12-706F-4DC2-95CC-34B21AC9EC61}] => (Allow) E:\Game2\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{60B43028-7E6E-4DC5-9E2B-4B050303140D}] => (Allow) E:\Game2\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{BE9C408D-B4A0-4A2B-815A-24771492DC55}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{08C577B6-C6E9-4FE0-A3F4-443E01A6F2CF}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{73B09165-A3E5-40FA-AE70-D4ABAF481724}] => (Allow) E:\Game2\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{4B7A3F95-3CBA-49C9-8AE3-50B55A3935A4}] => (Allow) E:\Game2\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{D27D6624-652F-4F41-BE69-E2E3F86390D7}] => (Allow) E:\Game2\Steam\SteamApps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{C7999EC4-2364-4B59-A36C-3400A3D6FD79}] => (Allow) E:\Game2\Steam\SteamApps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{1CCDD340-0CC0-4E48-8C0B-58EEFE581AD6}] => (Allow) E:\Game2\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{2ABBD1B4-D4D1-4985-B9E4-FBB96D83BFAA}] => (Allow) E:\Game2\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{1ADCAEFA-67F8-4E34-8FD1-F7122A267682}] => (Allow) E:\Game2\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{BC65B24C-FBBC-4FFC-9221-AD9F81274102}] => (Allow) E:\Game2\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{932AD373-0488-49EF-BB06-5B2D0E69D1F3}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{693FF8D6-13B2-43DC-9B5F-0C2A86A5A6C9}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{C73CE2EE-CA07-4968-8145-075946416CC3}] => (Allow) E:\Game2\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{110CB330-7C50-48AF-B4EF-7A34AE2919B3}] => (Allow) E:\Game2\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{092680DD-A83A-44CD-83D7-08A92BA6D71E}] => (Allow) E:\Game2\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{29BD7FB8-3A1E-477C-A2E5-A0EC07885403}] => (Allow) E:\Game2\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{21FBC604-E7EB-4832-BCE1-3DCAEFC35C87}] => (Allow) E:\Game2\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{974F6116-F149-4D1E-A885-6C2759E91B3D}] => (Allow) E:\Game2\Steam\SteamApps\common\nmrih\sdk\hl2.exe
FirewallRules: [{9D119004-A4F1-4716-AC93-B45F0A162E64}] => (Allow) E:\Game2\Steam\SteamApps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{21EC6B08-8923-417F-84FD-9FD4189B3CAE}] => (Allow) E:\Game2\Steam\SteamApps\common\nmrih\sdk\bin\Hammer.bat
FirewallRules: [{BB3AF7FD-252A-4AE9-AB84-CDB5F175178F}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{2C91521E-783F-44DF-A227-2524C64E6B63}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{89541B04-99A6-4E1B-ABE5-5E77253659E3}] => (Allow) E:\Game2\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{AFFC9CD8-5EBB-4DFD-8B9C-1458412FD921}] => (Allow) E:\Game2\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{80541A3D-1979-4EF0-8DFC-8FC17FFE4A98}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{09734E87-E326-4CF8-9B0B-8008A1471092}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EBD1A6DD-A949-4338-8B39-6DE438539859}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F68C17A1-4FFD-46E6-9E45-514CDCB4BB29}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F3A61B6F-3B1C-4751-9BFC-14F5B6A9F2EE}] => (Allow) E:\Game2\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{64E73D99-E856-41FA-A00E-B643972C9AEE}] => (Allow) E:\Game2\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{83B30411-C3F6-478B-B554-D55A0DEC7ED2}] => (Allow) E:\Game2\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{A22E99A0-2A2A-4703-AD89-5CE3ABE812ED}] => (Allow) E:\Game2\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{030CC45D-E60D-4336-A8A1-B12E5362B237}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{4620BA75-23BD-4460-A6C0-E5F821F79227}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{9243B30A-24B9-447B-B18F-5BF3BEE59CD4}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{397B2F55-D34F-45C5-AC26-AA6CBB4C3C25}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7B14FC31-230A-4437-BF1F-8CB495C93481}] => (Allow) E:\Game2\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{6FDF9E95-A950-4ADD-8B38-46F166E72F91}] => (Allow) E:\Game2\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{69EE91D7-E584-4F59-A62E-CCE59B87D864}] => (Allow) G:\SteamLibrary\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{9A430017-A6AC-406C-82DA-900B78834817}] => (Allow) G:\SteamLibrary\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{9BC43B0B-CB31-41A0-B1F5-0E8FBC1F7852}] => (Allow) G:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{5B1FCADB-5861-4244-94E2-B52DF2CB465F}] => (Allow) G:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{6858F0CA-A43B-4EA4-A6F2-EB51C792A060}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{AE2482B5-E656-4BD4-94E9-33FA9408C50A}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\3DMarkLauncher.exe
FirewallRules: [{2C4E8284-A6CA-4222-A236-DD04AB4AEA3D}] => (Allow) G:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{532A9EEF-4C42-4EB7-AD67-A29BA7247E4E}] => (Allow) G:\SteamLibrary\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{1C1E2DDF-9D97-4F46-9BFE-D79C698102B6}] => (Allow) G:\SteamLibrary\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{29CC4590-7D36-4B37-9FE1-0472F6E79BAC}] => (Allow) G:\SteamLibrary\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\BrothersLauncher.exe
FirewallRules: [{38BDB767-B727-422B-B532-98671B2E0F11}] => (Allow) G:\SteamLibrary\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{909A11AD-1E81-4A2E-9391-A8B3B10A700C}] => (Allow) G:\SteamLibrary\SteamApps\common\Brothers - A Tale of Two Sons\Binaries\Win32\Brothers.exe
FirewallRules: [{1ADB40C1-845F-4FCC-9C61-1D42DCA7BB8A}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{B80A3B7E-0298-48CC-A481-D1D72CF1176F}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{C91E6CD9-149E-44F1-B330-F126D806618C}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3DA80462-707F-406E-A3DD-18F1898DAD67}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{4302DEDE-D7CA-4567-BF65-4E323B22D44E}] => (Allow) E:\Game2\Steam\SteamApps\common\cave story+\CaveStory+.exe
