solved Possible virus, or some form of malware

[Guest Killer_Beast]

I think I may have been infected with some form of malware. I shall post the same information from my reddit post.

 

I tried to avoid looking like a newb and ask for help, but I think whatever got into my system may be a bit bigger than I expected it to be. I'm running Windows 8.1. So, what happened was that a few days ago, someone added me on Steam randomly. I thought nothing of it. Today, this person contacted me, saying that we should "play together". They gave me an IP to connect to from console, but when I tried to connect, it would kick me from the server, saying I'd need anti-cheat. I was a bit confused and distrustful, but followed the link provided by the message. Here's the link: hxxp://eslgaming-csgo.com/  [1] I'm not an expert, but I think it's some sort of fake link, now that what happened has happend.

So, after downloading the anti-cheat exe there, I got warned by Windows that I shouldn't trust it. I was, pretty much, dumb enough to trust it. It disabled my task manager... initially. I restarted my PC and dived into the registry, with the help of a guide, to restore my Task Manager privileges. I used Steam Guard on my phone to make sure my account wouldn't be hijacked. Everything seems to work now, but my issue is that I get SSL/"Secure connection failed" errors when trying to connect to different things on both Firefox and Chrome, mainly the Steam store, or my actual G-mail. Since I didn't want to look entirely too dumb, I /did/ run a scan on Malwarebytes, causing it to remove about 40-45... PUPs, or Registry... thingies. I then followed the guide on the subreddit. If needed, I can provide the .txt files for rkill and jrt. I'm not sure if AdwCleaner provided me with any form of permanent file, but suffice to say it did detect quite a few items, mostly in Firefox, if memory serves.

Right now, HitmanPro is nearly done scanning and it has detected about 3 malwares and a Trojan, which is definitely interesting. The rkill software log does have some interesting HOSTS, mainly Russian, or Ukrainian, which would explain the broken English. Hmm... that's a bit of an issue. It has quarantined the malware, but it won't delete it without activation, it seems. At any rate, that's the issue I'm facing. I used everything I could, so far, if we do not include the fact that Hitman hasn't deleted some of the detected malware yet, but I can't seem to go on some supposedly important/secure sites. Help would be greatly appreciated! I'll try to be as succinct and helpful as possible!

[AdBot]

[Kris 193]

Step One.

                 We will need an AdwCleaner Log.

Please download AdwCleaner by Xplode onto your DESKTOP from HERE.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe desktop icon to run the tool.
• Click on the "Scan" button.

• When the scan has finished click on the "Cleaning" button.

• Your computer will reboot automatically. A text file will open after the restart.
• You can find a copy of the logfile at C:\AdwCleaner[s1].txt as well.
• Please post the contents of that logfile with your next reply.

Second step is a log from Farbar Scan & Recovery Tool (FRST).

Please download and save FRST 64bit or FRST 32 bit to your DESKTOP.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

1. Make sure that Addition option is checked.
2. Press Scan button.

• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste contents of the log back here.
• The first time the tool is run, or Additions.txt is selected in the options it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste contents of that log along with the FRST.txt into your reply.

 

[Kris 193]

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

 

• Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log is saved to your desktop and will automatically open.
• Please post the JRT log.
•  

Adware Removal Tool Scan.

 

Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.

 

 

 

Hit Ok.

 

 

Hit next make sure to leave all items checked, for removal.

 

 

 

The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete, then OK again to finish up. Post log generated by tool.

 

ZHP Scan.

Please download Zhp Cleaner  to your desktop.  Right Click the icon and select run as administrator.

 http://nicolascoolman.com/download/zhpcleaner

 

 

2. Once you have started the program, you will need to click the scanner button.

The program will close all open browsers!

3. Once the scan is completed, the you will want to click the Repair button.

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

 Zemana Scan

 

 

Run a full scan with Zemana AntiMalware!

Install and select deep scan.

Remove any infections found.

Then click on the icon in the pic below.

Double click on the scan log, copy and paste here in your reply.

[Guest]

Oh, boy, here we go! Hopefully, I have everything here. I'll start posting the logs. It's preliminary, but I think everything's fixed! After all the scans and resets, I can access the Steam store and my e-mail. I will also include the rkill log, along with the other logs. Also, I ran another Malwarebytes scan, which repaired/quarantined a Trojan, I think, along with detecting a couple more malware... things. They might show up in the other logs. Please instruct further, as it seem I've filled my PC with antivirus software and bombarded whatever I had/have here.

AdwCleaner[S1].txt

# AdwCleaner v5.021 - Logfile created 19/11/2015 at 02:23:39
# Updated 14/11/2015 by Xplode
# Database : 2015-11-17.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : tomi - LENOVO
# Running from : C:\Users\tomi\Downloads\adwcleaner_5.021.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : globalUpdate
Service Found : globalUpdatem

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\ProgramData\19a87fa1ec024bbcbb41931263354405
Folder Found : C:\ProgramData\Service1104
Folder Found : C:\Users\tomi\AppData\Local\globalUpdate
Folder Found : C:\Users\tomi\AppData\Local\Hola
Folder Found : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\Extensions\OneClickDownloader@OneClickDownloader.com.xpi

***** [ Files ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\hgfoqh2d.default\user.js
File Found : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\hgfoqh2d.default\user.js
File Found : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\invalidprefs.js
File Found : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\searchplugins\BrowserDefender.xml
File Found : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\user.js
File Found : C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\user.js

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : LPCWHHPSWGIVXPUP
Task Found : LPCWHHPSWGIVXPUP

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Update Pine Tree
Key Found : HKLM\System\CurrentControlSet\Services\Eventlog\Application\Util Pine Tree
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Key Found : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Key Found : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Tutorials
Key Found : HKCU\Software\Hola
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_

***** [ Web browsers ] *****

[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%[...]
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.admin", false);
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.aflt", "babsst");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.autoRvrt", "false");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.dfltLng", "en");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.excTlbr", false);
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.ffxUnstlRst", true);
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.id", "684ad71e00000000000000ff1c51761f");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.instlDay", "15870");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.instlRef", "sst");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.newTab", false);
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.prdct", "delta");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.prtnrId", "delta");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.rvrt", "false");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.smplGrp", "none");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.tlbrId", "base");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.tlbrSrchUrl", "");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.vrsnTs", "1.8.21.511:57:57");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta_i.babExt", "");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta_i.babTrack", "affID=119498");
[C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\prefs.js] [Preference] Found : user_pref("extensions.delta_i.srcExt", "ss");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8552 bytes] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by tomi (administrator) on LENOVO (19-11-2015 05:19:26)
Running from C:\Users\tomi\Downloads
Loaded Profiles: tomi &  (Available Profiles: tomi)
Platform: Windows 8.1 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Valve Corporation) E:\Steam\Steam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Steam\bin\steamwebhelper.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [453448 2014-08-13] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [RtsFT] => C:\Windows\RTFTrack.exe [6340312 2013-10-18] (Realtek semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-06] (Lenovo(beijing) Limited)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565448 2015-11-12] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-10-30] (Qualcomm®Atheros®)
HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\MountPoints2: {5695ee26-8400-11e4-8284-b8ee657d4b2e} - "F:\EasySuite.exe"
HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\MountPoints2: {84c512d7-35ac-11e4-825d-b8ee657d4b2e} - "F:\EasySuite.exe"
HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57981568 2015-09-27] (Skype Technologies S.A.)
HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {5695ee26-8400-11e4-8284-b8ee657d4b2e} - "F:\EasySuite.exe"
HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {84c512d7-35ac-11e4-825d-b8ee657d4b2e} - "F:\EasySuite.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{617CD264-C016-4023-AA2A-3EDE771EADC8}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{DEB5801E-18B5-4EF4-9641-9397C09ACD85}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-20] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-435174368-2995637555-2580234153-1001: @hola.org/vlc,version=1.8.649 -> C:\Users\tomi\AppData\Local\Hola\firefox\app\vlc [No File]
FF Plugin HKU\S-1-5-21-435174368-2995637555-2580234153-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tomi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @hola.org/vlc,version=1.8.649 -> C:\Users\tomi\AppData\Local\Hola\firefox\app\vlc [No File]
FF Plugin HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\tomi\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-09-05] (Unity Technologies ApS)
FF Extension: DownThemAll! - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-11-21] [not signed]
FF Extension: Greasemonkey - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-11-21] [not signed]
FF Extension: Stylish - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-07-06] [not signed]
FF Extension: No Name - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\Extensions\jid1-tHrhDJXsKvsiCw@jetpack.xpi [2013-07-06] [not signed]
FF Extension: No Name - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-07-21] [not signed]
FF Extension: Adblock Plus - C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-10-15] [not signed]

Chrome:
=======
CHR Profile: C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [317568 2013-10-30] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1225216 2015-09-23] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-11-19] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-13] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-11-12] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-21] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-18] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-10-30] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3880448 2013-11-13] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-10-30] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-19] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [465624 2014-01-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8876248 2013-10-18] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-24] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 05:19 - 2015-11-19 05:20 - 00019815 _____ C:\Users\tomi\Downloads\FRST.txt
2015-11-19 05:19 - 2015-11-19 05:19 - 00000000 ____D C:\FRST
2015-11-19 05:18 - 2015-11-19 05:18 - 02008576 _____ (Farbar) C:\Users\tomi\Downloads\FRST64.exe
2015-11-19 03:57 - 2015-11-19 03:57 - 00001905 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-11-19 03:57 - 2015-11-19 03:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-19 03:57 - 2015-11-19 03:57 - 00000000 ____D C:\Program Files\HitmanPro
2015-11-19 03:56 - 2015-11-19 05:05 - 00000000 ____D C:\ProgramData\HitmanPro
2015-11-19 03:56 - 2015-11-19 03:56 - 11337112 _____ (SurfRight B.V.) C:\Users\tomi\Downloads\HitmanPro_x64.exe
2015-11-19 03:37 - 2015-11-19 03:37 - 00000000 ____D C:\Users\tomi\AppData\Roaming\3909
2015-11-19 03:30 - 2015-11-19 03:30 - 00001485 _____ C:\Users\tomi\Desktop\JRT.txt
2015-11-19 03:28 - 2015-11-19 03:28 - 01599080 _____ (Malwarebytes) C:\Users\tomi\Downloads\JRT.exe
2015-11-19 02:23 - 2015-11-19 02:35 - 00000000 ____D C:\AdwCleaner
2015-11-19 02:21 - 2015-11-19 02:21 - 01732096 _____ C:\Users\tomi\Downloads\adwcleaner_5.021.exe
2015-11-18 23:19 - 2015-11-19 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-18 20:35 - 2015-11-18 20:38 - 00003320 _____ C:\Users\tomi\Desktop\Rkill.txt
2015-11-18 20:35 - 2015-11-18 20:35 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\tomi\Downloads\rkill.com
2015-11-18 20:25 - 2015-11-18 20:25 - 00001015 _____ C:\Users\tomi\AppData\Roaming\Mozilla - Shortcut.lnk
2015-11-18 20:22 - 2015-11-18 20:22 - 00000000 ____D C:\Users\Old Firefox Data\xdm075yn.default
2015-11-18 20:22 - 2015-11-18 20:22 - 00000000 ____D C:\Users\Old Firefox Data
2015-11-18 20:18 - 2015-11-18 20:18 - 00000000 ____D C:\Users\Mozilla\Firefox
2015-11-18 20:18 - 2015-11-18 20:18 - 00000000 ____D C:\Users\Mozilla\Extensions
2015-11-18 20:18 - 2015-11-18 20:18 - 00000000 ____D C:\Users\Mozilla
2015-11-18 18:40 - 2015-11-18 18:40 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-18 18:38 - 2015-11-18 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-18 18:38 - 2015-11-18 18:38 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2015-11-13 21:48 - 2015-11-05 17:13 - 42914096 _____ C:\Windows\system32\nvcompiler.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 22308656 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 17515208 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 15717864 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 15121784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 12770752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 11130488 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-13 21:48 - 2015-11-05 17:13 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435891.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435891.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00500872 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00422240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-11-13 21:48 - 2015-11-05 17:13 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-11-13 21:36 - 2015-11-13 21:36 - 00000000 ____D C:\Users\tomi\AppData\Local\Fallout4
2015-11-12 11:47 - 2015-11-12 11:47 - 00045680 ____H (LogMeIn Inc.) C:\Windows\system32\Drivers\Hamdrv.sys
2015-11-11 10:39 - 2015-10-15 16:08 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 10:39 - 2015-10-15 15:46 - 00803328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 10:39 - 2015-10-13 17:10 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 10:39 - 2015-10-13 17:10 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 10:39 - 2015-10-13 15:59 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 10:39 - 2015-10-13 15:59 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 10:39 - 2015-10-13 15:59 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 10:39 - 2015-10-13 15:59 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 10:39 - 2015-10-13 15:59 - 00106952 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-11-11 10:39 - 2015-10-13 15:59 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 10:39 - 2015-10-11 06:36 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 10:39 - 2015-10-11 06:36 - 00177496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 10:39 - 2015-10-10 18:40 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 10:39 - 2015-10-10 18:39 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 10:39 - 2015-10-10 18:07 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-11 10:39 - 2015-10-10 17:33 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 10:39 - 2015-10-10 17:27 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 10:39 - 2015-10-10 17:11 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-11 10:39 - 2015-10-10 16:45 - 00359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 10:39 - 2015-09-12 13:47 - 00414559 _____ C:\Windows\system32\ApnDatabase.xml
2015-11-11 10:38 - 2015-10-20 21:54 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 10:38 - 2015-10-20 14:53 - 03705856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 10:38 - 2015-10-20 14:36 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 10:38 - 2015-10-20 14:35 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 10:38 - 2015-10-20 14:34 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-11-11 10:38 - 2015-10-20 14:34 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 10:38 - 2015-10-20 14:34 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 10:38 - 2015-10-20 14:33 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 10:38 - 2015-10-20 14:14 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 10:38 - 2015-10-20 14:13 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 10:38 - 2015-10-20 14:13 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 10:38 - 2015-10-20 14:13 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 10:38 - 2015-10-14 23:02 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 10:38 - 2015-10-14 23:02 - 01659560 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-11 10:38 - 2015-10-14 23:02 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-11-11 10:38 - 2015-10-14 23:02 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-11 10:38 - 2015-10-14 23:02 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-11-11 10:38 - 2015-08-28 22:20 - 00183368 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-11-11 10:37 - 2015-10-30 23:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 10:37 - 2015-10-30 23:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 10:37 - 2015-10-30 23:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 10:37 - 2015-10-30 23:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 10:37 - 2015-10-30 23:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 10:37 - 2015-10-30 22:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 10:37 - 2015-10-30 22:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 10:37 - 2015-10-30 22:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 10:37 - 2015-10-30 22:39 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-11-11 10:37 - 2015-10-30 22:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 10:37 - 2015-10-30 22:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 10:37 - 2015-10-30 22:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 10:37 - 2015-10-30 22:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 10:37 - 2015-10-30 22:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 10:37 - 2015-10-30 22:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 10:37 - 2015-10-30 22:14 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-11-11 10:37 - 2015-10-30 22:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 10:37 - 2015-10-30 22:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 10:37 - 2015-10-30 22:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 10:37 - 2015-10-30 21:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 10:37 - 2015-10-30 21:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 10:37 - 2015-10-30 21:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 10:37 - 2015-10-30 21:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 10:37 - 2015-10-17 14:19 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 10:37 - 2015-10-08 16:08 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-11-11 10:37 - 2015-09-29 12:24 - 00155480 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2015-11-11 10:37 - 2015-09-07 16:22 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-11-11 10:37 - 2015-09-07 15:54 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-11-11 10:37 - 2015-09-07 15:30 - 01091584 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-11-11 10:37 - 2015-09-04 19:24 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tunnel.sys
2015-11-11 10:37 - 2015-08-20 20:45 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-11-11 10:37 - 2015-08-20 17:48 - 01096704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-11-11 10:37 - 2015-08-10 18:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-11-11 10:37 - 2015-08-10 18:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-11-11 10:37 - 2015-08-10 17:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-11-11 10:37 - 2015-08-10 16:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-11-11 10:37 - 2015-08-10 16:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 10:37 - 2014-11-10 18:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-11-11 10:37 - 2014-11-05 01:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-11-11 10:37 - 2014-11-05 01:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-11-10 13:44 - 2015-11-10 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2015-11-10 13:44 - 2015-11-10 13:44 - 00000000 ____D C:\Program Files (x86)\Xiph.Org
2015-11-10 13:43 - 2015-11-10 13:43 - 02653944 _____ (Xiph.Org) C:\Users\tomi\Downloads\opencodecs_0.85.17777.exe
2015-11-10 13:32 - 2015-11-10 13:33 - 24391348 _____ C:\Users\tomi\Downloads\babayetu_flac_1392077471.zip
2015-11-10 13:32 - 2015-11-10 13:33 - 10920012 _____ C:\Users\tomi\Downloads\babayetu_mp3_1392077471.zip
2015-10-27 21:06 - 2015-10-27 21:06 - 03405676 _____ () C:\Users\tomi\Downloads\liteloader-installer-1.8.0-00-SNAPSHOT.exe
2015-10-23 20:28 - 2015-10-23 20:28 - 00000000 ____D C:\Users\tomi\AppData\Local\BIT.TRIP BEAT
2015-10-22 23:02 - 2015-10-22 23:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-22 23:01 - 2015-10-22 23:01 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-10-22 23:01 - 2015-10-22 23:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-22 23:00 - 2015-10-22 23:01 - 00000000 ____D C:\Program Files\iTunes
2015-10-22 23:00 - 2015-10-22 23:00 - 00000000 ____D C:\Program Files\iPod
2015-10-22 23:00 - 2015-10-22 23:00 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-10-20 10:13 - 2015-10-20 10:13 - 00000000 ____D C:\Users\tomi\Downloads\Black_Mesa_IdCard
2015-10-20 10:12 - 2015-10-20 10:12 - 02125310 _____ C:\Users\tomi\Downloads\Black_Mesa_IdCard.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-19 05:11 - 2014-09-08 16:48 - 00000000 ____D C:\Users\tomi\AppData\Roaming\Skype
2015-11-19 05:03 - 2015-03-16 14:23 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{064921AF-F89A-46F9-884A-925D09409414}
2015-11-19 05:00 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\system32\sru
2015-11-19 04:49 - 2015-01-28 06:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-19 04:36 - 2014-09-08 17:19 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-19 03:34 - 2014-10-15 22:44 - 00000000 ___DO C:\Users\tomi\OneDrive
2015-11-19 03:33 - 2014-11-15 20:45 - 00000000 ____D C:\Users\tomi\AppData\Local\LogMeIn Hamachi
2015-11-19 03:32 - 2015-07-01 23:10 - 00001002 _____ C:\Windows\Tasks\ZsfnGqc44e.job
2015-11-19 03:32 - 2014-09-08 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-19 03:32 - 2014-03-18 08:16 - 00115424 _____ C:\Windows\PFRO.log
2015-11-19 03:32 - 2013-08-22 14:46 - 00086238 _____ C:\Windows\setupact.log
2015-11-19 03:32 - 2013-08-22 14:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-19 03:31 - 2013-08-22 13:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-11-19 03:29 - 2014-09-06 08:38 - 30222986 _____ C:\Users\Public\CAFADEBUG.log
2015-11-19 03:08 - 2014-09-06 07:47 - 01124403 _____ C:\Windows\WindowsUpdate.log
2015-11-19 02:43 - 2014-03-18 15:26 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-19 01:27 - 2014-09-06 07:52 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-435174368-2995637555-2580234153-1001
2015-11-18 20:19 - 2014-09-15 15:27 - 00000000 ____D C:\Users\tomi\AppData\Local\CrashDumps
2015-11-18 18:40 - 2015-01-28 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-18 18:40 - 2015-01-28 06:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-18 03:23 - 2014-12-16 07:22 - 05237137 _____ C:\Users\tomi\Desktop\recovery.js
2015-11-18 03:07 - 2014-09-15 16:38 - 00000000 ____D C:\Users\tomi\AppData\Roaming\.minecraft
2015-11-14 04:23 - 2014-09-08 18:38 - 00000000 ____D C:\Users\tomi\AppData\Roaming\TS3Client
2015-11-13 21:50 - 2014-09-06 09:48 - 00000000 ____D C:\Temp
2015-11-13 21:50 - 2014-09-06 08:36 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-13 21:36 - 2014-09-25 21:24 - 00000000 ____D C:\Users\tomi\Documents\My Games
2015-11-13 08:11 - 2014-09-06 07:47 - 00000000 ____D C:\Users\tomi
2015-11-12 22:14 - 2015-07-02 00:16 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-12 15:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\rescache
2015-11-12 11:18 - 2013-08-22 14:44 - 00481152 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 06:07 - 2013-08-22 15:36 - 00000000 ___RD C:\Windows\ToastData
2015-11-12 01:15 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\LiveKernelReports
2015-11-11 16:36 - 2014-09-08 17:19 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 13:49 - 2014-09-06 16:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-11-11 13:49 - 2013-08-22 15:20 - 00000000 ____D C:\Windows\CbsTemp
2015-11-11 13:43 - 2014-09-06 09:20 - 00000000 ____D C:\Windows\system32\MRT
2015-11-11 13:36 - 2014-09-06 09:19 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-06 12:26 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\AppReadiness
2015-11-05 17:13 - 2015-09-26 02:21 - 18362160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-05 17:13 - 2015-09-26 02:21 - 03158736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-05 17:13 - 2014-09-06 08:35 - 03579000 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-11-05 17:13 - 2014-09-06 08:35 - 00033607 _____ C:\Windows\system32\nvinfo.pb
2015-11-05 15:13 - 2014-09-06 08:36 - 06358648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-11-05 15:13 - 2014-09-06 08:36 - 02983032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-11-05 15:13 - 2014-09-06 08:36 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-11-05 15:13 - 2014-09-06 08:36 - 00938616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-11-05 15:13 - 2014-09-06 08:36 - 00523568 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-11-05 15:13 - 2014-09-06 08:36 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-11-05 15:13 - 2014-09-06 08:36 - 00114296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\oemdspif.dll
2015-11-05 15:13 - 2014-09-06 08:36 - 00074872 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-11-05 15:13 - 2014-09-06 08:36 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-11-03 22:18 - 2014-10-21 05:49 - 00000000 ____D C:\Users\tomi\AppData\Local\DayZ
2015-11-03 00:23 - 2013-08-22 15:38 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-03 00:23 - 2013-08-22 15:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-30 19:26 - 2015-01-04 03:18 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-28 07:42 - 2014-09-06 08:36 - 06027430 _____ C:\Windows\system32\nvcoproc.bin
2015-10-23 20:28 - 2015-03-14 06:03 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2015-10-23 20:28 - 2015-03-14 06:03 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2015-10-23 20:28 - 2015-03-14 06:03 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2015-10-23 20:28 - 2015-03-14 06:03 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2015-10-23 20:28 - 2014-09-15 13:56 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-10-23 20:28 - 2014-09-15 13:56 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-10-23 19:07 - 2014-09-08 17:01 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-10-22 23:02 - 2014-09-22 16:46 - 00000000 ____D C:\Users\tomi\AppData\Local\Apple Inc
2015-10-22 23:02 - 2014-09-08 17:24 - 00000000 ____D C:\Users\tomi\AppData\Roaming\Apple Computer
2015-10-22 23:02 - 2014-09-08 17:24 - 00000000 ____D C:\Users\tomi\AppData\Local\Apple Computer
2015-10-22 23:00 - 2014-09-08 17:20 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-10-20 08:07 - 2014-09-08 16:48 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2015-11-18 20:25 - 2015-11-18 20:25 - 0001015 _____ () C:\Users\tomi\AppData\Roaming\Mozilla - Shortcut.lnk
2015-04-14 16:28 - 2015-04-14 16:28 - 0004387 _____ () C:\Users\tomi\AppData\Roaming\ZsfnGqc44e
2014-09-06 08:38 - 2014-09-06 08:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\tomi\AppData\Local\Temp\comver.dll
C:\Users\tomi\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.794.exe
C:\Users\tomi\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.5.855.exe
C:\Users\tomi\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.328.exe
C:\Users\tomi\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.369.exe
C:\Users\tomi\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.595.exe
C:\Users\tomi\AppData\Local\Temp\Hola-Setup-Plugin-x64-1.8.649.exe
C:\Users\tomi\AppData\Local\Temp\ICReinstall_winzip19-dl(1).exe
C:\Users\tomi\AppData\Local\Temp\ICReinstall_winzip19-dl.exe
C:\Users\tomi\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\tomi\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\tomi\AppData\Local\Temp\sqlite3.dll
C:\Users\tomi\AppData\Local\Temp\SRLDetectionLibrary6119154475834878947.dll
C:\Users\tomi\AppData\Local\Temp\StartIsBack_update.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-16 16:57