FirewallRules: [{86AE9454-6D1F-4EBF-BFD1-2F9DB047C55A}] => (Allow) E:\Game2\Steam\SteamApps\common\cave story+\CaveStory+.exe
FirewallRules: [{B57AEDBB-2EC3-490E-9A21-AB14DFFD1537}] => (Allow) E:\Game2\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{8267E178-8DD8-4C2A-A3EC-3954D818F634}] => (Allow) E:\Game2\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{0643CC37-D522-4870-B7F4-BBA991523BB7}] => (Allow) G:\SteamLibrary\SteamApps\common\Max Payne 2 The Fall of Max Payne\maxpayne2.exe
FirewallRules: [{B603629D-8326-4535-A392-645746DE1D8E}] => (Allow) G:\SteamLibrary\SteamApps\common\Max Payne 2 The Fall of Max Payne\maxpayne2.exe
FirewallRules: [{7CFF07E5-EEF0-43C1-87EF-803ADB83414E}] => (Allow) C:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{7C80AE9C-0A10-465C-94DB-35268AE1B6B7}] => (Allow) C:\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{56CB5CCF-F717-40DC-83CD-A4C845E3ADFE}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{D78EC993-D571-4827-88CF-A4373725A545}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [TCP Query User{38DA1876-47B2-4C8A-9E5F-B759C6CB7815}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F1BDA991-470A-481B-8456-84481006FE3E}C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\daniel\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{46C0EE4A-53B1-4109-A898-159FFB4572D6}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe
FirewallRules: [UDP Query User{E0C675E8-474A-42A7-B3F6-CABF042588D6}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Allow) C:\program files (x86)\keepass password safe 2\keepass.exe
FirewallRules: [TCP Query User{7249F0A6-537D-44E4-B60E-FF6C44FC37C1}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Block) C:\program files (x86)\keepass password safe 2\keepass.exe
FirewallRules: [UDP Query User{1FD096C3-BB11-4767-8157-666CAE0269AB}C:\program files (x86)\keepass password safe 2\keepass.exe] => (Block) C:\program files (x86)\keepass password safe 2\keepass.exe
FirewallRules: [{2983A939-5767-4CA9-80BB-0600709BFB1E}] => (Allow) C:\Users\Daniel\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{0CA72F44-85A7-4AF2-8EA4-7AD28ED5C256}] => (Allow) G:\Game\Dead Space\Dead Space.exe
FirewallRules: [{B1D63171-3A33-482F-BAF8-A899136EF15B}] => (Allow) G:\Game\Dead Space\Dead Space.exe
FirewallRules: [{CCE29520-8A5A-45B2-82FF-FA781347AB47}] => (Allow) G:\SteamLibrary\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{DD2DE90E-D99A-40D4-86E5-767B7264844A}] => (Allow) G:\SteamLibrary\SteamApps\common\Thief\Binaries\Win64\Shipping-ThiefGame.exe
FirewallRules: [{D76DB73C-4744-4D4C-B592-DEC7FC31C9D0}] => (Allow) E:\Game2\Steam\SteamApps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{1AACE3C6-36C6-499C-8EEC-0233C33274DE}] => (Allow) E:\Game2\Steam\SteamApps\common\dungeon defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{F430A7EE-2128-41CB-85FC-42C130881B2E}] => (Allow) E:\Game2\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{6D743B1C-5FF3-4BC6-AE69-E64A9D1AA239}] => (Allow) E:\Game2\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{42EC8226-28B9-44BD-902A-2C5BDC13E5DA}] => (Allow) G:\Game\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [{B03E392A-2BD7-4658-B1D7-7F64FA70E96B}] => (Allow) G:\Game\Plants vs. Zombies\PlantsVsZombies.exe
FirewallRules: [TCP Query User{D9231189-372C-4CB7-B858-E11290DAEE82}F:\downloads\popcorn-time-0.2.9-win-32\popcorn-time\popcorn-time.exe] => (Allow) F:\downloads\popcorn-time-0.2.9-win-32\popcorn-time\popcorn-time.exe
FirewallRules: [UDP Query User{F2853BC2-0EBA-42AE-A24D-F4A916D23E5E}F:\downloads\popcorn-time-0.2.9-win-32\popcorn-time\popcorn-time.exe] => (Allow) F:\downloads\popcorn-time-0.2.9-win-32\popcorn-time\popcorn-time.exe
FirewallRules: [{4D4CDCEC-C40C-489E-98C8-695399A6D1A0}] => (Block) F:\downloads\popcorn-time-0.2.9-win-32\popcorn-time\popcorn-time.exe
FirewallRules: [{5EDF1CE2-7F96-4F9F-9990-E57CBCA9DFB2}] => (Block) F:\downloads\popcorn-time-0.2.9-win-32\popcorn-time\popcorn-time.exe
FirewallRules: [{217606A5-CD9F-412F-A9CC-53D8E2A38304}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{C4F34590-2BE0-478F-8838-77D5EF551ACF}] => (Allow) E:\Game2\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{EBACC845-DA31-42CA-A09D-9BE7192EE4C3}] => (Allow) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
FirewallRules: [{191CA01D-0CB9-4306-B28B-7FABD60FA334}] => (Allow) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
FirewallRules: [{813F592E-64CF-48C7-A364-D570C1B52C9B}] => (Allow) E:\Game2\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{46CDC1E6-718C-4126-AA36-ABECEB93BEE7}] => (Allow) E:\Game2\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{FF47BC2B-F6B4-4BAE-9EA3-F731D8EE0730}] => (Allow) E:\Game2\Steam\SteamApps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{24DFEA96-0F67-44EA-BD7C-192308CECFF6}] => (Allow) E:\Game2\Steam\SteamApps\common\vvvvvv\VVVVVV.exe
FirewallRules: [{5E360D87-5FDE-4348-8868-2FEF0F19590E}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{A056EBF0-29BD-4517-B140-53B8B28B7664}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B56068CE-4B0A-4AB2-AB65-0A13457B1799}] => (Allow) E:\Game2\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{475C2072-1106-4A3E-8437-F9E8C65EFDAE}] => (Allow) E:\Game2\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{25A2D0F4-7F44-48B6-A035-AF4A27B8D860}] => (Allow) E:\Game2\Steam\bin\steamwebhelper.exe
FirewallRules: [{281A572D-590B-4FDA-BF01-36C892088434}] => (Allow) E:\Game2\Steam\bin\steamwebhelper.exe
FirewallRules: [{7D053E4D-7D05-4ABB-BC4B-4F1B0F753763}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{B00D75AA-39BA-48E2-8FF8-C7C15927E8C9}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{260C8852-A8DE-423F-AF5A-F29DC5422687}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{E4A00EEC-EC60-417E-BD28-29ABF4E8EE26}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{7186947C-6A32-4978-8F9D-B7E84788D736}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{E15A47F8-8AA3-44DF-AC42-D1A886670ACC}] => (Allow) E:\Game2\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [TCP Query User{A6575498-335F-4072-98BB-BF59A51B9290}C:\users\daniel\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\daniel\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{E21F4727-091C-4277-8A92-759A86FC2E69}C:\users\daniel\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\daniel\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{3B54D7BB-D31B-49B9-A738-7240E4075B81}] => (Block) C:\users\daniel\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{5540842C-160D-49FB-8E9D-B3E963DA6943}] => (Block) C:\users\daniel\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{33DD04FE-A178-4328-9FA2-BACBC4CD4A7E}] => (Allow) C:\Program Files (x86)\Zona\Zona.exe
FirewallRules: [{DA0C41B2-4070-46E2-ABCA-65536A71D6D8}] => (Allow) C:\Program Files (x86)\Zona\Zona.exe
FirewallRules: [{AA149CBC-EB78-45ED-BE6D-00EF0CCBBFC7}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{D217B70D-B742-463D-A8F8-549F5A668E1A}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{A0FF1316-789B-4726-94A1-CBB3CD364E0C}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{56947921-3F2A-4045-8D70-5D260F2F176D}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{88674A46-FF78-43F1-B621-E20754986BE5}] => (Allow) E:\Game2\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{13FD64C4-0FD7-4A6F-91E5-BCEE1F9856AD}] => (Allow) E:\Game2\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{33627D53-6A24-4597-BAC6-C88CD36962F2}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{F1B9CFAE-614F-448E-A6A3-E4196DFC1D06}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{21EBE64A-F2D3-42E3-BD1E-FE56D08B1A00}] => (Allow) C:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{A80DC069-1653-4898-B5DB-C024F7630ABC}] => (Allow) C:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{D396413A-ECDE-473E-B4F0-9220B7A9661B}] => (Allow) G:\Game\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{A9B4C16A-31B4-45A4-BDEB-D7A5444FFFA5}] => (Allow) G:\Game\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{95913C2C-1B35-4745-A2DE-0BDDB96E2E56}] => (Allow) E:\Game2\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{C105C40D-BC63-4D8E-845D-5A59ECEEA810}] => (Allow) E:\Game2\Steam\SteamApps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [TCP Query User{ABF75FE2-61E3-42BA-B2B9-A820D30A9B94}E:\game2\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) E:\game2\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{66A9F5EE-7A4B-405F-B6F2-358312FE40C4}E:\game2\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) E:\game2\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{65F3BBE2-C64F-4787-A53E-B637BD5EF17D}] => (Block) E:\game2\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{9808D1FF-F5DA-4FAC-A569-8AFB30A3B64A}] => (Block) E:\game2\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{48C7136D-8338-42B7-8AA2-664165E46CBD}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{F87E2FAA-DC51-4F50-9027-0726F2C50D8C}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{5A298D61-7036-46A5-B341-45CECDC33C04}] => (Allow) G:\Game\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{52B6F0A5-D17F-4D86-913E-5158CB2A6CE9}] => (Allow) G:\Game\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [TCP Query User{AA41F879-93DC-4137-A69A-1377B255B4CC}C:\program files (x86)\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [UDP Query User{0EB91A46-2ADF-4EF0-8008-A87A1B298BC0}C:\program files (x86)\popcorn time\popcorn-time.exe] => (Allow) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [{EE0035AC-5888-4D1D-80FA-E0994FCEEDC2}] => (Block) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [{18B45354-87A6-4A7D-846D-FB3FEB66E0EA}] => (Block) C:\program files (x86)\popcorn time\popcorn-time.exe
FirewallRules: [TCP Query User{3B667AEC-867F-4303-A926-B46A1E117EDD}F:\phone\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) F:\phone\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [UDP Query User{57EDA66F-A7F9-47F7-98A3-FCB930CE7EE0}F:\phone\wondershare\mobilego for android\mobilegoservice.exe] => (Allow) F:\phone\wondershare\mobilego for android\mobilegoservice.exe
FirewallRules: [TCP Query User{033D2B53-5060-4670-A838-D4A8CDFEE212}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A9499380-E7DB-4CAC-928D-F34A69B9D6F4}C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_25\bin\javaw.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{4630AFEF-AEEB-41D4-AD6A-6ED0FE738C35}] => (Allow) F:\Game\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{D73D7E9E-A281-45A0-B132-C9557A23DBA4}] => (Allow) F:\Game\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{ABDE7C8A-B27E-4154-A449-0A1FA4531864}] => (Allow) F:\Game\EFLC\EFLC\LaunchEFLC.exe
FirewallRules: [{9AE89709-455E-4A4B-A9FE-02535772831B}] => (Allow) F:\Game\EFLC\EFLC\LaunchEFLC.exe
FirewallRules: [{1B28382C-4AA5-4D16-8F97-9D62DEC84AFD}] => (Block) F:\game\grand theft auto iv\gtaiv.exe
FirewallRules: [{46688389-C45D-4BA2-9338-CD23F906C210}] => (Block) F:\game\grand theft auto iv\gtaiv.exe
FirewallRules: [{ED51A059-35B4-419B-8E27-FC53038E9943}] => (Allow) F:\Game\RGSC\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{036AAC6C-20EE-466D-9E7E-EF82A370D9DA}] => (Allow) F:\Game\RGSC\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [TCP Query User{69F819C4-E52E-41A7-B340-FDB8A90664A7}F:\game\eflc\eflc\eflc.exe] => (Allow) F:\game\eflc\eflc\eflc.exe
FirewallRules: [UDP Query User{F56EED11-C4EA-483A-8690-027A542DCE00}F:\game\eflc\eflc\eflc.exe] => (Allow) F:\game\eflc\eflc\eflc.exe
FirewallRules: [{8862939C-6903-4B32-B828-8D307E01A5D8}] => (Allow) F:\Game\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{30D3F32C-DF2C-4967-99C7-521B8C59553A}] => (Allow) F:\Game\Rockstar Games Social Club\RGSCLauncher.exe