==================== End of FRST.txt ============================

 

Addition_19-11-2015_05-21-07.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by tomi (2015-11-19 05:20:34)
Running from C:\Users\tomi\Downloads
Windows 8.1 (X64) (2014-09-06 07:47:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-435174368-2995637555-2580234153-500 - Administrator - Disabled)
Guest (S-1-5-21-435174368-2995637555-2580234153-501 - Limited - Disabled)
tomi (S-1-5-21-435174368-2995637555-2580234153-1001 - Administrator - Enabled) => C:\Users\tomi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Bird Story (HKLM-x32\...\Steam App 327410) (Version:  - Freebird Games)
Ace of Spades (HKLM-x32\...\Steam App 224540) (Version:  - Jagex Limited)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Armikrog (HKLM-x32\...\Steam App 334120) (Version:  - Pencil Test Studios)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Audiosurf 2 (HKLM-x32\...\Steam App 235800) (Version:  - Dylan Fitterer)
Awesomenauts (HKLM-x32\...\Steam App 204300) (Version:  - Ronimo Games)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
BIT.TRIP BEAT (HKLM-x32\...\Steam App 63700) (Version:  - Gaijin Games)
Black Mesa (HKLM-x32\...\Steam App 362890) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brütal Legend (HKLM-x32\...\Steam App 225260) (Version:  - Double Fine Productions)
Comical 0.8 (HKLM-x32\...\Comical_is1) (Version:  - James Athey)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Damned (HKLM-x32\...\Steam App 251170) (Version:  - 9heads Game Studios)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Deathmatch Classic (HKLM-x32\...\Steam App 40) (Version:  - Valve)
Deus Ex New Vision (HKLM-x32\...\Deus Ex New Vision) (Version: 1.5 - DaveW)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version:  - Ion Storm)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Double Action: Boogaloo (HKLM-x32\...\Steam App 317360) (Version:  - Double Action Factory)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.35 - Lenovo)
Energy Manager (x32 Version: 1.0.0.35 - Lenovo) Hidden
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
Euro Truck Simulator 2 Multiplayer 0.1.7 R3 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.1.7 R3 Alpha - ETS2MP Team)
Fallout (HKLM-x32\...\Steam App 38400) (Version:  - Interplay Inc.)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version:  - Subset Games)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
GameRanger (HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\GameRanger) (Version:  - GameRanger Technologies)
GameRanger (HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\GameRanger) (Version:  - GameRanger Technologies)
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Guns of Icarus Online (HKLM-x32\...\Steam App 209080) (Version:  - Muse Games)
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version:  - Filip Victor)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.10.251 - SurfRight B.V.)
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - Dennaton Games)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10249 - Realtek Semiconductor Corp.)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.410 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.410 - LogMeIn, Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Max Payne (HKLM-x32\...\Steam App 12140) (Version:  - Remedy Entertainment)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Halo (HKLM-x32\...\Halo) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Monkey Island 2: Special Edition (HKLM-x32\...\Steam App 32460) (Version:  - LucasArts)
Moonbase Alpha (HKLM-x32\...\Steam App 39000) (Version:  - Virtual Heroes)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NEKOPARA Vol. 1 (HKLM-x32\...\Steam App 333600) (Version:  - NEKO WORKs)
NVIDIA GeForce Experience 2.5.15.54 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.54 - NVIDIA Corporation)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Organ Trail: Director's Cut (HKLM-x32\...\Steam App 233740) (Version:  - The Men Who Wear Many Hats)
Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version:  - 3909)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Plague Inc: Evolved (HKLM-x32\...\Steam App 246620) (Version:  - Ndemic Creations)
planetarian ~the reverie of a little planet~ (HKLM-x32\...\Steam App 316720) (Version:  - VisualArt's/Key)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.992 - Even Balance, Inc.)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Quake Live (HKLM-x32\...\Steam App 282440) (Version:  - id Software)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.308 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.37 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Return to Castle Wolfenstein (HKLM-x32\...\Steam App 9010) (Version:  - Gray Matter Studios)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
Rising Storm/Red Orchestra 2 Multiplayer (HKLM-x32\...\Steam App 35450) (Version:  - Tripwire Interactive)
Rock of Ages (HKLM-x32\...\Steam App 22230) (Version:  - ACE Team)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Rome: Total War (HKLM-x32\...\Steam App 4760) (Version:  - The Creative Assembly)
S.T.A.L.K.E.R.: Shadow of Chernobyl (HKLM-x32\...\Steam App 4500) (Version:  - GSC Game World)
Serious Sam Classic: The Second Encounter (HKLM-x32\...\Steam App 41060) (Version:  - Croteam)
Serious Sam Classics: Revolution (HKLM-x32\...\Steam App 227780) (Version:  - Croteam)
SHIELD Streaming (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.15.54 - NVIDIA Corporation) Hidden
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Stalker Complete 2009 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version:  - )
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version:  - Pandemic Studios)
Starbound (HKLM-x32\...\Steam App 211820) (Version:  - )
StartIsBack+ (HKLM-x32\...\StartIsBack) (Version: 1.7 - startisback.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Kingdoms (HKLM-x32\...\Steam App 47410) (Version:  - FireFly Studios)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.14.74 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{705216C1-BA52-4B16-AFE4-4143B340D62D}) (Version: 6.0.12.6 - Husdawg, LLC)
System Shock: Enhanced Edition (HKLM-x32\...\Steam App 410710) (Version:  - Looking Glass Studios)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version:  - Test3 Projects)
The Neverhood (HKLM-x32\...\DreamWorks Interactive: Neverhood) (Version:  - )
The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version:  - LucasArts)
The Talos Principle Public Test (HKLM-x32\...\Steam App 330710) (Version:  - Croteam)
Thief 2 (HKLM-x32\...\Steam App 211740) (Version:  - Looking Glass Studios)
Thief 3 Sneaky Upgrade SDB (HKLM\...\{61271900-d6b0-4da5-801b-7127a8713df1}.sdb) (Version:  - )
Thief 3 Sneaky Upgrade version 1.1.3.4 (HKLM-x32\...\{6787B847-DE1D-4B75-AF7F-9F0B0FF9E59E}_is1) (Version: 1.1.3.4 - )
Thief Gold (HKLM-x32\...\Steam App 211600) (Version:  - Looking Glass Studios)
Thief: Deadly Shadows (HKLM-x32\...\Steam App 6980) (Version:  - Ion Storm)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
Unity Web Player (HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.4f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.4 - Ubisoft)
Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version:  - Ubisoft Montpellier)
War Thunder (HKLM-x32\...\Steam App 236390) (Version:  - Gaijin Entertainment)
WebP Codec for Windows 0.19 (HKLM\...\{9D2F4EB8-98AD-4C8B-A0C5-4C114B3F1287}) (Version: 0.19.9 - Google Inc)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wolfenstein 3D (HKLM-x32\...\Steam App 2270) (Version:  - id Software)
World of Tanks (HKU\S-1-5-21-435174368-2995637555-2580234153-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
World of Tanks (HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
World of Warplanes (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1) (Version:  - Wargaming.net)
World of Warships (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814EU}_is1) (Version:  - Wargaming.net)
WoWS Weekend (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814NA}_is1) (Version:  - Wargaming.net)
Xenonauts (HKLM-x32\...\Steam App 223830) (Version:  - Goldhawk Interactive)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-435174368-2995637555-2580234153-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

28-10-2015 22:12:48 Scheduled Checkpoint
07-11-2015 20:17:16 Scheduled Checkpoint
11-11-2015 12:03:06 Windows Update
19-11-2015 03:28:50 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2015-11-18 18:35 - 00000563 ___AH C:\Windows\system32\Drivers\etc\hosts

127.0.0.1   www.yandex.ua
127.0.0.1   www.yandex.ru
127.0.0.1   www.ya.ru
127.0.0.1   mail.ua
127.0.0.1   mail.ru
127.0.0.1   steampowered.com
127.0.0.1   steamcommunity.com
127.0.0.1   www.google.com.ua
127.0.0.1   store.steampowered.com
127.0.0.1   live.com
127.0.0.1   rambler.ru
127.0.0.1   mail.qip.ru
127.0.0.1   mail.google.com
127.0.0.1   mail.rambler.ru
127.0.0.1   mail.nic.ru
127.0.0.1   74.ru
127.0.0.1   webmail.meta.ua
127.0.0.1   mail.i.ua
127.0.0.1   freemail.ukr.net
127.0.0.1   mail.com
127.0.0.1   web.mail.com