FirewallRules: [{4E62DAFF-24A2-48D6-B110-20A33D736FAC}] => (Allow) F:\Game\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [{AC0E5D34-3906-42F7-9675-8BF79C8D6894}] => (Allow) F:\Game\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{7A7A6B2E-9D54-47A4-A439-87BF9197C679}F:\game\grand theft auto iv\gtaiv.exe] => (Allow) F:\game\grand theft auto iv\gtaiv.exe
FirewallRules: [UDP Query User{032633DA-A8AB-4E40-A77C-591ED623A387}F:\game\grand theft auto iv\gtaiv.exe] => (Allow) F:\game\grand theft auto iv\gtaiv.exe
FirewallRules: [{D92BF779-2587-4046-8404-FE2AB6E50EF2}] => (Allow) E:\Game2\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{1D8400E7-9D78-47C2-8F31-8FA2A8DE3680}] => (Allow) E:\Game2\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{7D6E2C0B-197F-42AF-BE0D-39D26A3C1C2B}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars The Force Unleashed 2\SWTFU2.exe
FirewallRules: [{CD100768-ABE0-4359-AEBA-BD7ECE01624D}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars The Force Unleashed 2\SWTFU2.exe
FirewallRules: [{0110798A-3750-4CD2-9FF7-758EF82B828E}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars The Force Unleashed\SWTFU Launcher.exe
FirewallRules: [{88E7000D-3B43-4FB9-8131-6E0BC3D51D47}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars The Force Unleashed\SWTFU Launcher.exe
FirewallRules: [{555B03F0-4F93-460A-A001-AF4FC65EFFC5}] => (Allow) E:\Game2\Steam\SteamApps\common\Dark Forces\DosBox\dosbox.exe
FirewallRules: [{DE836F9C-44D7-4110-BDFA-FFC0BEA77715}] => (Allow) E:\Game2\Steam\SteamApps\common\Dark Forces\DosBox\dosbox.exe
FirewallRules: [{42E266A8-2665-4443-A0A0-5624F854E144}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{031E9446-C735-4ECB-96DB-C4306509E8AC}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{D9A12233-2CF9-453A-914C-E0157D761647}] => (Allow) E:\Game2\Steam\SteamApps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{5B93BFD0-BEE0-4F7A-8A6C-2664108685C6}] => (Allow) E:\Game2\Steam\SteamApps\common\Jedi Outcast\GameData\jk2sp.exe
FirewallRules: [{C5DDCD6F-2371-40B8-ABEC-5C8DF62D6C1E}] => (Allow) E:\Game2\Steam\SteamApps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{FF8CE358-B127-4A1F-BA77-96152B193273}] => (Allow) E:\Game2\Steam\SteamApps\common\Jedi Outcast\GameData\jk2mp.exe
FirewallRules: [{B4444391-D0B7-45D9-A2F5-B626038795D7}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Starfighter\Starfighter.exe
FirewallRules: [{3C01203D-8C80-4EDE-8D40-6616CA1D40ED}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Starfighter\Starfighter.exe
FirewallRules: [{D5D8F663-3D3C-4D01-B5A1-EBBAD44E9CC6}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Jedi Knight\JK.EXE
FirewallRules: [{AF8B798E-0681-4A0E-8205-BA89F335C4EF}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Jedi Knight\JK.EXE
FirewallRules: [{3D9C7DA8-3138-4914-84F6-914D73AE406A}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{C86152CB-AFD5-4E14-AD59-3A95E1459225}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{8F576605-A727-41B6-A8D0-1884178318C7}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{C177A9F2-028C-4BB3-8CA5-36CEADBD70B3}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Empire at War\runme.exe
FirewallRules: [{4546E204-96FB-4B5E-807B-38ED170DD1C7}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{B2AA33D5-A10A-4114-880F-F652F11BC2D2}] => (Allow) E:\Game2\Steam\SteamApps\common\Star Wars Empire at War\runme2.exe
FirewallRules: [{13E9E1F8-BB86-44C7-9632-56B9000F6C6A}] => (Allow) E:\Game2\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{5777FE2A-A1E4-40E7-8AA2-E0C8EA1F5955}] => (Allow) E:\Game2\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{2E52D020-6A57-4579-A230-9DCB84DD58E9}] => (Allow) E:\Game2\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{1444AFC6-0B8D-4DBE-B8CD-7F0CAFE7B1E9}] => (Allow) E:\Game2\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [TCP Query User{5451AFBD-3B2D-40C5-9CF7-9D7A7066C934}G:\game\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) G:\game\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{7905606C-A931-4FD7-9C3F-099399731D44}G:\game\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) G:\game\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{66A276AE-48F6-44DB-836D-21C22547F279}] => (Allow) C:\Users\Daniel\AppData\Local\Microsoft Lync Attendee\AttendeeCommunicator.exe
FirewallRules: [{80AFBE08-67D8-4840-8AA9-48DEF476FB89}] => (Allow) C:\Users\Daniel\AppData\Local\Microsoft Lync Attendee\AttendeeCommunicator.exe
FirewallRules: [{39CD5CA4-7100-4B01-BB3D-FC182201CA25}] => (Allow) C:\Users\Daniel\AppData\Local\Microsoft Lync Attendee\AttendeeCommunicator.exe
FirewallRules: [{05B7C439-785E-4A12-B912-145953A52B62}] => (Allow) E:\Game2\Steam\SteamApps\common\skyrim\CreationKit.exe
FirewallRules: [{A304F1DE-4433-460D-83D5-401466D7C816}] => (Allow) E:\Game2\Steam\SteamApps\common\skyrim\CreationKit.exe
FirewallRules: [{0BD5830C-0AE2-450D-BAC9-6A5B7BBF0995}] => (Allow) E:\Game2\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{C51C0720-518D-4676-A982-12E809838A74}] => (Allow) E:\Game2\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [TCP Query User{EEB4C425-8C05-44E4-9C7B-86E962AD3822}F:\desktop\games\gta4to5\viiv_citizen_v2\citizenfx.exe] => (Allow) F:\desktop\games\gta4to5\viiv_citizen_v2\citizenfx.exe
FirewallRules: [UDP Query User{69929770-697D-4875-8735-F9F0E0808B90}F:\desktop\games\gta4to5\viiv_citizen_v2\citizenfx.exe] => (Allow) F:\desktop\games\gta4to5\viiv_citizen_v2\citizenfx.exe
FirewallRules: [{20CE93E4-C6A1-4E30-A3E2-84F05F45FFAF}] => (Allow) C:\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{01EEA14A-3213-4AE4-835D-2D3A8745DF40}] => (Allow) C:\Steam\SteamApps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{10C2B53B-0691-425C-80D3-9AF565562AF4}] => (Allow) E:\Game2\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{3D727BA2-197A-438F-AE8D-E6CB4914A624}] => (Allow) E:\Game2\Steam\SteamApps\common\Cities_Skylines\Cities.exe