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1354903B-EF21-45B3-941F-94B9D5FCD86B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {192B367C-3FA3-4089-A574-1083844ECA09} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-24] (Synaptics Incorporated)
Task: {1C761AB0-E6B3-421F-8146-143B666B0012} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {2D42BC9F-1D47-42A3-919A-018F9C579E8D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)
Task: {4F64B868-FF3A-4B24-9DA8-CC4E3C32A34C} - System32\Tasks\{19575E33-BB89-4A60-8307-12292EE27310} => pcalua.exe -a "C:\Program Files (x86)\MediaPlayerVid2.4\Uninstall.exe" -c /fcp=1
Task: {6DA90553-FE00-4E92-9D5F-8E1B3E8AF619} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-11] (Microsoft Corporation)
Task: {9834692F-C490-4174-943B-CABD00ECC336} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {AB94665B-26F0-454E-95B1-6D6FFD754416} - \LaunchPreSignup -> No File <==== ATTENTION
Task: {BD656C75-687E-4080-A73F-7833733E7AAD} - System32\Tasks\ZsfnGqc44e => C:\Users\tomi\AppData\Roaming\ZsfnGqc44e.exe <==== ATTENTION
Task: {F92929D0-5C7C-4279-A47B-DF416753F59C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-02] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ZsfnGqc44e.job => C:\Users\tomi\AppData\Roaming\ZsfnGqc44e.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-09-06 08:36 - 2015-11-05 15:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-25 21:23 - 2014-10-18 04:52 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-06 08:30 - 2014-08-13 21:24 - 00453448 _____ () C:\Windows\system32\igfxTray.exe
2013-10-30 05:22 - 2013-10-30 05:22 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-10-30 05:19 - 2013-10-30 05:19 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-10-30 05:26 - 2013-10-30 05:26 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2014-09-06 08:38 - 2010-10-26 19:40 - 00049056 _____ () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2015-09-26 02:25 - 2015-10-12 03:05 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-07-31 09:16 - 2014-07-31 09:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-06 08:55 - 2013-09-17 10:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-11-18 18:33 - 2015-11-18 18:33 - 00086528 _____ () E:\Steam\tierbg01.dll
2015-10-08 04:02 - 2015-10-05 16:18 - 00778752 _____ () E:\Steam\SDL2.dll
2015-07-22 16:26 - 2015-07-03 16:12 - 04962816 _____ () E:\Steam\v8.dll
2015-11-10 11:14 - 2015-11-10 02:44 - 02541648 _____ () E:\Steam\video.dll
2015-07-22 16:26 - 2015-07-03 16:12 - 01556992 _____ () E:\Steam\icui18n.dll
2015-07-22 16:26 - 2015-07-03 16:12 - 01187840 _____ () E:\Steam\icuuc.dll
2015-10-08 04:02 - 2015-09-24 00:33 - 02549248 _____ () E:\Steam\libavcodec-56.dll
2015-10-08 04:02 - 2015-09-24 00:33 - 00491008 _____ () E:\Steam\libavformat-56.dll
2015-10-08 04:02 - 2015-09-24 00:33 - 00332800 _____ () E:\Steam\libavresample-2.dll
2015-10-08 04:02 - 2015-09-24 00:33 - 00442880 _____ () E:\Steam\libavutil-54.dll
2015-10-08 04:02 - 2015-09-24 00:33 - 00485888 _____ () E:\Steam\libswscale-3.dll
2015-11-10 11:14 - 2015-11-10 02:44 - 00806992 _____ () E:\Steam\bin\chromehtml.DLL
2015-11-05 21:24 - 2015-11-03 22:00 - 00201728 _____ () E:\Steam\bin\openvr_api.dll
2015-10-09 15:37 - 2015-10-08 22:20 - 45010208 _____ () E:\Steam\bin\libcef.dll
2015-10-08 04:02 - 2015-09-24 23:56 - 00119208 _____ () E:\Steam\winh264.dll
2015-11-12 22:14 - 2015-11-07 04:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-12 22:14 - 2015-11-07 04:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-435174368-2995637555-2580234153-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-435174368-2995637555-2580234153-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{CE1CB7B1-3BEA-4228-A3F7-CC9EB57C9DF3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{D7683AE7-CC42-45E5-AC7B-C45E6A2EFC92}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{D9D0D809-3188-4EED-83CE-4786A842AC2F}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{806283D5-7458-470B-85F2-4180DBDA2A21}] => (Allow) E:\Steam\Steam.exe
FirewallRules: [{99F778FB-3EAF-4BAF-A0F5-FCE5FA16D29A}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{13B39577-CA28-4001-A7F1-7201B3E397B6}] => (Allow) E:\Steam\bin\steamwebhelper.exe
FirewallRules: [{881893ED-9BB8-464E-A7B9-0D20D648AD7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DA73E81D-376C-4865-A151-882C80507968}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1852D0D8-613C-410D-B061-91B41F4B6814}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EAE94804-6D97-4FDA-9B11-B03A20EB30C7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A5FE3485-3A97-4D54-93E3-E63875E08999}] => (Allow) E:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2F207996-56A9-496A-A7E5-CF47B107AE8A}] => (Allow) E:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{9604CA9C-01EE-4D03-A342-69BD177230AA}] => (Allow) E:\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{4C576E62-60DA-4B64-B6E8-033A25E75296}] => (Allow) E:\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{BE59AB04-7ACC-470E-92AC-1E0410AEF363}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{D4922C60-7F90-47FE-8BF5-B4983907031B}] => (Allow) E:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4DB022CA-91C8-4C3D-8D66-9F8E6FCD5455}] => (Allow) E:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{AE3DBDCE-D493-42E1-81EC-099D7C2890FD}] => (Allow) E:\Steam\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [TCP Query User{9E08376A-3ED2-41FA-85A2-CE0FB1FD5498}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{DFF1A217-65EA-4E0F-9E85-09314C90CD7B}E:\games\world_of_tanks\wotlauncher.exe] => (Allow) E:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{178C1E25-B596-409C-89CE-14E44C50F958}E:\games\world_of_tanks\wotlauncher.exe] => (Allow) E:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{9D8CC7E0-463A-441D-A460-E73C81D3ADB4}] => (Allow) E:\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{64846CC2-E5B0-4258-A642-8B8758025022}] => (Allow) E:\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{90B5E615-92D1-4EB8-B901-1E8D0EA9FD61}] => (Allow) E:\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{4A581A63-EF7C-43E0-A883-FF3DE29F205A}] => (Allow) E:\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{D1A45DE3-770D-41CB-9415-20948C2B6A95}] => (Allow) E:\Steam\SteamApps\common\thief_gold\THIEF.EXE
FirewallRules: [{0FD08B4D-3443-4F8F-979F-1CFBD24F1860}] => (Allow) E:\Steam\SteamApps\common\thief_gold\THIEF.EXE
FirewallRules: [{AE12E865-D220-4AA2-9465-A05C352F9A01}] => (Allow) E:\Steam\SteamApps\common\thief_2\thief2.exe
FirewallRules: [{522CD5A5-0E6F-4C35-B0CD-5F7055C28D5A}] => (Allow) E:\Steam\SteamApps\common\thief_2\thief2.exe
FirewallRules: [{22C4D70F-BA21-4147-AAFB-B3607991AAAE}] => (Allow) E:\Steam\SteamApps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{941949ED-4D5B-4A4F-B15E-699B6BC28899}] => (Allow) E:\Steam\SteamApps\common\Thief Deadly Shadows\System\runme.exe
FirewallRules: [{33E148B3-34AD-4B23-B057-DEB5F5FCBB88}] => (Allow) E:\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{E2EF3D80-F08B-42E4-AD39-B89B26BCA71B}] => (Allow) E:\Steam\SteamApps\common\Red Orchestra 2\Binaries\Win32\ROGame.exe
FirewallRules: [{979891BA-BB25-4846-814B-CF3D73C1D815}] => (Allow) E:\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{A0170874-D251-4A4C-8F71-39564E3023F5}] => (Allow) E:\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{D1D596D3-0057-4272-9429-9B1173C670C1}] => (Allow) E:\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{E84BFA3F-D90C-4724-A080-FCD6C3F35693}] => (Allow) E:\Steam\SteamApps\common\PlagueInc\PlagueIncEvolved.exe
FirewallRules: [{1BC3F8DD-72B1-464C-85A7-84091F6B2F10}] => (Allow) E:\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{B6CDBDA3-6EB2-4D04-A983-F2F4DDB752C7}] => (Allow) E:\Steam\SteamApps\common\insurgency2\insurgency.exe
FirewallRules: [{A3D96D06-5FF7-44D8-A11D-96F9D9BED716}] => (Allow) E:\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{3C210CD9-3FA9-4E4E-BE3D-5F93F966EDAD}] => (Allow) E:\Steam\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{070BF0B4-41E5-4AB6-BA9E-09086E1200F3}] => (Allow) E:\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{1FA32EB4-962E-41AC-9E34-71BCD933DB81}] => (Allow) E:\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{3EE88A9B-4129-45BA-B0E7-635047182A72}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3834458E-34FE-42FF-B1BE-0F8C47E82B56}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{132F0DCF-868F-428A-86BE-A9D80D21D495}] => (Allow) E:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{55BC32FD-EDFB-4F1D-8443-7E417094F73E}] => (Allow) E:\Steam\SteamApps\common\Quake Live\quakelive_steam.exe
FirewallRules: [{B4F52BC7-D98B-49CF-9B01-5E0F8456E5D6}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
FirewallRules: [{5D51BAE6-7E8B-4E98-B1DC-6741895162C4}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
FirewallRules: [{87DB848C-0818-4C78-ADE5-3C7387D5523C}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
FirewallRules: [{0DBB4B8C-0AB4-40F9-BF22-4B09BDD924E3}] => (Allow) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
FirewallRules: [{7118D9D2-F968-4120-A4C8-C3D2359B0616}] => (Allow) E:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{D46911EA-4F5C-4144-9B05-2ED057090B6E}] => (Allow) E:\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{D0E5E192-9BC0-4532-A55A-BAC8DFE3C4FB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{28D1944B-1588-4D09-909B-D11404DADC69}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{7BC4A345-339D-4AB1-9678-54680761F1AC}] => (Allow) E:\Steam\SteamApps\common\Beat Hazard\BeatHazard.exe
FirewallRules: [{E925D83A-D30F-4CA3-8203-82A5691A23D5}] => (Allow) E:\Steam\SteamApps\common\Beat Hazard\BeatHazard.exe
FirewallRules: [{605654D3-F30F-4CD3-82D5-D1983CEB2BCA}] => (Allow) E:\Steam\SteamApps\common\Beat Hazard\runme.exe
FirewallRules: [{E3F11CA8-B691-450A-9F07-0FD5D035DEDB}] => (Allow) E:\Steam\SteamApps\common\Beat Hazard\runme.exe
FirewallRules: [{0184A6B4-C4D4-455B-B8E4-FC605D6ED705}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{93193091-5BCA-4EB5-AF80-702F99F7BEF9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2CCD8E88-57F4-4155-88A6-CF393F080421}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{63AF7700-D00E-4CFF-8404-C5E978A95CB8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{912C8EDA-E3A7-480B-BF26-A0E642D7F4DD}E:\games\world_of_tanks\wotlauncher.exe] => (Allow) E:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{A30C7581-5ACA-48CD-995F-F1383CDE8383}E:\games\world_of_tanks\wotlauncher.exe] => (Allow) E:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{96153E42-BC90-4B15-A336-EBBC4B7405B5}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{7211B5B9-ECBA-4D0D-A563-355374E8E5D0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{1C5254EF-78F2-4D3B-AE7F-EA6CEF895A6D}] => (Allow) E:\Steam\SteamApps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{64716765-8937-4048-9035-F69BEEC42441}] => (Allow) E:\Steam\SteamApps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{26B43382-1364-49EC-90D8-A91990F14AF2}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{92222B25-25D6-4BBB-B1E8-05B74D49639B}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{3C6167C4-C063-4501-B183-51D2E5398876}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{260B87B2-D2F6-4C93-A375-CD3D26535CE9}] => (Allow) C:\Program Files (x86)\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{6B218E83-601B-44B2-9653-DAAEA2D48E37}] => (Allow) E:\Steam\SteamApps\common\Stronghold Kingdoms\StrongholdKingdoms.exe
FirewallRules: [{4D38611D-3B5F-4AD2-BA53-81BC2CFC1A76}] => (Allow) E:\Steam\SteamApps\common\Stronghold Kingdoms\StrongholdKingdoms.exe
FirewallRules: [TCP Query User{31DDE9BC-98FA-4050-BB21-DAC16DC0E1EA}E:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) E:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [UDP Query User{B5ACC0D3-55B6-46F3-857C-909C360F3DD7}E:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe] => (Allow) E:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe
FirewallRules: [{F8A90747-6196-4BF8-B9EF-D42B067F0412}] => (Allow) E:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{4719752E-AF2E-49F8-A683-846FE88AAB27}] => (Allow) E:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [TCP Query User{E70C9749-CFF3-4CA2-8E65-1CD5467DA7E5}E:\games\world_of_tanks\worldoftanks.exe] => (Allow) E:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{F449FC32-E297-4092-A0EA-36145231C36A}E:\games\world_of_tanks\worldoftanks.exe] => (Allow) E:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{C53276B6-51A8-4F8C-B49E-DFF1E21D2EEA}] => (Allow) E:\Steam\SteamApps\common\A Bird Story\A Bird Story\A Bird Story.exe
FirewallRules: [{EF13FFC7-58B7-4C8E-BA9E-6651694DA5C0}] => (Allow) E:\Steam\SteamApps\common\A Bird Story\A Bird Story\A Bird Story.exe
FirewallRules: [{4968051D-1ED1-4604-9095-26D0DF01FF11}] => (Allow) E:\Steam\SteamApps\common\TeleglitchDME\Teleglitch.exe
FirewallRules: [{E309CEDE-6D63-4468-8BCA-C731BFBDDC31}] => (Allow) E:\Steam\SteamApps\common\TeleglitchDME\Teleglitch.exe
FirewallRules: [{13A10752-1B0B-4A19-9431-F08C7EB52224}] => (Allow) E:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{F1F4BC74-7C5D-4260-A8A7-1CCCE2A0FBB0}] => (Allow) E:\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{D83CEF81-B306-44B6-BB37-F25C5D88FB81}] => (Allow) E:\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{10B0ACC6-8327-4287-9F0C-CFE36CAE921B}] => (Allow) E:\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [TCP Query User{4626E55B-BF76-4ABF-AD94-269E749991FF}E:\games\world_of_warplanes\wowplauncher.exe] => (Allow) E:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [UDP Query User{769DD6FE-7D2D-449C-83F5-217A611D0803}E:\games\world_of_warplanes\wowplauncher.exe] => (Allow) E:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{29B862E5-B042-4189-B8B0-8CC5677990E1}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
FirewallRules: [{1BF275DC-AA54-4285-846D-C2E422834CEB}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Classic The Second Encounter\Bin\SeriousSam.exe
FirewallRules: [{9A383C50-7872-4037-B9F7-CF7A315C3B4F}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
FirewallRules: [{8583EFA0-ADE9-4766-A72C-2D998D32BA98}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Classic The Second Encounter\Bin\SeriousEditor.exe
FirewallRules: [{236CB8AA-EE0B-407C-AA2B-6F25E7C312E8}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
FirewallRules: [{5C6691D1-0CAC-4E61-A30E-928D39BF2D4E}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Classic The Second Encounter\Bin\SeriousModeler.exe
FirewallRules: [{97C881DB-A0C9-4C8E-9359-75D0A9C2F24F}] => (Allow) E:\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{04821C11-CDF8-4230-A1FA-35008FC8B41E}] => (Allow) E:\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{60277938-EAA7-44B4-8467-550BB7B4F474}] => (Allow) E:\Steam\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{DD7F4C6B-479B-47A3-B4A2-3AA145FBB212}] => (Allow) E:\Steam\SteamApps\common\aceofspades\aos.exe
FirewallRules: [{3A24A9FE-5E82-4804-95F0-4FF5EA13FED5}] => (Allow) E:\Steam\SteamApps\common\Wolfenstein 3D\base\dosbox.exe
FirewallRules: [{7798B3FB-175F-4F38-A3F1-7281E0921773}] => (Allow) E:\Steam\SteamApps\common\Wolfenstein 3D\base\dosbox.exe
FirewallRules: [{4DFC5FA1-93E5-46B7-A794-334308B07985}] => (Allow) E:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{B1B280B1-E1FC-4DA3-8388-C467AE530D3E}] => (Allow) E:\Steam\SteamApps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{4493E71E-DAA8-473B-9638-4B0B375EA860}] => (Allow) E:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{4C6E3C3D-E32D-4E68-AF2D-4672A03F2E47}] => (Allow) E:\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{00E34483-1E03-4475-97EE-5D11A3B6C945}] => (Allow) E:\Steam\SteamApps\common\Double Action\hl2.exe
FirewallRules: [{BFA9E84C-D0AA-4BF8-A36C-CEAFF325A883}] => (Allow) E:\Steam\SteamApps\common\Double Action\hl2.exe
FirewallRules: [{76A6C950-DE7C-4DFF-A87E-CD6C0598BB40}] => (Allow) E:\Steam\SteamApps\common\Max Payne\maxpayne.exe
FirewallRules: [{9F7792D8-3518-4F76-92DC-0D13851836A8}] => (Allow) E:\Steam\SteamApps\common\Max Payne\maxpayne.exe
FirewallRules: [TCP Query User{51182970-C6AB-4E5E-955B-9E10C5A16EDE}E:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) E:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [UDP Query User{493C2FC2-1C43-4CD0-92FE-F3D8068A2E03}E:\steam\steamapps\common\awesomenauts\awesomenauts.exe] => (Allow) E:\steam\steamapps\common\awesomenauts\awesomenauts.exe
FirewallRules: [{59E711F7-BFF6-4BC7-9F5E-173B9D2ECB37}] => (Allow) E:\Steam\SteamApps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [{7DDB27AE-1532-4E5F-A61C-972EE274E4B9}] => (Allow) E:\Steam\SteamApps\common\BrutalLegend\BrutalLegend.exe
FirewallRules: [TCP Query User{98AFE7D7-1AD3-4CC8-A81B-3219821BF728}C:\users\tomi\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\tomi\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{8C8C9565-8340-4522-B0B9-6FB011C9AB0C}C:\users\tomi\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\tomi\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [TCP Query User{341F5A95-EA45-48E5-920D-35FB394DF976}C:\users\tomi\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\tomi\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{9F81995F-B23E-4441-8D5F-CCAF56F582AF}C:\users\tomi\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\tomi\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [{9ACCBCF4-ACB9-476F-AA50-3AADC9D1631E}] => (Allow) E:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{3B658EF3-CD84-4475-97A9-B91D94839BF4}] => (Allow) E:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{60A36E79-B2C7-4EE4-81F9-7F4E4D260AFD}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{875443A7-16B7-444A-BC6F-0CB7EFE4E1A4}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{94F208C6-B5C7-4DC5-AF11-026327BBDDE4}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{23843CF7-5CA9-4B76-9CC6-24AA9DC98B7C}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{30E524E3-B58D-40ED-96CF-37419140DEBC}] => (Allow) E:\Steam\SteamApps\common\Return to Castle Wolfenstein\WolfSP.exe
FirewallRules: [{76EBCC5F-D501-4311-9F37-9CACF2EF82C1}] => (Allow) E:\Steam\SteamApps\common\Return to Castle Wolfenstein\WolfSP.exe
FirewallRules: [{584F3FE1-D50B-4BA0-B47D-0680CEFD7EE0}] => (Allow) E:\Steam\SteamApps\common\Return to Castle Wolfenstein\WolfMP.exe
FirewallRules: [{4CABDDBA-74B7-4973-9597-88C54859D31F}] => (Allow) E:\Steam\SteamApps\common\Return to Castle Wolfenstein\WolfMP.exe
FirewallRules: [{AA4786BC-EC39-48DF-95F1-2A19D9342048}] => (Allow) E:\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{EEF0B19D-146D-4E63-8BEC-1F53773EAB1E}] => (Allow) E:\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{316A1C86-C549-41AE-B684-196338561C94}] => (Allow) E:\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{9C696E23-3BE1-45A1-A050-0AE458EFD7FA}] => (Allow) E:\Steam\SteamApps\common\Mount & Blade With Fire and Sword\mb_wfas.exe
FirewallRules: [{8B08069A-7987-4387-9EB9-6C70D347FFA4}] => (Allow) E:\Steam\SteamApps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{378CFBDA-92BC-46AE-B8E3-25E854E3EDC6}] => (Allow) E:\Steam\SteamApps\common\NEKOPARA Vol. 1\nekopara_vol1.exe
FirewallRules: [{F16C9ED7-ADCC-4E00-8FA5-21752595264E}] => (Allow) E:\Steam\SteamApps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{CE90547A-66F6-4FA0-819A-6D6461EA1C34}] => (Allow) E:\Steam\SteamApps\common\Moon Base Alpha\Binaries\Win32\MoonBaseAlphaGame.exe
FirewallRules: [{AE4CE231-7616-40CF-9250-3824E2081447}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F833F2A-E029-45F1-A21C-A80B68961B70}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0D7AB9B7-5DC1-4EF3-9DB5-E6C6186A5916}] => (Allow) E:\Steam\SteamApps\common\planetarian ~the reverie of a little planet~\RealLiveMaxEx.exe
FirewallRules: [{8A3A0C44-3D79-43E0-8850-C00CFC08B17E}] => (Allow) E:\Steam\SteamApps\common\planetarian ~the reverie of a little planet~\RealLiveMaxEx.exe
FirewallRules: [TCP Query User{B1626DAA-AEB2-411B-A61C-4189F4D10CFE}C:\users\tomi\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\tomi\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [UDP Query User{83093BB3-2A57-488C-A486-4B8D90F1033F}C:\users\tomi\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\tomi\appdata\roaming\gameranger\gameranger\gameranger.exe
FirewallRules: [{6B893C4E-40A8-439C-AFD9-BF8BB4F81275}] => (Allow) E:\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [{DD447B7E-C438-435A-800D-1B6692B88C90}] => (Allow) E:\Steam\SteamApps\common\War Thunder\launcher.exe
FirewallRules: [TCP Query User{9E7B1791-EB92-41C5-9E3A-9CA5AB3F8BD9}E:\steam\steamapps\common\war thunder\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{BC3E5F9D-59A6-49FF-A40D-7D96F0F73678}E:\steam\steamapps\common\war thunder\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{1A6239D7-0213-4DFB-83AF-F8FF65A0AE57}E:\games\wows weekend\wowslauncher.exe] => (Allow) E:\games\wows weekend\wowslauncher.exe
FirewallRules: [UDP Query User{43E96371-D29B-4B67-B103-7B36579A50E8}E:\games\wows weekend\wowslauncher.exe] => (Allow) E:\games\wows weekend\wowslauncher.exe
FirewallRules: [{E0E14C8A-9A0C-4882-B014-7DBCAB85567A}] => (Allow) E:\Steam\SteamApps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [{CBEC30B0-E38C-46D1-AB0E-CF0BB7163C5B}] => (Allow) E:\Steam\SteamApps\common\OrganTrailDC\OrganTrail.exe
FirewallRules: [TCP Query User{A0325B2E-7189-4597-A8D7-FA8991C05152}C:\users\tomi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tomi\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{04C1F562-2DAD-41CB-8118-BCA6B4A30A2C}C:\users\tomi\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\tomi\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{DD2DA41C-D882-4CC5-81F8-AA19AF89A100}] => (Allow) E:\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{9F7ECB86-91D5-4723-B055-3C8075F5F5B9}] => (Allow) E:\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{F6A8C402-26DA-4364-A8E7-96F76459138D}] => (Allow) E:\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{38FB7C2F-697D-4E63-94AA-E51F3BA160E1}] => (Allow) E:\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{5C0A6DD7-B896-404E-8C26-72398CC50221}] => (Allow) E:\Steam\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{35729A10-8D19-471C-9020-FBEAC8FD9D20}] => (Allow) E:\Steam\SteamApps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{D7CE6F87-DD3F-44BD-A65C-3803B9961A86}] => (Allow) E:\Steam\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{5F841429-45BB-47A5-BB98-C532CED2E9AA}] => (Allow) E:\Steam\SteamApps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [TCP Query User{FA2CC2A6-EA88-4FD2-BCAE-22166CF2239D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1C5F9967-03AC-4E76-AC5F-258225052D4E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{A4FC366A-9A25-4287-8055-B6AC6DFD2969}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{B5205444-6A8F-4C50-9299-AFCB2E051DF5}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{E13A08E8-BE2A-41F3-AE76-6EC1AB49534E}] => (Allow) E:\Steam\SteamApps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{A07491E9-661C-4161-B78D-8C3B7D49E706}] => (Allow) E:\Steam\SteamApps\common\STALKER Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [TCP Query User{F48234EE-E694-4C7F-AE98-FCEF4693C255}E:\games\world_of_warships\wowslauncher.exe] => (Allow) E:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{5C7B7092-841B-4B02-BF30-EC2DF0013893}E:\games\world_of_warships\wowslauncher.exe] => (Allow) E:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{5A5A73CC-7EBD-418C-A83C-FF9E6E5F7A4C}] => (Allow) E:\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{BD256D5D-7944-43E1-9A9B-1A2B51A95B01}] => (Allow) E:\Steam\SteamApps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{35EDDB0C-C456-4355-8871-1144CAF0A65D}] => (Allow) E:\Steam\SteamApps\common\Monkey2\Monkey2.exe
FirewallRules: [{0043E7E5-5D67-4774-842A-D6A4A7C91CD1}] => (Allow) E:\Steam\SteamApps\common\Monkey2\Monkey2.exe
FirewallRules: [{6FC8A69C-2C0B-4C86-A561-4E7316105A99}] => (Allow) E:\Steam\SteamApps\common\The Secret of Monkey Island Special Edition\MISE.exe
FirewallRules: [{E388CE84-F32A-40D7-883B-1C36AF73F061}] => (Allow) E:\Steam\SteamApps\common\The Secret of Monkey Island Special Edition\MISE.exe
FirewallRules: [{5843A1D2-1644-4B69-8E8A-0067A3725AB4}] => (Allow) E:\Steam\SteamApps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{80C8E2FA-10E2-494F-84B5-1DDB8427286C}] => (Allow) E:\Steam\SteamApps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{626C4CA5-F4F1-4B52-9E2C-C052E2A4058F}] => (Allow) E:\Steam\SteamApps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{7DD8819F-2671-4106-AE3F-54692840F83A}] => (Allow) E:\Steam\SteamApps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{9BB8BCAC-625D-475D-B98C-2C19BDC7F638}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{156E307E-76DB-4E72-A702-A3C776AED5A1}] => (Allow) E:\Steam\SteamApps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [TCP Query User{15B6538A-9425-4C0A-BE42-D4F3A3DEFC70}E:\games\microsoft games\halo\halo.exe] => (Allow) E:\games\microsoft games\halo\halo.exe
FirewallRules: [UDP Query User{248CEE32-2810-4F4A-9522-558CAC207BFD}E:\games\microsoft games\halo\halo.exe] => (Allow) E:\games\microsoft games\halo\halo.exe
FirewallRules: [{85E27BB5-7F51-4460-9331-6AD38DA2AA86}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{9F51294D-85C6-442A-A9C2-EC88FC730993}] => (Allow) E:\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{96228262-A22A-4220-BA48-D348D16DE3F8}E:\games\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2EB3EDA8-2BF4-4860-AA47-FDB5FE2466F7}E:\games\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe] => (Allow) E:\games\heroes of the storm\versions\base34846\heroesofthestorm_x64.exe
FirewallRules: [{611593A5-6E14-43EC-9517-8D69B23A1444}] => (Allow) E:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{1BA34F38-1A3A-4E95-829E-6D58184F57E9}] => (Allow) E:\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{B39B3FE0-C6D1-42BA-BD63-EC7E4A726FF1}] => (Allow) E:\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{4C387B55-55CA-4C84-A806-7ABB8A8A2C4D}] => (Allow) E:\Steam\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{8ECEEF4D-5794-4FF5-B7BB-020EC4FD77BA}] => (Allow) E:\Steam\SteamApps\common\Black Mesa\bms.exe
FirewallRules: [{D3A7C4E5-EBAE-4A6C-B833-07D93628DC9B}] => (Allow) E:\Steam\SteamApps\common\Black Mesa\bms.exe
FirewallRules: [{B36D4AF1-38EC-4282-919C-5D8BFA8953D5}] => (Allow) E:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{85992901-0E48-4F72-9C08-EE991E6718AD}] => (Allow) E:\Steam\SteamApps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{6C96EF55-6871-437A-915B-80473348DF44}] => (Allow) E:\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [{F15F298D-978D-4B59-8114-28C42FD4B8D7}] => (Allow) E:\Steam\SteamApps\common\Heroes & Generals\hngsteamlauncher.exe
FirewallRules: [TCP Query User{B2698666-C279-4190-AEC2-48C817F7AD3F}E:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe] => (Allow) E:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe
FirewallRules: [UDP Query User{CE3501BA-54B3-4F6A-9FC8-B3E887A005D4}E:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe] => (Allow) E:\steam\steamapps\common\global agenda live\binaries\globalagenda.exe
FirewallRules: [{ADC80159-704A-43AA-9ED1-4500B01EE397}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{CE6F9B00-9AF1-4B58-A9A8-077224957107}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{76FB5914-DE7F-4069-AC5B-62E16B241475}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{1C99BF88-B653-4872-9B73-512FFC2B747B}] => (Allow) E:\Steam\SteamApps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{F9AF8BF4-FD90-445D-B4CF-6F401FDAD18A}] => (Allow) E:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{83258E92-3888-47E3-9306-9E785064499A}] => (Allow) E:\Steam\SteamApps\common\Guns of Icarus Online\GunsOfIcarusOnline.exe
FirewallRules: [{553D18D0-5599-4F7D-A950-E92B6AB06EBD}] => (Allow) E:\Steam\SteamApps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{BC36A5D9-45B2-4F42-8965-6320887FC4F0}] => (Allow) E:\Steam\SteamApps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{19A3E741-9CDA-43EF-B388-75FBBCD2DE8B}] => (Allow) E:\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{0398B660-EEA6-4D55-AB98-82155F6D8FCB}] => (Allow) E:\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{4731F783-4183-4BAA-ACC1-4AB1C3E83B31}] => (Allow) E:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{C68BDAE8-9859-4A07-B782-657E4643F5E8}] => (Allow) E:\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{F4BF8508-5D8A-4B7D-97D5-4D1E83F9C340}] => (Allow) E:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{DCB85E28-6F50-4D8E-8C6B-5EDCA991BF89}] => (Allow) E:\Steam\SteamApps\common\dota 2 beta\game\bin\win32\dota2.exe
FirewallRules: [{46C9AD83-F9A6-4B76-98D4-0379E5DC7953}] => (Allow) E:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{3356F016-4BC1-4ED2-A8D3-D1A5C2C0FF1B}] => (Allow) E:\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [TCP Query User{84D44B24-00B3-4296-92D7-1CB735BE432C}E:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe] => (Allow) E:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [UDP Query User{2CA6D8CA-143B-410E-A692-449EB4B878BE}E:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe] => (Allow) E:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2CB84003-1D38-4A03-952B-9E369A0B39F8}] => (Allow) E:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{A0E390E9-87C2-42D1-86A3-5FB57B8A6BF9}] => (Allow) E:\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{9FA2C2CC-F273-4CD9-AE05-EC015C354A4C}] => (Allow) E:\Steam\SteamApps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{DC48C713-DE8E-4595-BECC-AED96FD7544B}] => (Allow) E:\Steam\SteamApps\common\Portal Stories Mel\portal2.exe
FirewallRules: [{F9D5A327-3CA9-4C5F-BC7E-7FC458F84B95}] => (Allow) E:\Steam\SteamApps\common\Damned\Damned.exe
FirewallRules: [{D0371A66-9ABB-4558-87F7-502B98913B1F}] => (Allow) E:\Steam\SteamApps\common\Damned\Damned.exe
FirewallRules: [{2CC54051-11B1-4E2D-8638-2DB7A452B714}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D5FA9400-0153-49B5-A9E6-7EC0A95469F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D41AD41D-D17A-48DF-B4C7-C581DF9292FD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3F147595-5338-4648-AEFE-B28F62C7D5D3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{28B7FACB-BBA5-4352-95EF-A4C28BD96DE8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{034DBED0-15C1-40D1-9CB1-0E5F38735B74}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9790061A-10B2-48A8-8204-A5EB960DFCDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D4D34212-AB51-4AF0-BBBC-E1E5B32FE3CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{90D00BA2-7075-4794-8476-AF4EF0A24D90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BF24D96B-860B-46A9-A96F-BEC0C646FB03}] => (Allow) E:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{204E6464-9505-4540-99FC-7C435908B346}] => (Allow) E:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{FB909FFE-9C56-4FBD-9B99-804DD88C049B}] => (Allow) E:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{09AD70D9-B967-4AB7-B15C-7BDE523D76A0}] => (Allow) E:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [{99E4972A-97DD-4DF6-88B3-7A5382011CB0}] => (Allow) E:\Steam\SteamApps\common\Armikrog\Armikrog.exe
FirewallRules: [{47C08422-1478-460C-B821-C86EF7B72745}] => (Allow) E:\Steam\SteamApps\common\Armikrog\Armikrog.exe
FirewallRules: [{BEBC47FB-220B-4AA1-AF79-11E3754E3DC3}] => (Allow) E:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{C3735020-B0BF-4406-BC67-7522C61FE99B}] => (Allow) E:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{FC89D5E5-FC2B-44A2-96F4-D8DF4BBFD349}] => (Allow) E:\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{035EF783-A3C6-4691-8BC5-F490122B6386}] => (Allow) E:\Steam\SteamApps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{DBDE7116-DA6C-4A59-B66D-BB4C609857B9}] => (Allow) E:\Steam\SteamApps\common\Xenonauts\Xenonauts.exe
FirewallRules: [{7076BB77-4292-4FC1-9923-7B6EF909D924}] => (Allow) E:\Steam\SteamApps\common\Xenonauts\Xenonauts.exe
FirewallRules: [{1C75FBB2-A3D6-41BA-B8F1-26E765EA170C}] => (Allow) E:\Steam\SteamApps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{D5C939A7-A314-4C96-B1D7-600B8EE0AEA4}] => (Allow) E:\Steam\SteamApps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{879D76CC-2E54-4923-8230-28E5AF490C78}] => (Allow) E:\Steam\SteamApps\common\Rock of Ages\Binaries\Win32\RoA.exe
FirewallRules: [{4EDF2F7A-BD01-4434-87F5-1C28199D67AF}] => (Allow) E:\Steam\SteamApps\common\Rock of Ages\Binaries\Win32\RoA.exe
FirewallRules: [{3A0A6F96-C9E7-4F3B-B649-F8E6EA9C828D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{3AF7BFDE-2DCA-4B20-A73C-6896B5A625C7}] => (Allow) E:\Steam\SteamApps\common\BIT.TRIP BEAT\BEAT.exe
FirewallRules: [{FE07BB31-5528-4FA4-AD65-CC7F8556D113}] => (Allow) E:\Steam\SteamApps\common\BIT.TRIP BEAT\BEAT.exe
FirewallRules: [{DE28ACF5-34D0-41AF-B7AE-AAA442560A87}] => (Allow) E:\Steam\SteamApps\common\SS1EE\sshock.exe
FirewallRules: [{32A8BA7E-BA76-48D0-9281-5BFBEABC70FA}] => (Allow) E:\Steam\SteamApps\common\SS1EE\sshock.exe
FirewallRules: [TCP Query User{C256B14E-4B0A-4C96-8D13-535EE2160999}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{0684E11E-3CBC-4BDC-B770-DB0D9966FC76}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [{B27886F8-E2D7-4D51-B7DA-1840C2C9B4A5}] => (Allow) E:\Steam\SteamApps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{0672697A-612B-4315-A29E-34B565B277B7}] => (Allow) E:\Steam\SteamApps\common\Audiosurf 2\Audiosurf2.exe
FirewallRules: [{C2FD757A-9CB8-4F60-A930-12C42744DB69}] => (Allow) E:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{9CBDA243-15D0-443A-8414-6389B5E4F6D4}] => (Allow) E:\Steam\SteamApps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{A75BBB8F-0AB6-4FF4-9397-20B5238A5133}] => (Allow) E:\Steam\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
FirewallRules: [{E97F72A0-568E-4C5C-99F4-D418E9540287}] => (Allow) E:\Steam\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
FirewallRules: [{130098C6-5411-49B2-823B-1C9AA9D27E13}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{95D7145C-3D73-4BF8-A40A-76DBF82E2F6E}] => (Allow) E:\Steam\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
FirewallRules: [{4E6C1541-77B9-4BFC-AE13-1FFD5F61409E}] => (Allow) E:\Steam\SteamApps\common\The Talos Principle Public Test\Bin\Talos_Demo.exe
FirewallRules: [{B89BBB34-8452-4DDB-8790-65E12317D147}] => (Allow) E:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{A494C9DA-EEC1-4933-8811-F47642068F56}] => (Allow) E:\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{B6371B50-635C-44ED-A139-F26C403C787B}E:\games\world_of_warships\wowslauncher.exe] => (Allow) E:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{07F6413D-0040-4C51-8B99-57BF6493AA61}E:\games\world_of_warships\wowslauncher.exe] => (Allow) E:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{65249F63-8687-4274-B640-DD672DEE31E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1BC66251-59B6-46A9-AD15-33087186B1E4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/19/2015 03:12:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 42.0.0.5780 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a10