FirewallRules: [{E6708D85-D17E-413E-9154-FC0102537C80}] => (Allow) E:\Game2\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{F8F7D98D-93BA-4543-BADD-93B1FCEC7502}] => (Allow) E:\Game2\Steam\SteamApps\common\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [TCP Query User{A59F79DA-C3C3-454D-A619-AC31D3A48F56}F:\game\gtav\gta5.exe] => (Allow) F:\game\gtav\gta5.exe
FirewallRules: [UDP Query User{6205C6C0-6048-4240-A834-03118D5CE81C}F:\game\gtav\gta5.exe] => (Allow) F:\game\gtav\gta5.exe
FirewallRules: [{464A60AA-3EE8-44BA-BCEC-BCD3160FAE4C}] => (Allow) G:\Game\Titanfall\Titanfall.exe
FirewallRules: [{DF50986D-CC5E-4E5A-9CB7-D69133303D32}] => (Allow) G:\Game\Titanfall\Titanfall.exe
FirewallRules: [{0BAAC4BC-3200-4E9B-8161-09555B271F75}] => (Allow) G:\Game\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{860F5710-3FBC-4442-9BB6-A0055019BC06}] => (Allow) G:\Game\Syndicate (1993)\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{78556559-EC23-4AE2-8756-F2D670B38DB6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B12644A4-784E-40AD-BDF3-E4808D06539C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CC6D7413-A000-4930-8944-9E7CD5296B93}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5249340E-59CD-4AB0-996C-4BF8272C19DB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{6C39C073-410C-470A-BEAB-BF6D03433F07}C:\users\daniel\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\daniel\appdata\local\popcorn time\nw.exe
FirewallRules: [UDP Query User{73185853-6450-4B1A-8B90-F43C3F5F4F4D}C:\users\daniel\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\daniel\appdata\local\popcorn time\nw.exe
FirewallRules: [{717F9E38-58F7-47A0-A9E1-FDD29ECD0F03}] => (Block) C:\users\daniel\appdata\local\popcorn time\nw.exe
FirewallRules: [{46A63B6F-08FD-4970-8125-900D4165AF9A}] => (Block) C:\users\daniel\appdata\local\popcorn time\nw.exe
FirewallRules: [{4A0C4103-3793-4A9D-9260-BDD52C04CEE3}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{922F3E5A-8EE3-4C9C-9344-455434ECB735}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{945474F7-8959-48DE-AD35-A88EA8F34147}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F3991A55-B0C0-460A-82E9-203F49C38495}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B76D8F6B-EC13-4ADC-BE5D-20B2246310A1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{8C5FF3E9-7A4A-447D-8BC0-4D46A67BA4FB}] => (Allow) F:\Game\GTAV\GTA5.exe
FirewallRules: [{58016E06-ABFD-4DDA-92BF-791301569D29}] => (Allow) F:\Game\GTAV\GTA5.exe
FirewallRules: [{05458B62-75EB-4893-93E3-AEBADDC2E6CA}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{9AEFE9E1-431B-4825-9C3D-2DD24B3E8761}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\bin\x86\3DMark.exe
FirewallRules: [{9D529894-4A24-4803-A268-269122690A62}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [{9685A82F-60C0-4175-9FD9-A63BF0934F72}] => (Allow) G:\SteamLibrary\SteamApps\common\3DMark\bin\x64\3DMark.exe
FirewallRules: [TCP Query User{1CA16FBF-14E6-4157-9969-8234A61188C5}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{402ACC9C-ACFB-491A-B1A7-D65D8B39867D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{AF8464AA-C4FF-4A4D-ADAA-C5918E19DE5E}] => (Allow) C:\Program Files (x86)\NPVR\NextPVR.exe
FirewallRules: [{760DC577-ABAE-4BF2-A9D8-311EF79282D0}] => (Allow) C:\Program Files (x86)\NPVR\NextPVR.exe
FirewallRules: [{3CC793AA-95B6-465A-8D5A-AD08DEA8779E}] => (Allow) C:\Program Files (x86)\NPVR\NRecord.exe
FirewallRules: [{AF35FFB6-99BC-4CF8-8C8F-909B032D9F1F}] => (Allow) C:\Program Files (x86)\NPVR\NRecord.exe
FirewallRules: [{F7F7FFD4-2AC4-4BC9-BCBC-F0B334E88192}] => (Allow) C:\Program Files (x86)\NPVR\NDigitalHost.exe
FirewallRules: [{BAC3C0D4-731A-44D4-B831-8981DDD2A43F}] => (Allow) C:\Program Files (x86)\NPVR\NDigitalHost.exe
FirewallRules: [{DD28086E-D44E-43E6-A0A0-3281A2E28BD1}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future 105\BackToTheFuture105.exe
FirewallRules: [{71F552AF-833F-4000-BA19-568F1B131FF0}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future 105\BackToTheFuture105.exe
FirewallRules: [{72580622-B797-4BE4-9873-2AB3AE660143}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future 104\BackToTheFuture104.exe
FirewallRules: [{14D43443-76BB-42CC-93C8-6AF92F83D03F}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future 104\BackToTheFuture104.exe
FirewallRules: [{F66C3A43-DA50-4B13-901F-7373F3B29E60}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future 103\BackToTheFuture103.exe
FirewallRules: [{155E56F2-8C05-473F-A910-E886002105C8}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future 103\BackToTheFuture103.exe
FirewallRules: [{940D8B5E-7320-4252-81DC-6B7A7F09FB7E}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future Ep 2\BackToTheFuture102.exe
FirewallRules: [{40035DE0-B75A-41C0-9552-C906EF44255A}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future Ep 2\BackToTheFuture102.exe
FirewallRules: [{AD15F769-83D0-44BB-BB2A-983151732EB1}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{312D601B-FC55-40E9-B1C7-EE673FE187F3}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{1212211D-45BD-44CE-992B-EACF34E9B5AE}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{E541BE43-827C-4F28-A9A4-A5123C7BCAF7}] => (Allow) G:\SteamLibrary\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{AB48F7E7-AA72-4E07-8711-979448F961E0}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future Ep 1\BackToTheFuture101.exe
FirewallRules: [{46ADBE13-60DB-41B1-BB8D-928E448601E1}] => (Allow) E:\Game2\Steam\SteamApps\common\Back to the Future Ep 1\BackToTheFuture101.exe
FirewallRules: [{77B70B39-65A4-4273-8916-08EAD53479E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1B04F17D-9A1D-424E-A91D-729D4600F715}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{3296293D-604D-4F62-BB6D-D3E4D5A06132}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{C72FFC15-345A-41DA-9E54-A378AF9F0243}] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{17B4EFA2-40C0-45E6-89FC-AC9AF90503E1}] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/02/2015 08:16:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program palemoon.exe version 25.7.0.5714 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 978