Start Time: 01d122751e3d0303

Termination Time: 91

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 50a0102b-8e6b-11e5-82f2-b8ee657d4b2e

Faulting package full name:

Faulting package-relative application ID:

Error: (11/19/2015 02:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1601453

Error: (11/19/2015 02:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1601453

Error: (11/19/2015 02:20:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2015 01:53:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11188

Error: (11/19/2015 01:53:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11188

Error: (11/19/2015 01:53:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/19/2015 01:53:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9797

Error: (11/19/2015 01:53:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9797

Error: (11/19/2015 01:53:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/19/2015 04:17:40 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (11/19/2015 04:17:40 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

Error: (11/19/2015 03:31:23 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/19/2015 03:31:22 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/19/2015 03:31:22 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/19/2015 03:31:22 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/19/2015 03:31:22 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/19/2015 03:31:22 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/19/2015 03:31:22 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (11/19/2015 03:31:22 AM) (Source: DCOM) (EventID: 10010) (User: LENOVO)
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

CodeIntegrity:
===================================
  Date: 2015-11-19 01:28:56.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-19 01:28:56.379
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-18 18:44:17.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-18 18:44:17.674
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-18 18:44:06.529
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-18 18:44:06.310
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-18 18:44:03.794
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-18 18:44:03.575
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-18 18:43:59.042
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-11-18 18:43:58.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
Percentage of memory in use: 63%
Total physical RAM: 8088.36 MB
Available physical RAM: 2957.93 MB
Total Virtual: 9944.36 MB
Available Virtual: 4017.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:466.48 GB) (Free:334.9 GB) NTFS
Drive e: (DATE) (Fixed) (Total:464.69 GB) (Free:6.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=464.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 8.1 x64
Ran by tomi (Administrator) on Thu 11/19/2015 at  3:28:46.91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 7

Successfully deleted: C:\Users\tomi\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File)
Successfully deleted: C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)
Successfully deleted: C:\Users\tomi\AppData\Roaming\3909 (Folder)
Successfully deleted: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\gm_scripts\Battlelog_Custom_Emblem\117314.user.js (File)
Successfully deleted: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\gm_scripts\Super_Reddit_Alt-Text_Display\109869.user.js (File)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/19/2015 at  3:30:44.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Rkill.txt

Rkill 2.8.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/18/2015 08:35:40 PM in x64 mode.
Windows Version: Windows 8.1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1   www.yandex.ua
  127.0.0.1   www.yandex.ru
  127.0.0.1   www.ya.ru
  127.0.0.1   mail.ua
  127.0.0.1   mail.ru
  127.0.0.1   steampowered.com
  127.0.0.1   steamcommunity.com
  127.0.0.1   www.google.com.ua
  127.0.0.1   store.steampowered.com
  127.0.0.1   live.com
  127.0.0.1   rambler.ru
  127.0.0.1   mail.qip.ru
  127.0.0.1   mail.google.com
  127.0.0.1   mail.rambler.ru
  127.0.0.1   mail.nic.ru
  127.0.0.1   74.ru
  127.0.0.1   webmail.meta.ua
  127.0.0.1   mail.i.ua
  127.0.0.1   freemail.ukr.net
  127.0.0.1   mail.com

  20 out of 21 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 11/18/2015 08:38:55 PM
Execution time: 0 hours(s), 3 minute(s), and 14 seconds(s)

 

Repair_Logs_2015_11_19_05_21_58.txt

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2015_11_19_05_21_58
OS: Windows 8.1 - x64 Bit
Account Name: tomi
Adware Definition: Adware Definition: Nov-17-2015-1
Repair Status:- Automatic Done
\\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\

No results found

 

Scan_Logs_2015_11_19_05_21_58.txt

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Adware Removal Tool v4.1
Time: 2015_11_19_05_21_58
OS: Windows 8.1 - x64 Bit
Account Name: tomi
Adware Definition: Adware Definition: Nov-17-2015-1
Scan Status:- Automatic Done

\\\\\\\\\\\\\\\\\\\\\\\ Scan Logs \\\\\\\\\\\\\\\\\\\\\\

No results found

 

ZHPCleaner.txt

~ ZHPCleaner v2015.11.18.381 by Nicolas Coolman (2015/11/18)
~ Run by tomi (Administrator)  (19/11/2015 05:47:48)
~ Site : http://www.nicolascoolman.fr
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\tomi\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\tomi\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1, 64-bit  (Build 9600)

---\\  Services (0)
~ No malicious or unnecessary items found.

---\\  Browser internet (5)
DELETED: [xdm075yn.default] - user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.description", "MediaPlayerEnhance Ext[...]  =>PUP.Optional.CrossRider
DELETED: [xdm075yn.default] - user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.monetization_plugin_bundle[...]  =>PUP.Optional.Monetization
DELETED: [xdm075yn.default] - user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.monetization_plugin_notBun[...]  =>PUP.Optional.Monetization
DELETED: [xdm075yn.default] - user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.monetization_plugin_regBun[...]  =>PUP.Optional.Monetization
DELETED: [xdm075yn.default] - user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.name", "MediaPlayerVid2.4");  =>PUP.Optional.CrossRider

---\\  Hosts file (1)
~ The hosts file is legitimate (27)

---\\  Scheduled automatic tasks. (1)
DELETED task: [ZsfnGqc44e] [C:\Users\tomi\AppData\Roaming\ZsfnGqc44e.exe (Not File) ]  =>Heuristic.Pirrit

---\\  Explorer ( File, Folder) (10)
MOVED file: C:\Windows\Tasks\ZsfnGqc44e.job    =>Heuristic.Pirrit
MOVED file: C:\Windows\System32\Tasks\ZsfnGqc44e    =>Heuristic.Pirrit
MOVED file: C:\Users\tomi\AppData\Local\Temp\is-DLNCG.tmp\sp-standalone-setup.exe [Uniblue Systems Limited - SpeedUpMyPC Setup]  =>.Superfluous.Uniblue
MOVED file: C:\Users\tomi\AppData\Local\Temp\20605ee0-98d1-47de-bf47-dbfd3175319c\speedupmypc.exe [Uniblue Systems Limited - SpeedUpMyPC Setup]  =>.Superfluous.Uniblue
MOVED folder: C:\Users\tomi\AppData\Local\Temp\20605ee0-98d1-47de-bf47-dbfd3175319c  =>PUP.Optional.SpeedUpMyPC
MOVED folder: C:\Users\tomi\AppData\Local\Temp\3a46e832-fac6-4630-8886-a6ea38335f4e  =>PUP.Optional.SpeedUpMyPC
MOVED folder: C:\Users\tomi\AppData\Local\Temp\600eb90b-be7d-4eb4-bd5f-3adb3a373f05  =>PUP.Optional.SpeedUpMyPC
MOVED folder: C:\Users\tomi\AppData\Local\Temp\8fe73f69-f548-41fc-afd0-8e875c1e801f  =>PUP.Optional.SpeedUpMyPC
MOVED folder: C:\Users\tomi\AppData\Local\Temp\a806b5c3-74b8-47d8-93c6-186355e0032c  =>PUP.Optional.SpeedUpMyPC
MOVED folder: C:\Users\tomi\AppData\Local\Temp\c236cf75-f3da-4502-a9b7-0cb51cb1843e  =>PUP.Optional.SpeedUpMyPC

---\\  Registry ( Key, Value, Data) (1)
DELETED key*: [X64] HKLM\Software\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E [globalupdate Helper]  =>PUP.Optional.GlobalUpdate

---\\  Summary of the elements found (6)
http://www.nicolascoolman.fr/pup-crossrider/ =>PUP.Optional.CrossRider
http://www.nicolascoolman.fr/blog =>PUP.Optional.Monetization
http://www.nicolascoolman.fr/blog =>Heuristic.Pirrit
http://www.nicolascoolman.fr/blog =>.Superfluous.Uniblue
http://www.nicolascoolman.fr/blog =>PUP.Optional.SpeedUpMyPC
http://www.nicolascoolman.fr/pup-globalupdate/ =>PUP.Optional.GlobalUpdate

---\\  Other deletions. (0)
~ Registry Keys Tracing deleted (0)
~ Remove the old reports ZHPCleaner. (0)

---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

---\\ Statistics
~ Items scanned : 1574
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 21

~ End of clean in 0 minutes
===================

ZHPCleaner-[R]-19112015-05_48_12.txt
ZHPCleaner--19112015-05_41_42.txt
ZHPCleaner--19112015-05_47_04.txt

 

2015.11.19-06.14.38-i0-t4294967295-d9.txt

Zemana AntiMalware 2.18.2.263 (Installed)

-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2015/11/19
Operating System       : Windows 8.1 64-bit
Processor              : 4X Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
BIOS Mode              : Legacy
CUID                   : 009CD0EB71EFF247DCBF45
Scan Type              : Deep Scan
Duration               : 27m 15s
Scanned Objects        : 276418
Detected Objects       : 9
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Hosts File
Status             : Scanned
Object             : %systemroot%\system32\drivers\etc\hosts
MD5                : 3D90E1420C519B92231EC5C9D5E35597
Publisher          : -
Size               : 563
Version            : -
Detection          : Hosts Hijack
Cleaning Action    : Repair
Traces             :
                Hosts File - 127.0.0.1 - yandex.ua
                File - %systemroot%\system32\drivers\etc\hosts

tierbg01.dll
Status             : Scanned
Object             : E:\Steam\tierbg01.dll
MD5                : 2C508C6D3913EEB8CDFED650068F7F9B
Publisher          : -
Size               : 86528
Version            : -
Detection          : Trojan:MSIL/Generic
Cleaning Action    : Quarantine
Traces             :
                File - E:\Steam\tierbg01.dll
                DLL - 3672 - E:\Steam\Steam.exe

speedupmypc.exe
Status             : Scanned
Object             : %appdata%\zhp\quarantine\speedupmypc.exe
MD5                : 2405F4528AFA959884BC30E79C2A832B
Publisher          : Uniblue Systems
Size               : 1338872
Version            : 6.0.9.2
Detection          : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %appdata%\zhp\quarantine\speedupmypc.exe

sp-standalone-setup.exe
Status             : Scanned
Object             : %appdata%\zhp\quarantine\sp-standalone-setup.exe
MD5                : C4B96B9B493698566985F9F9C61612D7
Publisher          : Uniblue Systems
Size               : 542208
Version            : 6.0.9.2
Detection          : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %appdata%\zhp\quarantine\sp-standalone-setup.exe

aff_setup.exe
Status             : Scanned
Object             : %temp%\d997177f-b321-467c-82ca-a9ad98c2ca02\aff_setup.exe
MD5                : 8036ADE0847A1247AA40B722EEFA4394
Publisher          : -
Size               : 158744
Version            : -
Detection          : Adware:Win32/Nevoros.B!Eeea
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\d997177f-b321-467c-82ca-a9ad98c2ca02\aff_setup.exe

speedupmypc.tmp
Status             : Scanned
Object             : %temp%\is-i791i.tmp\speedupmypc.tmp
MD5                : DF3F0ADB52C4E9B438460C87B0F66A50
Publisher          : Uniblue Systems
Size               : 1600896
Version            : 51.1052.0.0
Detection          : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is-i791i.tmp\speedupmypc.tmp

InstallerExtensions.dll
Status             : Scanned
Object             : %temp%\is-dlncg.tmp\installerextensions.dll
MD5                : 7CB51871956A80CB4A93DDCDAC5FADD8
Publisher          : Uniblue Systems
Size               : 114488
Version            : -
Detection          : Scareware:Win32/NonBeneficialWindowsOptimizer!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\is-dlncg.tmp\installerextensions.dll

ICReinstall_winzip19-dl.exe
Status             : Scanned
Object             : %temp%\icreinstall_winzip19-dl.exe
MD5                : D2522CF4F532E201320BE4A5B8BF1B94
Publisher          : WinZip Computing
Size               : 906024
Version            : 0.0.0.0
Detection          : Adware:Win32/InstallCore.Variant!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\icreinstall_winzip19-dl.exe

ICReinstall_winzip19-dl(1).exe
Status             : Scanned
Object             : %temp%\icreinstall_winzip19-dl(1).exe
MD5                : D2522CF4F532E201320BE4A5B8BF1B94
Publisher          : WinZip Computing
Size               : 906024
Version            : 0.0.0.0
Detection          : Adware:Win32/InstallCore.Variant!Sig
Cleaning Action    : Quarantine
Traces             :
                File - %temp%\icreinstall_winzip19-dl(1).exe

Cleaning Result
-------------------------------------------------------
Cleaned               : 9
Reported as safe      : 0
Failed                : 0

FRST_19-11-2015_05-21-07.txt

2015.11.19-06.14.38-i0-t4294967295-d9.txt

[Kris 193]

Install GHOSTERY and block ALL trackers. Use the one in the pic below at the site.

 

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.       

                                                                                                        

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;
startupall;
filesrcm;
autoclean;

 

Click on the button "Options" and check now the options below.
 
Do a Deep Scan
Silent Runners
 

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

 

When you post the log from zoek, I will combine what needs to be removed from Zoek and FRST in one fix. :)

 

Emsisoft Emergency Kit Scan

 

• Download Emsisoft Emergency Kit and save it to your desktop.
• Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
• Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
• Click Yes to update the program, this may take some time
• Click on 2. Scan
• Click Yes to detecting Potentially Unwanted Programs
• Click Malware Scan
• Patiently wait for the thorough scan to complete, this can be a lengthy process
• Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
• Click View Report
• Copy and paste or attach the report to your reply
• Close the program then click Close

[Guest Killer_Beast]

Round two, is it? Great, I'm surprised I haven't heard of this place before, it's great! Here's the log from Zoek, along with Emsisoft. Huh, that's interesting. It seems Emsisoft detected that little registry value for disabling task manager, the one I referred to earlier.

 

zoek-results.txt

Zoek.exe v5.0.0.1 Updated 18-November-2015
Tool run by tomi on Thu 11/19/2015 at  7:44:54.84.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\tomi\Downloads\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== System Restore Info ======================

11/19/2015 7:46:37 AM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
 
127.0.0.1       localhost

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\Users\tomi\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\tomi\AppData\Local\EmieSiteList deleted successfully
C:\Users\tomi\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\tomi\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
e:\games\warcraft iii\war3.exe

==== Deleting Services ======================

==== FireFox Fix ======================

ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\hgfoqh2d.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20151119_0759_.backup

ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default

user.js not found
---- Lines aWQNKK59573794WAYA30227232com72523 removed from prefs.js ----
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.InstallationThankYouPage", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.InstallationTime", 1435792103);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.WQNKK59573794@WAYA30227232.comaWQNKK59573794WAYA30227232com72523_dbWasSet", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.WQNKK59573794@WAYA30227232.comaWQNKK59573794WAYA30227232com72523_dbWasSet_FF25_FIX", tr
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.WQNKK59573794@WAYA30227232.comasyncdb_dbWasSet", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.WQNKK59573794@WAYA30227232.comasyncdb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.WQNKK59573794@WAYA30227232.comasyncinternaldb_dbWasSet", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.WQNKK59573794@WAYA30227232.comasyncinternaldb_dbWasSet_FF25_FIX", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.active", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.addressbar", "NA");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.addressbarenhanced", "");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.asyncdb.was_copied", "true");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.asyncinternaldb.was_copied", "true");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.backgroundver", 8);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.certdomaininstaller", "");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.changeprevious", false);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Summer Tim
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.cookie.InstallationTime.value", "%221435792103%22");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Summer Time
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22002858%22%2C%22sub_id%22%3A%22v
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.domain", "");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.enablesearch", false);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.homepage", "");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.iframe", false);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Su
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22f2143a989c865f7ffc
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Summer
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22002858%22%2C%22sub_id%22%3A
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Su
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22002858%22%2C%22sub_id%
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+020
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%22f2143a989
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Summer
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_appVer.value", "78");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB S
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_lastVersion.value", "1");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Summer T
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_meta.value", "%7B%7D");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_nextCheck.expiration", "Thu Jul 02 2015 08:16:42 GMT+0300 (GTB Sta
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_nextCheck.value", "true");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Summer
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.Resources_queue.value", "%7B%7D");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Sum
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.__defualt_browser__.value", "%22ff%22");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb._installer_additional_info.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb._installer_additional_info.value", "%7B%22asw%22%3A%5B67108864%2C-2147483644
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0200 (GTB Summer Time)"
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.reporting_user_key_index.expiration", "Sun Jun 29 2025 02:16:42 GMT+0300 (GT
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.internaldb.reporting_user_key_index.value", "260");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.lastDailyReport", "1435792600668");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.lastUpdate", "1435792600546");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.manifesturl", "");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.newtab", "");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.opensearch", "");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.pluginsurl", "http://js.globalmaxwin.com/plugin/apps/72523/plugins/na/ff/plugins.json")
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.pluginsversion", 66);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.publisher", "NewPlayerVideo+");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.searchstatus", 0);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.setnewtab", false);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.thankyou", "");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.updateinterval", 360);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.72523.ver", 78);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.apps", "72523");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.bic", "14e4be8635ba50ae2e9a6376775c12f7");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.cid", 72523);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.firstrun", false);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.hadappinstalled", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.installationdate", 1435792598);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.installerAdditionalInfo", "{\"asw\":[67108864, -2147483644, 553648128, 256],\"browser_name\":
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.modetype", "production");
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.reportInstall", true);
user_pref("extensions.aWQNKK59573794WAYA30227232com72523.statsDailyCounter", 1);
---- FireFox user.js and prefs.js backups ----

prefs_20151119_0759_.backup

ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\ycil4qxg.default-1447878131954