Start Time: 01d0e58ebae33121

Termination Time: 244

Application Path: C:\Program Files (x86)\Pale Moon\palemoon.exe

Report Id: 2172d9a6-51ea-11e5-9a76-0002723df4ac

Error: (09/02/2015 07:50:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program palemoon.exe version 25.7.0.5714 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19f8

Start Time: 01d0e5899ef9108b

Termination Time: 24

Application Path: C:\Program Files (x86)\Pale Moon\palemoon.exe

Report Id: f523bd07-5181-11e5-9a76-0002723df4ac

Error: (09/01/2015 06:23:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program palemoon.exe version 25.7.0.5714 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 28a4

Start Time: 01d0e51c9f0aeed4

Termination Time: 46

Application Path: C:\Program Files (x86)\Pale Moon\palemoon.exe

Report Id: 295843c4-5111-11e5-b155-0002723df4ac

Error: (09/01/2015 06:23:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 25.7.0.5714, time stamp: 0x55db0ae2
Faulting module name: mozalloc.dll, version: 25.7.0.5714, time stamp: 0x55daf99d
Exception code: 0x80000003
Fault offset: 0x0000120c
Faulting process id: 0x2428
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (09/01/2015 06:13:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program palemoon.exe version 25.7.0.5714 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12ec

Start Time: 01d0e51215c4f1cf

Termination Time: 22

Application Path: C:\Program Files (x86)\Pale Moon\palemoon.exe

Report Id: d2abac55-510f-11e5-b155-0002723df4ac

Error: (09/01/2015 08:42:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.393.4, time stamp: 0x55a62e42
Faulting module name: GTA5.exe, version: 1.0.393.4, time stamp: 0x55a62e42
Exception code: 0xc0000005
Fault offset: 0x00000000011ec348
Faulting process id: 0x20c8
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report Id: GTA5.exe3

Error: (09/01/2015 08:42:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.393.4, time stamp: 0x55a62e42
Faulting module name: GTA5.exe, version: 1.0.393.4, time stamp: 0x55a62e42
Exception code: 0xc0000005
Fault offset: 0x00000000011ec348
Faulting process id: 0x2aec
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report Id: GTA5.exe3

Error: (08/29/2015 06:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.393.4, time stamp: 0x55a62e42
Faulting module name: kernel32.dll, version: 6.1.7601.18933, time stamp: 0x55a6a16e
Exception code: 0xc0000005
Fault offset: 0x0000000000008232
Faulting process id: 0x25e4
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report Id: GTA5.exe3

Error: (08/29/2015 06:07:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GTA5.exe, version: 1.0.393.4, time stamp: 0x55a62e42
Faulting module name: kernel32.dll, version: 6.1.7601.18933, time stamp: 0x55a6a16e
Exception code: 0xc0000005
Fault offset: 0x0000000000008232
Faulting process id: 0x1544
Faulting application start time: 0xGTA5.exe0
Faulting application path: GTA5.exe1
Faulting module path: GTA5.exe2
Report Id: GTA5.exe3

Error: (08/23/2015 08:47:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MsMpEng.exe, version: 4.8.204.0, time stamp: 0x5541eadf
Faulting module name: mpsvc.dll, version: 4.8.204.0, time stamp: 0x5541eb17
Exception code: 0xc0000005
Fault offset: 0x000000000001ccd6
Faulting process id: 0x188
Faulting application start time: 0xMsMpEng.exe0
Faulting application path: MsMpEng.exe1
Faulting module path: MsMpEng.exe2
Report Id: MsMpEng.exe3


System errors:
=============
Error: (09/05/2015 12:19:21 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Unibrain 1394 FireAPI Driver service depends on the UB1394 Miniport group and no member of this group started.

Error: (09/05/2015 12:19:21 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Unibrain 1394 SBM Driver service depends on the UB1394 Miniport group and no member of this group started.

Error: (09/05/2015 12:19:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Unibrain 1394 OHCI Driver service failed to start due to the following error:
%%577

Error: (09/05/2015 12:14:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/05/2015 12:14:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/05/2015 12:14:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Acronis Sync Agent Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/05/2015 12:14:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (09/05/2015 12:14:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/05/2015 12:14:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/05/2015 12:14:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Center Receiver Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (09/02/2015 08:16:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: palemoon.exe25.7.0.571497801d0e58ebae33121244C:\Program Files (x86)\Pale Moon\palemoon.exe2172d9a6-51ea-11e5-9a76-0002723df4ac

Error: (09/02/2015 07:50:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: palemoon.exe25.7.0.571419f801d0e5899ef9108b24C:\Program Files (x86)\Pale Moon\palemoon.exef523bd07-5181-11e5-9a76-0002723df4ac

Error: (09/01/2015 06:23:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: palemoon.exe25.7.0.571428a401d0e51c9f0aeed446C:\Program Files (x86)\Pale Moon\palemoon.exe295843c4-5111-11e5-b155-0002723df4ac

Error: (09/01/2015 06:23:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe25.7.0.571455db0ae2mozalloc.dll25.7.0.571455daf99d800000030000120c242801d0e51ca3f2f4a8C:\Program Files (x86)\Pale Moon\plugin-container.exeC:\Program Files (x86)\Pale Moon\mozalloc.dll2aa86f5f-5111-11e5-b155-0002723df4ac

Error: (09/01/2015 06:13:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: palemoon.exe25.7.0.571412ec01d0e51215c4f1cf22C:\Program Files (x86)\Pale Moon\palemoon.exed2abac55-510f-11e5-b155-0002723df4ac

Error: (09/01/2015 08:42:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.393.455a62e42GTA5.exe1.0.393.455a62e42c000000500000000011ec34820c801d0e4cccef7b2c6F:\Game\GTAV\GTA5.exeF:\Game\GTAV\GTA5.exe0e8c9c75-50c0-11e5-9b3d-0002723df4ac

Error: (09/01/2015 08:42:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.393.455a62e42GTA5.exe1.0.393.455a62e42c000000500000000011ec3482aec01d0e4ccc889a37cF:\Game\GTAV\GTA5.exeF:\Game\GTAV\GTA5.exe08d2014c-50c0-11e5-9b3d-0002723df4ac

Error: (08/29/2015 06:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.393.455a62e42kernel32.dll6.1.7601.1893355a6a16ec0000005000000000000823225e401d0e2c05131e473F:\Game\GTAV\GTA5.exeC:\Windows\system32\kernel32.dllc319ed66-4eb3-11e5-9410-0002723df4ac

Error: (08/29/2015 06:07:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: GTA5.exe1.0.393.455a62e42kernel32.dll6.1.7601.1893355a6a16ec00000050000000000008232154401d0e2c014800c00F:\Game\GTAV\GTA5.exeC:\Windows\system32\kernel32.dll89bd66f2-4eb3-11e5-9410-0002723df4ac

Error: (08/23/2015 08:47:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MsMpEng.exe4.8.204.05541eadfmpsvc.dll4.8.204.05541eb17c0000005000000000001ccd618801d0dd738ff00ef0c:\Program Files\Microsoft Security Client\MsMpEng.exec:\Program Files\Microsoft Security Client\mpsvc.dlld4fdd190-4a12-11e5-813c-0002723df4ac


CodeIntegrity:
===================================
  Date: 2015-09-05 12:19:21.457
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-05 12:19:21.401
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-03 21:19:25.968
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-03 21:19:25.912
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-03 21:03:43.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-03 21:03:43.458
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-03 19:27:58.173
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-03 19:27:58.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-02 07:13:46.636
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-09-02 07:13:46.578
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Windows\System32\drivers\ubohci.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3570K CPU @ 3.40GHz
Percentage of memory in use: 69%
Total physical RAM: 8075.39 MB
Available physical RAM: 2496.74 MB
Total Virtual: 32299.77 MB
Available Virtual: 26967.21 MB

==================== Drives ================================

Drive c: (SSD-480GB) (Fixed) (Total:447.13 GB) (Free:97.95 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (CatchAll-596GB) (Fixed) (Total:596.17 GB) (Free:114.92 GB) NTFS
Drive f: (SystemsBuddy-3TB) (Fixed) (Total:2794.39 GB) (Free:1813.94 GB) NTFS
Drive g: (596GB-2) (Fixed) (Total:596.17 GB) (Free:56.21 GB) NTFS
Drive h: (4TB) (Fixed) (Total:3725.9 GB) (Free:439.66 GB) NTFS
Drive i: (500OG) (Fixed) (Total:465.76 GB) (Free:411.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 2794.5 GB) (Disk ID: 206AD7C9)

Partition: GPT.

========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 9FBB9EEF)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 4C14DA15)
Partition 2: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4C14DA18)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 447.1 GB) (Disk ID: BB3716FA)
Partition 1: (Active) - (Size=447.1 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 465.8 GB) (Disk ID: B3260AD9)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:33 AM

Posted 08 September 2015 - 06:27 AM

 

Hosts: 127.0.0.1 activation.acronis.com

Why?


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 diznanl

diznanl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 08 September 2015 - 08:45 PM

 

 

Hosts: 127.0.0.1 activation.acronis.com

Why?

 

 

I'm not sure, but I think it was trying to get me to activate from my free trial.



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:33 AM

Posted 09 September 2015 - 06:52 AM

These are signs of cracked software. Do you have other cracks installed on your system?

Download CKScanner from here

Important : Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.(If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on CKScanner.exe and select Run as Administrator)
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 diznanl

diznanl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:33 AM

Posted 10 September 2015 - 02:44 PM

Thanks, Machiavelli.  No, I don't have cracked software on my system.  I think (a couple years ago?) I kept getting a pop-up from Acronis and I found that solution on a forum.

 

From what I can tell, these are just mods for my Fallout 3, New Vegas, and Skyrim games -- all purchased through steam, but with mods from Nexus.