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20151119_0759_.backup

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\Users\tomi\AppData\Local\Unity deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\tomi\AppData\LocalLow\Unity deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\hgfoqh2d.default\jetpack deleted
C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\firefox@ghostery.com.xpi deleted
C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\jetpack deleted
C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\{F0B1CEAC-7C0D-407c-B25E-623D7CBECCCB} deleted
"C:\Users\tomi\AppData\Roaming\ZsfnGqc44e" deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8089 MB
CPU Info: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
CPU Speed: 2419.1 MHz
Sound Card: Speakers (USB PnP Sound Device) |
Speakers (Conexant SmartAudio H |
Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | Intel(R) HD Graphics Family
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter | Qualcomm Atheros AR956x Wireless Network Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: PLDS    DVD-RW DA8A5SH
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  466.5GB | E:  464.7GB
Hard Disks - Free: C:  334.6GB | E:  6.9GB
Manufacturer *: LENOVO
BIOS Info: AT/AT COMPATIBLE | 01/24/14 | LENOVO - 1
Time Zone: GMT Standard Time
Motherboard *: LENOVO Lancer 5A5
Country: United States
Language: ENU

==== System Specs (Software) ======================

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Default Browser: Firefox    42.0
Internet Explorer Version: 11.0.9600.18098
Mozilla Firefox version: 42.0 (x86 en-US)
Google Chrome version: 46.0.2490.86
Adobe Reader version: 11.0.13.17
Sun Java version: 1.8.0_31 (32-bit)
Sun Java version: 1.8.0_31 (64-bit)
Flash Player version: 19.0.0.245

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2015-11-19 06:14:18    7A9EDD4C15EFCB9E383C1DF6864D2921    7381861    ----a-w-    C:\Windows\ZAM.krnl.trace
2015-11-19 06:14:18    3A27208F9255BB58910AF3F9A476B363    695    ----a-w-    C:\Windows\ZAM_Guard.krnl.trace
====== C:\Users\tomi\AppData\Local\Temp ====
2015-11-19 03:28:39    E0DC8C6BBC787B972A9A468648DBFD85    1008128    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\libiconv2.dll
2015-11-19 03:28:39    D202BAA425176287017FFE1FB5D1B77C    103424    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\libintl3.dll
2015-11-19 03:28:39    BD59D8A4565D1D1AB3C7CF81948C8DBE    86840    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\CreateRestorePoint.exe
2015-11-19 03:28:39    57CAC848FA14AE38F14F9441F8933282    140288    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\pcre3.dll
2015-11-19 03:28:39    547C43567AB8C08EB30F6C6BACB479A3    79360    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\regex2.dll
2015-11-19 03:28:39    2F9C7FDA92C346CB5AA32091536AE0CB    43520    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\nfo\nircmdc.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-11-19 05:22:05    53CDBB093B0AEE9FD6CF1CBD25A95077    290304    ----a-w-    C:\Windows\SysWOW64\subinacl.exe
2015-11-13 21:48:11    5D67741EB7DD6A37FCAF2C607FF498E7    15121784    ----a-w-    C:\Windows\SysWOW64\nvwgf2um.dll
2015-11-13 21:48:10    F9946F032F6A954B180AD157208F5DCC    155792    ----a-w-    C:\Windows\SysWOW64\nvinit.dll
2015-11-13 21:48:10    3F8B1328AE09F77463C85AB89944D204    13527248    ----a-w-    C:\Windows\SysWOW64\nvopencl.dll
2015-11-13 21:48:09    FBADADF4557389254049190216B4BA5C    2490488    ----a-w-    C:\Windows\SysWOW64\nvcuvid.dll
2015-11-13 21:48:09    F564D685B304421911B3AEAC9B8638F2    12770752    ----a-w-    C:\Windows\SysWOW64\nvd3dum.dll
2015-11-13 21:48:09    EC082927EE84853D991477035011A1A0    369272    ----a-w-    C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-11-13 21:48:09    CBFB28231AFE2AAADBB0896C9551299B    689272    ----a-w-    C:\Windows\SysWOW64\NvFBC.dll
2015-11-13 21:48:09    BDDED8AD82C36B317AD175758769E6C2    12034248    ----a-w-    C:\Windows\SysWOW64\nvcuda.dll
2015-11-13 21:48:09    9706DEA97BD2EEAE37A4A6ABDD853324    422240    ----a-w-    C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-11-13 21:48:09    6C85994C4B4094FADCA08016E95A4CA2    673912    ----a-w-    C:\Windows\SysWOW64\NvIFR.dll
2015-11-13 21:48:09    115B54ADAD34C67E7D1A573F9CD6C027    37882488    ----a-w-    C:\Windows\SysWOW64\nvcompiler.dll
2015-11-11 10:39:07    AD89E4F50EA593ED82784E647D6478CF    803328    ----a-w-    C:\Windows\SysWOW64\kerberos.dll
2015-11-11 10:39:04    DDFA49437E3A0EA81AECE3C384646768    359424    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2015-11-11 10:39:04    1251205D2999D9B20EB19E08681065A0    91416    ----a-w-    C:\Windows\SysWOW64\ncryptsslp.dll
2015-11-11 10:39:03    816CD860AD69204C5A7F447234BBA0A4    120376    ----a-w-    C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 10:39:03    4164DA5300F98AD06DB6C7CEE7ED3EE0    340872    ----a-w-    C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 10:39:03    2FC5CBABD96D822BA2C880D2B287AEC5    324096    ----a-w-    C:\Windows\SysWOW64\certcli.dll
2015-11-11 10:38:29    0A69C92E5D0320923D44576D0B4FBBE2    721920    ----a-w-    C:\Windows\SysWOW64\wuapi.dll
2015-11-11 10:38:28    D0FFF94F52DA69495C53F1DB254B2A0A    124928    ----a-w-    C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 10:38:28    86EA09D166870771FF1989671E02B8C3    81920    ----a-w-    C:\Windows\SysWOW64\wudriver.dll
2015-11-11 10:38:28    8206C83F1FB7D8DB8BF5040BD9E674DB    29696    ----a-w-    C:\Windows\SysWOW64\wuapp.exe
2015-11-11 10:37:37    F96956BBED66937350B360497AAA4EE2    507392    ----a-w-    C:\Windows\SysWOW64\untfs.dll
2015-11-11 10:37:32    BD79285BF1821B8EB313F5BE4C1A30C7    367104    ----a-w-    C:\Windows\SysWOW64\puiobj.dll
2015-11-11 10:37:26    668AF48D5010DE968952BB4A8EEB6744    1096704    ----a-w-    C:\Windows\SysWOW64\gdi32.dll
2015-11-11 10:37:22    D49701891D475F61B23BA4DBEF6E71EC    20331520    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2015-11-11 10:37:16    7B2F5324F28C71D69BC087E27B0BE7AE    12854272    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2015-11-11 10:37:14    ECB3E36B098F8C9BE9DFD6CF38BDBE69    663552    ----a-w-    C:\Windows\SysWOW64\jscript.dll
2015-11-11 10:37:14    9A555780545211BD2DD89575088C39F4    2279936    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2015-11-11 10:37:14    832CA97817B20B74E2D74A8154630311    2011136    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2015-11-11 10:37:14    25E81C8C9AE6251F472AD3677DE829E0    1311744    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2015-11-11 10:37:13    91220E779EDE9C3511C42ECDAA58192B    504832    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2015-11-11 10:37:13    7FA7A377F32A3D8F2EE4128CF127EB93    710144    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 10:37:13    5AAEB88DF7F09677E9C8C849D4915132    4527616    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2015-11-11 10:37:13    51745A1639D4181E6EBA1F173B4E6584    880128    ----a-w-    C:\Windows\SysWOW64\inetcomm.dll
2015-11-11 10:37:13    2F898AFA929824861737488746FD5B47    689152    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 10:37:04    AEC3471F4ABB8E13B5246E93A8FA98AB    561664    ----a-w-    C:\Windows\SysWOW64\nshwfp.dll
2015-11-11 10:37:04    66BA7437F48833EA0D8F10EE1E7A43AA    272384    ----a-w-    C:\Windows\SysWOW64\FWPUCLNT.DLL
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-11-13 21:48:11    49C514EB6144C5C29671DF8D41A4628A    17515208    ----a-w-    C:\Windows\Sysnative\nvwgf2umx.dll
2015-11-13 21:48:10    D60CB1BCBBDA6132F2B20E3352835634    177600    ----a-w-    C:\Windows\Sysnative\nvinitx.dll
2015-11-13 21:48:10    B0A89D46A41F77B88DCD74E62F6CF16E    22308656    ----a-w-    C:\Windows\Sysnative\nvoglv64.dll
2015-11-13 21:48:10    8210ED047E55F8401928FD974BEF2B4C    16553568    ----a-w-    C:\Windows\Sysnative\nvopencl.dll
2015-11-13 21:48:09    FED867822D206FA0F13A53437B0E4A71    413816    ----a-w-    C:\Windows\Sysnative\NvIFROpenGL.dll
2015-11-13 21:48:09    C3FB32FCB983E4ADBD50E7D5F7191797    1564792    ----a-w-    C:\Windows\Sysnative\nvdispgenco6435891.dll
2015-11-13 21:48:09    9EB2D77449703AA31975D6F21FF03EB3    877360    ----a-w-    C:\Windows\Sysnative\NvFBC64.dll
2015-11-13 21:48:09    90C433059604C0DB27BE123DAC2EC142    15717864    ----a-w-    C:\Windows\Sysnative\nvd3dumx.dll
2015-11-13 21:48:09    866511985CEDFAC8531EA3AAD038F8DA    1905272    ----a-w-    C:\Windows\Sysnative\nvdispco6435891.dll
2015-11-13 21:48:09    6E21AC37938DAEF88D455399948952CC    14835872    ----a-w-    C:\Windows\Sysnative\nvcuda.dll
2015-11-13 21:48:09    68630A91680DB848BD8663689E049CBB    2870392    ----a-w-    C:\Windows\Sysnative\nvcuvid.dll
2015-11-13 21:48:09    34158A1F3384444BACD0C155999466DB    861816    ----a-w-    C:\Windows\Sysnative\NvIFR64.dll
2015-11-13 21:48:09    0F148B4B7EDBA70B362F0DA26492253D    42914096    ----a-w-    C:\Windows\Sysnative\nvcompiler.dll
2015-11-13 21:48:09    081982C8E4B02B9F76F6EFB24EF6EFD2    500872    ----a-w-    C:\Windows\Sysnative\nvEncodeAPI64.dll
2015-11-11 10:39:07    72350EBADEF82F8B3587D57C3711408B    990208    ----a-w-    C:\Windows\Sysnative\kerberos.dll
2015-11-11 10:39:06    926C753C058B5E589CF38AAC72166702    414559    ----a-w-    C:\Windows\Sysnative\ApnDatabase.xml
2015-11-11 10:39:04    F870427E908CCDE2C2DD22E23AAA383D    1441280    ----a-w-    C:\Windows\Sysnative\lsasrv.dll
2015-11-11 10:39:04    B8E00D5F2EE6AB7FA96C3A1C18535AC9    106952    ----a-w-    C:\Windows\Sysnative\ncryptsslp.dll
2015-11-11 10:39:04    AD58532512F0257BF1E85E7D678F162E    397224    ----a-w-    C:\Windows\Sysnative\bcryptprimitives.dll
2015-11-11 10:39:04    8C08E7FA48A04A163EAEBCBDE683C36C    137960    ----a-w-    C:\Windows\Sysnative\ncrypt.dll
2015-11-11 10:39:04    03A24C438626230DD55BA36654871626    432640    ----a-w-    C:\Windows\Sysnative\schannel.dll
2015-11-11 10:39:03    5ED15CB77AEFBF89634BA6E165484467    445440    ----a-w-    C:\Windows\Sysnative\certcli.dll
2015-11-11 10:38:40    1708E23F8FC2DDE8560A6EC60D942935    183368    ----a-w-    C:\Windows\Sysnative\AuthHost.exe
2015-11-11 10:38:39    83768EB0A0B48F4F5F28045830E16D6C    7455064    ----a-w-    C:\Windows\Sysnative\ntoskrnl.exe
2015-11-11 10:38:38    9794010486A884C30555AD6B33C50382    1487008    ----a-w-    C:\Windows\Sysnative\winresume.efi
2015-11-11 10:38:38    4CA91F030529AB0F3924BD412695B71C    1659560    ----a-w-    C:\Windows\Sysnative\winload.efi
2015-11-11 10:38:38    3DA758220C9058C5CCE8173B0F1C702A    1355848    ----a-w-    C:\Windows\Sysnative\winresume.exe
2015-11-11 10:38:38    378E3D622D254A881FF069E6621C876E    1519592    ----a-w-    C:\Windows\Sysnative\winload.exe
2015-11-11 10:38:29    D25E41F7C25C719884757B6719341B0E    140288    ----a-w-    C:\Windows\Sysnative\wuwebv.dll
2015-11-11 10:38:29    9B0C03B87042841F0CADB56543041A6D    409088    ----a-w-    C:\Windows\Sysnative\WUSettingsProvider.dll
2015-11-11 10:38:29    865BDE0984C7794800A582D70F186AFE    136904    ----a-w-    C:\Windows\Sysnative\wuauclt.exe
2015-11-11 10:38:29    72C73AB9D76D70D5B006D35BF3B45EF6    2243072    ----a-w-    C:\Windows\Sysnative\wucltux.dll
2015-11-11 10:38:29    4BD3138EF061E24F9FDC722B49274B40    3705856    ----a-w-    C:\Windows\Sysnative\wuaueng.dll
2015-11-11 10:38:29    0D05B5D7D0E6D97EC97D2241B221A254    891904    ----a-w-    C:\Windows\Sysnative\wuapi.dll
2015-11-11 10:38:28    77C6AE7161C294C6DA99A672D97554B8    95744    ----a-w-    C:\Windows\Sysnative\wudriver.dll
2015-11-11 10:38:28    108458AAA3B4E6DA4609743263F6B4CE    35840    ----a-w-    C:\Windows\Sysnative\wuapp.exe
2015-11-11 10:37:37    57C10952ED978E2BF24D904B291C8C0C    558080    ----a-w-    C:\Windows\Sysnative\untfs.dll
2015-11-11 10:37:34    C3838F0B943E21CB254568AD76C4E970    1091584    ----a-w-    C:\Windows\Sysnative\localspl.dll
2015-11-11 10:37:33    704A9947D4A8323FA8B1508340B3A27E    477184    ----a-w-    C:\Windows\Sysnative\puiobj.dll
2015-11-11 10:37:25    23E9833ADB8D04EBCCCC5BD28E072ACE    1380048    ----a-w-    C:\Windows\Sysnative\gdi32.dll
2015-11-11 10:37:23    67D3A8E2F5DECD6B6F7194BBF58696E6    25818624    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2015-11-11 10:37:17    1DF0E083D4D067B5798504CC3009F21C    14457856    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2015-11-11 10:37:15    7EFA2CD22DB05CBC41FF77E16431EF3B    5990912    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2015-11-11 10:37:14    FBF2564A3F45F69A5D56D30129635691    817664    ----a-w-    C:\Windows\Sysnative\jscript.dll
2015-11-11 10:37:14    B9DFC06F70545E14A0704698FBD9F926    2886656    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2015-11-11 10:37:14    08D283FD8FEC1B45932783E8640C700F    1547264    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2015-11-11 10:37:14    033E70DEEE5FED5E9A3E197A2DB1A618    2487808    ----a-w-    C:\Windows\Sysnative\wininet.dll
2015-11-11 10:37:13    DC1AE8930979FCDC137F44B848556439    801280    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2015-11-11 10:37:13    95F3687EF1486833AC713A23C671B397    720896    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2015-11-11 10:37:13    82DCCAEDD8E994AC48A61102AC9FFF36    1032704    ----a-w-    C:\Windows\Sysnative\inetcomm.dll
2015-11-11 10:37:13    5EE8E2E6BFFC9DA9D816A62B904116CD    585728    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2015-11-11 10:37:13    1275AFB2B4E55172F0AE939311F95468    800768    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2015-11-11 10:37:05    1351BB1EBB3D5CD7BA6BA0469EC690E8    4176384    ----a-w-    C:\Windows\Sysnative\win32k.sys
2015-11-11 10:37:04    AF8A43C376F83A4A1E7DA16461EDE114    1083904    ----a-w-    C:\Windows\Sysnative\IKEEXT.DLL
2015-11-11 10:37:04    8F2AD111B47A190F325EE7495D3C1803    845312    ----a-w-    C:\Windows\Sysnative\BFE.DLL
2015-11-11 10:37:04    4D3905777E83DA8C466344797F02EBA5    422400    ----a-w-    C:\Windows\Sysnative\FWPUCLNT.DLL
2015-11-11 10:37:04    2DA8D165A37833EF0C60FEC24D4DF66A    713216    ----a-w-    C:\Windows\Sysnative\nshwfp.dll
====== C:\Windows\Sysnative\drivers =====
2015-11-19 06:14:13    E5F8FCDFB52155ED4DFFD8A205B3D091    199536    ----a-w-    C:\Windows\Sysnative\drivers\zamguard64.sys
2015-11-19 06:14:13    E5F8FCDFB52155ED4DFFD8A205B3D091    199536    ----a-w-    C:\Windows\Sysnative\drivers\zam64.sys
2015-11-13 21:48:10    EE8EED1E2625FC3C96633D1141D4F70F    11130488    ----a-w-    C:\Windows\Sysnative\drivers\nvlddmkm.sys
2015-11-12 11:47:06    7F79205B4EFA98F0767309479C8C01C6    45680    ---ha-w-    C:\Windows\Sysnative\drivers\Hamdrv.sys
2015-11-11 10:39:08    E0BD2D83875464FEEEB242CBA8B7E073    108032    ----a-w-    C:\Windows\Sysnative\drivers\tdx.sys
2015-11-11 10:39:08    A460C3AF3755A2A79A3C8EFE72E147B5    559616    ----a-w-    C:\Windows\Sysnative\drivers\afd.sys
2015-11-11 10:39:03    EE16457030175F449BAB0ABD279F4B6A    202240    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb20.sys
2015-11-11 10:39:03    89DE71940A0E7F5BA617AE08321EF5C3    401408    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb.sys
2015-11-11 10:39:03    35C19AF2116F67914712D7C4CBE47B8C    177496    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
2015-11-11 10:39:03    0DE32A0BB1FE2A773666572F79584520    561952    ----a-w-    C:\Windows\Sysnative\drivers\cng.sys
2015-11-11 10:37:35    E85916632CD3B9E9B546968DB950BF42    154112    ----a-w-    C:\Windows\Sysnative\drivers\tunnel.sys
2015-11-11 10:37:29    80A2FC1A089A71F2DBE5D8394FFB009F    155480    -c--a-w-    C:\Windows\Sysnative\drivers\tpm.sys
2015-11-11 10:37:04    715ABA3DD164D06457A2A3C92F6EA9D5    136512    ----a-w-    C:\Windows\Sysnative\drivers\wfplwfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-11-19 03:57:08    --------    d-----w-    C:\Program Files\HitmanPro
2015-10-22 23:00:29    --------    d-----w-    C:\Program Files\iPod
2015-10-22 23:00:28    --------    d-----w-    C:\Program Files\iTunes
======= C:\PROGRA~2 =====
2015-11-19 06:14:07    --------    d-----w-    C:\PROGRA~2\Zemana AntiMalware
2015-11-19 05:22:05    --------    d-----w-    C:\PROGRA~2\Adware Removal Tool by TSA
2015-11-18 18:38:28    --------    d-----w-    C:\PROGRA~2\LogMeIn Hamachi
2015-11-10 13:44:13    --------    d-----w-    C:\PROGRA~2\Xiph.Org
2015-10-22 23:00:30    --------    d-----w-    C:\PROGRA~2\iTunes
======= C: =====
====== C:\Users\tomi\AppData\Roaming ======
2015-11-19 06:14:13    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Zemana
2015-11-19 06:07:11    --------    d-----w-    C:\Users\tomi\AppData\Local\Zemana
2015-11-19 05:36:04    --------    d-----w-    C:\Users\tomi\AppData\Roaming\ZHP
2015-11-19 03:37:07    --------    d-----w-    C:\Users\tomi\AppData\Roaming\3909
2015-11-13 21:36:45    --------    d-----w-    C:\Users\tomi\AppData\Local\Fallout4
2015-11-09 01:29:22    --------    d-----w-    C:\Windows\serviceprofiles\networkservice\AppData\Local\CrashDumps
2015-10-23 20:28:51    --------    d-----w-    C:\Users\tomi\AppData\Local\BIT.TRIP BEAT
====== C:\Users\tomi ======
2015-11-19 06:14:12    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-11-19 06:06:51    6EC88F8C75D2E27CD553F0A4AEDBAEAA    5278464    ----a-w-    C:\Users\tomi\Downloads\Zemana.AntiMalware.Setup.exe
2015-11-19 05:35:54    340A70DE1735B0E34896043D2CF41097    1897984    ----a-w-    C:\Users\tomi\Downloads\ZHPCleaner.exe
2015-11-19 05:21:42    4BABA237C439E9D19D1F9C119FB1BD9B    700584    ----a-w-    C:\Users\tomi\Downloads\Adware_Removal_Tool_by_TSA.exe
2015-11-19 05:18:54    4E8CE25751CC24FFFDFBF6586886BA9A    2008576    ----a-w-    C:\Users\tomi\Downloads\FRST64.exe
2015-11-19 03:57:08    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-11-19 03:56:48    --------    d-----w-    C:\ProgramData\HitmanPro
2015-11-19 03:56:31    D0D9D92C856DD75FFFC1559CE404C5DD    11337112    ----a-w-    C:\Users\tomi\Downloads\HitmanPro_x64.exe
2015-11-19 03:28:28    03C732FDEC2F9856DE7338078CE5383B    1599080    ----a-w-    C:\Users\tomi\Downloads\JRT.exe
2015-11-19 02:21:25    3BC8A1F156BCB1EBB190418FCDA4739D    1732096    ----a-w-    C:\Users\tomi\Downloads\adwcleaner_5.021.exe
2015-11-18 20:35:27    456FD750BA7349202281AF7729ECD987    2019656    ----a-w-    C:\Users\tomi\Downloads\rkill.com
2015-11-18 20:22:17    --------    d-----w-    C:\Users\Old Firefox Data\xdm075yn.default
2015-11-18 20:18:09    --------    d-----w-    C:\Users\Mozilla\Firefox
2015-11-18 20:18:09    --------    d-----w-    C:\Users\Mozilla\Extensions
2015-11-18 18:38:29    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-11-10 13:44:19    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xiph.Org
2015-11-10 13:43:24    603BDE5C260582C7E9DDD832D54FCE9A    2653944    ----a-w-    C:\Users\tomi\Downloads\opencodecs_0.85.17777.exe
2015-10-22 23:02:28    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-10-22 23:01:18    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