 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\fallout3apps\modorganizer\mods\eve - energy visuals enhanced\textures\effects\wjsashcrack2.dds
c:\fallout3apps\modorganizer\mods\eve - energy visuals enhanced\textures\effects\wjsashcrack2_too_wide.dds
c:\fallout3apps\modorganizer\mods\eve - energy visuals enhanced\textures\effects\wjsashcrack_fail.dds
c:\fallout3apps\modorganizer\mods\eve - energy visuals enhanced\textures\effects\wjseve\wjsashcrack01.dds
c:\fallout3apps\modorganizer\mods\nmcs_texture_pack_for_fo3\textures\architecture\urban\crackdecal03.dds
c:\fallout3apps\modorganizer\mods\nmcs_texture_pack_for_fo3\textures\architecture\urban\crackdecal03_n.dds
c:\fallout3apps\modorganizer\mods\nmcs_texture_pack_for_fo3\textures\architecture\urban\lightcracks.dds
c:\fallout3apps\modorganizer\mods\nmcs_texture_pack_for_fo3\textures\dungeons\metro\platforms\platformcracks01.dds
c:\fallout3apps\modorganizer\mods\nmcs_texture_pack_for_fo3\textures\landscape\crackeddirtwastes01.dds
c:\fallout3apps\modorganizer\mods\nmcs_texture_pack_for_fo3\textures\landscape\crackeddirtwastes01_n.dds
c:\fallout3apps\modorganizer\mods\uhq terrain overhaul\textures\landscape\crackeddirtwastes01.dds
c:\fallout3apps\modorganizer\mods\uhq terrain overhaul\textures\landscape\crackeddirtwastes01_n.dds
c:\falloutnyapps\modorganizer\mods\eve - essential visual enhancements\textures\eve\effects\glasscracks.dds
c:\falloutnyapps\modorganizer\mods\new vegas bounties ii\meshes\new vegas bounties ii\remington_cracker.nif
c:\falloutnyapps\modorganizer\mods\new vegas bounties ii\textures\new vegas bounties ii\remington_a_cracker_cowboy.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\architecture\suburban\crackedplaster01.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\architecture\suburban\crackedplaster01_n.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\architecture\suburban\crackedplaster02.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\architecture\suburban\crackedplaster02_n.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\architecture\urban\crackdecal03.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\architecture\urban\crackdecal03_n.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\architecture\urban\lightcracks.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\dlc04\architecture\boardwalk\boardwalkcrackdecals.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\dlc04\architecture\boardwalk\boardwalkcrackdecals_n.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\dungeons\metro\platforms\platformcracks01.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\dungeons\metro\platforms\platformcracks01_n.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\landscape\crackeddirtwastes01.dds
c:\falloutnyapps\modorganizer\mods\nmcs texture pack for new vegas\textures\landscape\crackeddirtwastes01_n.dds
c:\falloutnyapps\modorganizer\mods\pocobuenov5\textures\architecture\urban\crackdecal03.dds
c:\falloutnyapps\modorganizer\mods\pocobuenov5\textures\architecture\urban\crackdecal03_n.dds
c:\falloutnyapps\modorganizer\mods\pocobuenov5\textures\landscape\crackeddirtwastes01.dds
c:\falloutnyapps\modorganizer\mods\pocobuenov5\textures\landscape\crackeddirtwastes01_n.dds
c:\falloutnyapps\modorganizer\mods\project nevada\textures\pnx\hud\visor\crack1.dds
c:\falloutnyapps\modorganizer\mods\project nevada\textures\pnx\hud\visor\crack2.dds
c:\falloutnyapps\modorganizer\mods\project nevada\textures\pnx\hud\visor\crack3.dds
c:\falloutnyapps\modorganizer\mods\project nevada\textures\pnx\hud\visor\crack4.dds
c:\falloutnyapps\modorganizer\mods\project nevada\textures\pnx\hud\visor\crack5.dds
c:\falloutnyapps\modorganizer\mods\project nevada\textures\pnx\hud\visor\crack6.dds
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\skyrimapps\modorganizer\mods\bethesda hi-res dlc optimized\textures\dlc01\landscape\icelakesnowcracks.dds
c:\skyrimapps\modorganizer\mods\bethesda hi-res dlc optimized\textures\dlc02\effects\fxcrackstile02.dds
c:\skyrimapps\modorganizer\mods\serious hd retexture skyrim\textures\dlc01\landscape\icelakesnowcracks.dds
c:\skyrimapps\modorganizer\mods\serious hd retexture skyrim\textures\dlc01\landscape\icelakesnowcracks_n.dds
c:\skyrimapps\modorganizer\mods\skyrim hd - 2k textures - towns\textures\architecture\markarth\crackrock4.dds
c:\skyrimapps\modorganizer\mods\skyrim hd - 2k textures - towns\textures\architecture\markarth\crackrock4b.dds
c:\skyrimapps\modorganizer\mods\skyrim hd - 2k textures - towns\textures\architecture\markarth\crackrock4b_n.dds
c:\skyrimapps\modorganizer\mods\skyrim hd - 2k textures - towns\textures\architecture\markarth\crackrock4var2.dds
c:\skyrimapps\modorganizer\mods\skyrim hd - 2k textures - towns\textures\architecture\markarth\crackrock4var3.dds
c:\skyrimapps\modorganizer\mods\skyrim hd - 2k textures - towns\textures\architecture\markarth\crackrock4_n.dds
c:\skyrimapps\modorganizer\mods\skyrim hd - 2k textures - towns\textures\architecture\windhelm\wholdcrackedbrick.dds
c:\skyrimapps\modorganizer\mods\skyrim hd - 2k textures - towns\textures\architecture\windhelm\wholdcrackedbrick2.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\markarth\crackrock4.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\markarth\crackrock4b.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\markarth\crackrock4b_n.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\markarth\crackrock4var2.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\markarth\crackrock4var3.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\markarth\crackrock4_n.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\windhelm\wholdcrackedbrick.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\windhelm\wholdcrackedbrick2.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\windhelm\wholdcrackedbrick2_n.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\architecture\windhelm\wholdcrackedbrick_n.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\dlc01\landscape\icelakesnowcracks.dds
c:\skyrimapps\modorganizer\mods\skyrim realistic overhaul\textures\dlc01\landscape\icelakesnowcracks_n.dds
c:\skyrimapps\modorganizer\profiles\step 01.18.2014\saves_backup\save 270 - adama  cracked tusk keep  46.31.49.ess
c:\skyrimapps\modorganizer\profiles\step 01.18.2014\saves_backup\save 270 - adama  cracked tusk keep  46.31.49.skse
c:\steam\steamapps\common\fallout new vegas\sound\fx\emt\doorwind\sfx_desertambiencethrudoorcrack_lp.ogg
scanner sequence 3.ZZ.11.HFNACZ
 ----- EOF -----
 

Attached Files



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:33 AM

Posted 11 September 2015 - 02:00 PM

I'd like to see a set of fresh FRST logs please.


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:33 AM

Posted 15 September 2015 - 11:55 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users