====== C: exe-files ==
2015-11-19 06:14:08    CFF5438327FC78997DD41FE85E0928C2    12709688    ----a-w-    C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
2015-11-19 06:14:07    1BB81FB030D139385EF4970C98249557    1186992    ----a-w-    C:\Program Files (x86)\Zemana AntiMalware\unins000.exe
2015-11-19 06:06:51    6EC88F8C75D2E27CD553F0A4AEDBAEAA    5278464    ----a-w-    C:\Users\tomi\Downloads\Zemana.AntiMalware.Setup.exe
2015-11-19 05:36:04    340A70DE1735B0E34896043D2CF41097    1897984    ----a-w-    C:\Users\tomi\AppData\Roaming\ZHP\ZHPCleaner.exe
2015-11-19 05:35:54    340A70DE1735B0E34896043D2CF41097    1897984    ----a-w-    C:\Users\tomi\Downloads\ZHPCleaner.exe
2015-11-19 05:22:05    53CDBB093B0AEE9FD6CF1CBD25A95077    290304    ----a-w-    C:\Windows\SysWOW64\subinacl.exe
2015-11-19 05:21:42    4BABA237C439E9D19D1F9C119FB1BD9B    700584    ----a-w-    C:\Users\tomi\Downloads\Adware_Removal_Tool_by_TSA.exe
2015-11-19 05:18:54    4E8CE25751CC24FFFDFBF6586886BA9A    2008576    ----a-w-    C:\Users\tomi\Downloads\FRST64.exe
2015-11-19 03:57:09    F08C53D4BAE5840B3FA835105EA254A6    127752    ----a-w-    C:\Program Files\HitmanPro\hmpsched.exe
2015-11-19 03:57:08    D0D9D92C856DD75FFFC1559CE404C5DD    11337112    ----a-w-    C:\Program Files\HitmanPro\HitmanPro.exe
2015-11-19 03:56:31    D0D9D92C856DD75FFFC1559CE404C5DD    11337112    ----a-w-    C:\Users\tomi\Downloads\HitmanPro_x64.exe
2015-11-19 03:28:39    BD59D8A4565D1D1AB3C7CF81948C8DBE    86840    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\CreateRestorePoint.exe
2015-11-19 03:28:39    2F9C7FDA92C346CB5AA32091536AE0CB    43520    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\nfo\nircmdc.exe
2015-11-19 03:28:28    03C732FDEC2F9856DE7338078CE5383B    1599080    ----a-w-    C:\Users\tomi\Downloads\JRT.exe
2015-11-19 02:21:25    3BC8A1F156BCB1EBB190418FCDA4739D    1732096    ----a-w-    C:\Users\tomi\Downloads\adwcleaner_5.021.exe
2015-11-18 16:57:32    AB2F65520968B9D4FDBD02DF9CB94D43    6874520    ----a-w-    C:\Users\tomi\AppData\Local\NVIDIA\NvBackend\Packages\000082e4\DAO.20179893.exe
2015-11-18 12:33:02    613709CE116968518CD601B5594D027E    630200    ----a-w-    C:\Users\tomi\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
2015-11-18 12:32:58    AD0B739CA663E3D88B0BA856B7DAFA8C    172984    ----a-w-    C:\Users\tomi\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\OAWrapper.exe
2015-11-14 21:46:15    F9DF93BF8EE508F5F757E61484EEF1F4    23804296    ----a-w-    C:\Users\tomi\AppData\Local\NVIDIA\NvBackend\Packages\00008272\vops-fallout_4.20151512.exe
2015-11-14 21:46:15    577F42E52A1648C579650BA8549A1D0C    421336    ----a-w-    C:\Users\tomi\AppData\Local\NVIDIA\NvBackend\Packages\00008275\streaming-assets-fallout_4.20151654.exe
2015-11-14 21:46:10    41F9238288CC12C50A5026A504BCC9CC    354416    ----a-w-    C:\Users\tomi\AppData\Local\NVIDIA\NvBackend\Packages\00008245\DRS update.20141141.exe
2015-11-13 21:48:09    16E321F4A0AB5A7BC4484977970DCC2A    94929456    ----a-w-    C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{12C9BAB7-146C-4D68-8B69-3BA1F54D149C}\NvCplSetupInt.exe
2015-11-13 21:48:09    09E60A5F36C948C554A285E833094888    449328    ----a-w-    C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{12C9BAB7-146C-4D68-8B69-3BA1F54D149C}\dbInstaller.exe
2015-11-13 21:48:09    09E60A5F36C948C554A285E833094888    449328    ----a-w-    C:\Program Files\NVIDIA Corporation\Drs\dbInstaller.exe
2015-11-13 21:47:29    E4814E148EB1A44855252025D9A12C69    1873696    ----a-w-    C:\Program Files\NVIDIA Corporation\Installer2\installer.{9F6B913D-BE3D-4666-B2E7-3D1C0BBD82AD}\NVNetworkService.exe
2015-11-13 21:41:57    E4814E148EB1A44855252025D9A12C69    1873696    ----a-w-    C:\Program Files\NVIDIA Corporation\Installer2\installer.{75F1E7B1-9402-4DB5-B175-8FBACBB97D4E}\NVNetworkService.exe
2015-11-12 22:10:04    F4146736CFD035154A089BC0DD81E1D0    970832    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{348F472C-DBD3-4809-8843-2D5010739F4A}\46.0.2490.86_46.0.2490.80_chrome_updater.exe
2015-11-12 22:10:03    F4146736CFD035154A089BC0DD81E1D0    970832    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\46.0.2490.86\46.0.2490.86_46.0.2490.80_chrome_updater.exe
2015-11-12 11:51:06    E5255D63DD01AA9F1CC4355FE366E2D3    5565448    ----a-w-    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
2015-11-12 11:51:04    C0EF69A59C13D9204D1D70434AA3D00C    2546184    ----a-w-    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
2015-11-12 11:47:50    D6BF6FD055BD719F3D62E51B90857159    417552    ----a-w-    C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
=== C: other files ==
2015-11-19 06:14:13    E5F8FCDFB52155ED4DFFD8A205B3D091    199536    ----a-w-    C:\Windows\System32\drivers\zamguard64.sys
2015-11-19 06:14:13    E5F8FCDFB52155ED4DFFD8A205B3D091    199536    ----a-w-    C:\Windows\System32\drivers\zam64.sys
2015-11-19 03:28:38    A46C3A72C949F8D4E388BF70ED1F5B91    118507    ----a-w-    C:\Users\tomi\AppData\Local\Temp\jrt\get.bat
2015-11-18 20:35:27    456FD750BA7349202281AF7729ECD987    2019656    ----a-w-    C:\Users\tomi\Downloads\rkill.com
2015-11-18 20:25:29    EDDEDBEE6F0AD19746DAAC7B2D12DB7E    658836    ----a-w-    C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
2015-11-18 20:25:29    B671E28F8EA0F417E697ECF759BF62FA    660557    ----a-w-    C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\jid1-tHrhDJXsKvsiCw@jetpack.xpi
2015-11-18 20:25:29    AABDE142299853C2B551B54D97720D29    967685    ----a-w-    C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-11-18 20:25:29    A4C9C6486CFD24AAD1C97B3CCAD5C984    243496    ----a-w-    C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
2015-11-18 20:25:29    410DEF35ABED7E80B1B94279F1D2C74D    714654    ----a-w-    C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
2015-11-18 20:25:29    28C43A0237520D36689B8C54EF6E137B    282569    ----a-w-    C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
2015-11-18 20:22:18    FD65833F69B58EBE0AE9BF24F73C330A    216359    ----a-w-    C:\Users\Old Firefox Data\xdm075yn.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
2015-11-18 20:22:18    EDDEDBEE6F0AD19746DAAC7B2D12DB7E    658836    ----a-w-    C:\Users\Old Firefox Data\xdm075yn.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
2015-11-18 20:22:18    B671E28F8EA0F417E697ECF759BF62FA    660557    ----a-w-    C:\Users\Old Firefox Data\xdm075yn.default\extensions\jid1-tHrhDJXsKvsiCw@jetpack.xpi
2015-11-18 20:22:18    AABDE142299853C2B551B54D97720D29    967685    ----a-w-    C:\Users\Old Firefox Data\xdm075yn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-11-18 20:22:18    A4C9C6486CFD24AAD1C97B3CCAD5C984    243496    ----a-w-    C:\Users\Old Firefox Data\xdm075yn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
2015-11-18 20:22:18    410DEF35ABED7E80B1B94279F1D2C74D    714654    ----a-w-    C:\Users\Old Firefox Data\xdm075yn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
2015-11-18 20:22:18    28C43A0237520D36689B8C54EF6E137B    282569    ----a-w-    C:\Users\Old Firefox Data\xdm075yn.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
2015-11-18 20:18:41    FD65833F69B58EBE0AE9BF24F73C330A    216359    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\OneClickDownloader@OneClickDownloader.com.xpi
2015-11-18 20:18:41    EDDEDBEE6F0AD19746DAAC7B2D12DB7E    658836    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
2015-11-18 20:18:41    B671E28F8EA0F417E697ECF759BF62FA    660557    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\jid1-tHrhDJXsKvsiCw@jetpack.xpi
2015-11-18 20:18:41    AABDE142299853C2B551B54D97720D29    967685    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-11-18 20:18:41    A4C9C6486CFD24AAD1C97B3CCAD5C984    243496    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
2015-11-18 20:18:41    410DEF35ABED7E80B1B94279F1D2C74D    714654    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
2015-11-18 20:18:41    28C43A0237520D36689B8C54EF6E137B    282569    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\xdm075yn.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
2015-11-18 20:18:27    EDDEDBEE6F0AD19746DAAC7B2D12DB7E    658836    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\hgfoqh2d.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
2015-11-18 20:18:27    AABDE142299853C2B551B54D97720D29    967685    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\hgfoqh2d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2015-11-18 20:18:27    3239E91553648989B70A5C5CFF1AFE52    731942    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\hgfoqh2d.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
2015-11-18 20:18:27    05C9EB0FE1DE27D324DD63851084DD8C    293729    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\hgfoqh2d.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
2015-11-18 20:18:27    001E21A23FF1E4C05D8624EFE136CECF    300373    ----a-w-    C:\Users\Mozilla\Firefox\Profiles\hgfoqh2d.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
2015-11-13 21:48:10    EE8EED1E2625FC3C96633D1141D4F70F    11130488    ----a-w-    C:\Windows\System32\drivers\nvlddmkm.sys
2015-11-13 21:42:25    9D9CAD70EA640AB8D3EB77BFAE6CABE2    28344    ----a-w-    C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{035DDA8F-8526-4415-BB08-14796EA2E1C5}\NVSWCFilter64.sys
2015-11-13 21:42:25    7ABD081BB7A1A8CF7E3B1E64183AB812    24760    ----a-w-    C:\Program Files\NVIDIA Corporation\Installer2\ShieldWirelessController.{035DDA8F-8526-4415-BB08-14796EA2E1C5}\NVSWCFilter32.sys
2015-11-13 21:42:22    C2A9985C97DF5946AEAE7C001625410C    44840    ----a-w-    C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{C70E1DCF-68D6-4AB1-9872-6E179BE6C51F}\nvvad32v.sys
2015-11-13 21:42:22    35DFC12FD7E44B7CB8CCD7E5A2B3975A    50472    ----a-w-    C:\Program Files\NVIDIA Corporation\Installer2\VirtualAudio.Driver.{C70E1DCF-68D6-4AB1-9872-6E179BE6C51F}\nvvad64v.sys
2015-11-12 11:51:00    3899411067CB5BB68ACC855025C14A4E    34720    ---ha-w-    C:\Program Files (x86)\LogMeIn Hamachi\hamachi.sys
2015-11-12 11:47:06    7F79205B4EFA98F0767309479C8C01C6    45680    ---ha-w-    C:\Windows\System32\drivers\Hamdrv.sys
2015-11-12 11:47:06    7F79205B4EFA98F0767309479C8C01C6    45680    ---ha-w-    C:\Program Files (x86)\LogMeIn Hamachi\hamdrv.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-435174368-2995637555-2580234153-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"amd_dc_opt"="C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe"
"ForteConfig"="C:\Program Files\Conexant\ForteConfig\fmapp.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SACpl.exe /t"
"RtsFT"="RTFTrack.exe"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"Energy Manager"="C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe"
"Lenovo Utility"="C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"ZAM"="C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe /minimized"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"BtvStack"="C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [11/11/2015 04:36 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/02/2015 12:15 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [07/02/2015 12:15 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{064921AF-F89A-46F9-884A-925D09409414}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{E85127DF-A490-4F42-B4A5-7D46D1AF4600}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions ======================

ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\hgfoqh2d.default
- Reddit Enhancement Suite - %ProfilePath%\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

ProfilePath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default
- BetterPonymotes - %ProfilePath%\extensions\jid1-tHrhDJXsKvsiCw@jetpack.xpi
- Reddit Enhancement Suite - %ProfilePath%\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\xdm075yn.default
F114FBA6246530B89DD1E04351E0EAC5    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll -    Shockwave Flash

Profilepath: C:\Users\tomi\AppData\Roaming\Mozilla\Firefox\Profiles\ycil4qxg.default-1447878131954
F114FBA6246530B89DD1E04351E0EAC5    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll -    Shockwave Flash

==== Chromium Look ======================

selector is not a valid CSS selector - tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Ghostery - tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij
Chrome Web Store Payments - tomi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Bar"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://www.google.com"
"Start Page Redirect Cache"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page Redirect Cache"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Zemana Ltd. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
iCloudServices = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [Apple Inc.]
ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [Apple Inc.]
Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [Skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" [QualcommrAtherosr]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = "C:\Windows\system32\igfxtray.exe" [null data]
HotKeysCmds = "C:\Windows\system32\hkcmd.exe" [file not found]
Persistence = "C:\Windows\system32\igfxpers.exe" [file not found]
Nvtmru = "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [file not found]
cAudioFilterAgent = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [Conexant Systems, Inc.]
ForteConfig = C:\Program Files\Conexant\ForteConfig\fmapp.exe [null data]
SmartAudio = C:\Program Files\CONEXANT\SAII\SACpl.exe /t [Conexant Systems, Inc.]
RtsFT = RTFTrack.exe [Realtek semiconductor]
IAStorIcon = "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [Intel Corporation]
Energy Manager = C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [Lenovo(beijing) Limited]
Lenovo Utility = C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [Lenovo(beijing) Limited]
NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation]
ShadowPlay = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [MS]
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]
ZAM = "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized [Zemana Ltd.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
GrooveMonitor = "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [MS]
amd_dc_opt = C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [AMD]
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Apple Inc.]
LogMeIn Hamachi Ui = "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [LogMeIn Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [Oracle Corporation]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
  -> {HKLM...CLSID} = DesktopContext Class
                   \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
  -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                   \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension
  -> {HKLM...CLSID} = NvAppShExt Class
                   \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation]

{E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension
  -> {HKLM...CLSID} = OpenGLShExt Class
                   \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation]

{2F603045-309F-11CF-9774-0020AFD0CFF6} = Synaptics Control Panel
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll [Synaptics Incorporated]

{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
  -> {HKLM...CLSID} = AppShellPage Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [QualcommrAtherosr]

{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
  -> {HKLM...CLSID} = ContextMenu Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtContextMenu.dll [QualcommrAtherosr]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\PROGRA~1\MICROS~1\Office12\MSOHEVI.DLL [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
  -> {HKLM...CLSID} = iTunes
                   \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
  -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
  -> {HKLM...Wow...CLSID} = Groove Folder Synchronization
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
  -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
  -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
  -> {HKLM...Wow...CLSID} = Groove XML Icon Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
  -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{0006F045-0000-0000-C000-000000000046} = Microsoft Office Outlook Custom Icon Handler
  -> {HKLM...Wow...CLSID} = Outlook File Icon Extension
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL [MS]

{00020D75-0000-0000-C000-000000000046} = Microsoft Office Outlook Desktop Icon Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Outlook
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL [MS]

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
  -> {HKLM...Wow...CLSID} = Microsoft Office OneNote Namespace Extension for Windows Desktop Search
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL [MS]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
                         \InProcServer32\(Default) = C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> ("" [file not found]) Security Packages = ""

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\

{ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider
  -> {HKLM...CLSID} = AthCredentialProvider
                   \InProcServer32\(Default) = AthCredentialProvider.dll [QualcommrAtherosr]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{1ee7337f-85ac-45e2-a23c-37c753209769}\(Default) = Smartcard WinRT Provider
  -> {HKLM...CLSID} = Smartcard WinRT Provider
                   \InProcServer32\(Default) = C:\Windows\system32\SmartcardCredentialProvider.dll [MS]

{ACFC407B-266C-8504-8DAE-F3E276336E4B}\(Default) = AthCredentialProvider
  -> {HKLM...CLSID} = AthCredentialProvider
                   \InProcServer32\(Default) = AthCredentialProvider.dll [QualcommrAtherosr]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

2.0 Zemana AntiMalware\(Default) = {6ABB1C11-E261-4CEA-BBB5-3836225689DD}
  -> {HKLM...CLSID} = ZemanaShell
                   \InProcServer32\(Default) = C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [Zemana Ltd.]
  -> {HKLM...Wow...CLSID} = ZemanaShell
                         \InProcServer32\(Default) = C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt32.dll [Zemana Ltd.]

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
  -> {HKLM...CLSID} = AppShellPage Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\BtvAppExt.dll [QualcommrAtherosr]

PhotoStreamsExt\(Default) = {89D984B3-813B-406A-8298-118AFA3A22AE}
  -> {HKLM...CLSID} = ContextMenuHandler Class
                   \InProcServer32\(Default) = C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [Apple Inc.]
  -> {HKLM...Wow...CLSID} = ContextMenuHandler Class
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreams.dll [Apple Inc.]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
  -> {HKLM...CLSID} = Work Folders Context Menu Handler
                   \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

{a2a9545d-a0c2-42b4-9708-a0b2badd77c9}\(Default) = Start Menu Pin
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files (x86)\StartIsBack\StartIsBack64.dll [www.startisback.com]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Program Files (x86)\StartIsBack\StartIsBack32.dll [www.startisback.com]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
  -> {HKLM...CLSID} = FTShellContext Class
                   \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [QualcommrAtherosr]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
  -> {HKLM...CLSID} = Work Folders Context Menu Handler
                   \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
  -> {HKLM...CLSID} = Ath_CopyHook
                   \InProcServer32\(Default) = C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll [QualcommrAtherosr]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [file not found]

igfxDTCM\(Default) = {9B5F5829-A529-4B12-814A-E81BCB8D93FC}
  -> {HKLM...CLSID} = TheDeskTopContextMenu Class
                   \InProcServer32\(Default) = C:\Windows\system32\igfxDTCM.dll [Intel Corporation]

NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
  -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
                   \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]

WorkFolders\(Default) = {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
  -> {HKLM...CLSID} = Work Folders Context Menu Handler
                   \InProcServer32\(Default) = C:\Windows\System32\WorkfoldersShell.dll [MS]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...Wow...CLSID} = PDF Shell Extension
                         \InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

2.0 Zemana AntiMalware\(Default) = {6ABB1C11-E261-4CEA-BBB5-3836225689DD}
  -> {HKLM...CLSID} = ZemanaShell
                   \InProcServer32\(Default) = C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [Zemana Ltd.]
  -> {HKLM...Wow...CLSID} = ZemanaShell
                         \InProcServer32\(Default) = C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt32.dll [Zemana Ltd.]

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
  -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler
                         \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]

WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...Wow...CLSID} = WinRAR
                         \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

DisableTaskMgr = (REG_DWORD) dword:0x00000000
{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

EnableCursorSuppression = (REG_DWORD) dword:0x00000001
{unrecognized setting}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

iTunesBurnCDOnArrival\
Provider = iTunes
InvokeProgID = iTunes.BurnCD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ImportSongsOnCD
InvokeVerb = import
HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.PlaySongsOnCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\
Provider = iTunes
InvokeProgID = iTunes.ShowSongsOnCD
InvokeVerb = showsongs
HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSFhConfigBackup\
Provider = @C:\Windows\system32\fhautoplay.dll,-100
InvokeProgID = FHConfig.AutoPlayHandler
InvokeVerb = config
HKLM\SOFTWARE\Classes\FHConfig.AutoPlayHandler\shell\config\command\(Default) = fhmanagew -autoplay [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPromptEachTime\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                   \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSPromptEachTimeNoContent\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
  -> {HKLM...CLSID} = Shell Hardware Mixed Content Handler
                   \LocalServer32\(Default) = C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

Non-disabled Scheduled Tasks: {++}
-----------------------------

C:\Windows\System32\Tasks
Adobe Acrobat Update Task ->  launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]
Adobe Flash Player Updater ->  launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
GoogleUpdateTaskMachineCore ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA ->  launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
Optimize Start Menu Cache Files-S-1-5-21-435174368-2995637555-2580234153-1001 ->  launches: {2D3F8A1B-6DCD-4ED5-BDBA-A096594B98EF}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\twinapi.dll [MS]
  -> {HKLM...Wow...CLSID} = (no title provided)
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\twinapi.dll [MS]
Synaptics TouchPad Enhancements ->  launches: "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [Synaptics Incorporated]
User_Feed_Synchronization-{064921AF-F89A-46F9-884A-925D09409414} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
User_Feed_Synchronization-{E85127DF-A490-4F42-B4A5-7D46D1AF4600} -> (HIDDEN!) launches: C:\Windows\system32\msfeedssync.exe sync [MS]
{19575E33-BB89-4A60-8307-12292EE27310} ->  launches: C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\MediaPlayerVid2.4\Uninstall.exe" -c /fcp=1 [MS]

C:\Windows\System32\Tasks\Apple
AppleSoftwareUpdate ->  launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]

C:\Windows\System32\Tasks\Microsoft\Windows\.NET Framework
.NET Framework NGEN v4.0.30319 -> (HIDDEN!) launches: {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = mscoree.dll [MS]
.NET Framework NGEN v4.0.30319 64 -> (HIDDEN!) launches: {429BC048-379E-45E0-80E4-EB1977941B5C}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = mscoree.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) ->  launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID
SmartScreenSpecific ->  launches: {9f2b0085-9218-42a1-88b0-9f0e65851666}
  -> {HKLM...CLSID} = Windows SmartScreen Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]
  -> {HKLM...Wow...CLSID} = Windows SmartScreen Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\apprepsync.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent ->  launches: aitagent /increment [MS]
Microsoft Compatibility Appraiser ->  launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS]
ProgramDataUpdater ->  launches: %windir%\system32\CompatTelRunner.exe -maintenance [MS]
StartupAppTask ->  launches: %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\ApplicationData
CleanupTemporaryState ->  launches: %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy ->  launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask ->  launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask ->  launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  -> {HKLM...CLSID} = Certificate Services Client Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Chkdsk
ProactiveScan ->  launches: {cf4270f5-2e43-4468-83b3-a8c45bb33ea1}
  -> {HKLM...CLSID} = Proactive Scan
                   \InProcServer32\(Default) = C:\Windows\System32\pstask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
BthSQM -> (HIDDEN!) launches: {c8367320-6f85-11e0-a1f0-0800200c9a66}
  -> {HKLM...CLSID} = BthSQM
                   \InProcServer32\(Default) = C:\Windows\System32\BthSQM.dll [MS]
Consolidator ->  launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  -> {HKLM...CLSID} = KernelCeipCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
Uploader ->  launches: %windir%\system32\WSqmCons.exe -u [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  -> {HKLM...CLSID} = UsbCeip
                   \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  -> {HKLM...Wow...CLSID} = UsbCeip
                         \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Data Integrity Scan
Data Integrity Scan for Crash Recovery -> (HIDDEN!) launches: {DCFD3EA8-D960-4719-8206-490AE315F94F}
  -> {HKLM...CLSID} = Data Integrity Scan
                   \InProcServer32\(Default) = C:\Windows\System32\discan.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag ->  launches: %windir%\system32\defrag.exe -c -h -o -$ [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Device Setup
Metadata Refresh -> (HIDDEN!) launches: {23C1F3CF-C110-4512-ACA9-7B6174ECE888}
  -> {HKLM...CLSID} = DsmRefreshTask Class
                   \InProcServer32\(Default) = C:\Windows\System32\DeviceSetupManagerAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskCleanup
SilentCleanup ->  launches: %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive% [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\DiskFootprint
Diagnostics ->  launches: {5b6b6834-34f0-49b9-ad4e-81d4994c7a74}
  -> {HKLM...CLSID} = Disk Footprint Diagnostics Task
                   \InProcServer32\(Default) = C:\Windows\system32\DfpCommon.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\FileHistory
File History (maintenance mode) ->  launches: {89917B7C-A1A6-11DF-8BF6-18A90531A85A}
  -> {HKLM...CLSID} = FhTaskHandler Class
                   \InProcServer32\(Default) = C:\Windows\System32\fhtask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications ->  launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT ->  launches: A9A33436-678B-4c9c-A211-7CC38785E79D
  -> {HKLM...CLSID} = WinSAT Task Manger Task
                   \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
                         \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
ProcessMemoryDiagnosticEvents -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
  -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                   \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]
RunFullMemoryDiagnostic -> (HIDDEN!) launches: {8168e74a-b39f-46d8-adcd-7bed477b80a3}
  -> {HKLM...CLSID} = MemoryDiagnosticTaskHandler
                   \InProcServer32\(Default) = C:\Windows\System32\MemoryDiagnostic.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts
MNO Metadata Parser ->  launches: %SystemRoot%\System32\MbaeParserTask.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove ->  launches: %windir%\system32\lpremove.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService ->  launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  -> {HKLM...CLSID} = Microsoft PlaySoundService Class
                   \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
                         \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetCfg
BindingWorkItemQueueHandler ->  launches: {5AA199A0-1CED-43A5-9B85-3226086738A3}
  -> {HKLM...CLSID} = Binding Engine Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\netcfgx.dll [MS]
  -> {HKLM...Wow...CLSID} = Binding Engine Task Handler
                         \InProcServer32\(Default) = C:\Windows\SysWOW64\netcfgx.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo ->  launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
BackgroundConfigSurveyor -> (HIDDEN!) launches: {EA9155A3-8A39-40B4-8963-D3C761B18371}
  -> {HKLM...CLSID} = PerfTrack TaskHandler class
                   \InProcServer32\(Default) = C:\Windows\System32\perftrack.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\PI
Secure-Boot-Update ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]
Sqm-Tasks ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Plug and Play
Device Install Group Policy -> (HIDDEN!) launches: {60400283-b242-4fa8-8c25-caf695b88209}
  -> {HKLM...CLSID} = Device Installation Group Policy Task Handler
                   \InProcServer32\(Default) = C:\Windows\System32\pnppolicy.dll [MS]
Device Install Reboot Required -> (HIDDEN!) launches: {48794782-6a1f-47b9-bd52-1d5f95d49c1b}
  -> {HKLM...CLSID} = Device Installation Reboot Dialog Task
                   \InProcServer32\(Default) = C:\Windows\System32\pnpui.dll [MS]
Plug and Play Cleanup ->  launches: {DEF03232-9688-11E2-BE7F-B4B52FD966FF}
  -> {HKLM...CLSID} = Plug and Play Maintenance Task
                   \InProcServer32\(Default) = C:\Windows\System32\pnpclean.dll [MS]
Sysprep Generalize Drivers ->  launches: %SystemRoot%\System32\drvinst.exe 6 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem ->  launches: {927ea2af-1c54-43d5-825e-0074ce028eee}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\energytask.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
                   \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
                         \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager ->  launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  -> {HKLM...CLSID} = RasMobilityManager
                   \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  -> {HKLM...CLSID} = RegistryIdleBackupHandler
                   \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools
MRT_HB ->  launches: C:\Windows\system32\MRT.exe /EHB /Q [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Servicing
StartComponentCleanup ->  launches: 752073A1-23F2-4396-85F0-8FDB879ED0ED [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\SettingSync
BackgroundUploadTask -> (HIDDEN!) launches: {59B9640B-3F70-4D1C-B159-F26EEB8A4C87}
  -> {HKLM...CLSID} = Delayed Background Upload Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
  -> {HKLM...Wow...CLSID} = Delayed Background Upload Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
BackupTask -> (HIDDEN!) launches: {60A4C78C-E2B8-4E6E-876F-DA203B02C05E}
  -> {HKLM...CLSID} = Backup Upload Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
  -> {HKLM...Wow...CLSID} = Backup Upload Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
NetworkStateChangeTask -> (HIDDEN!) launches: {A4173A49-F373-4475-9A0F-2D615204DC20}
  -> {HKLM...CLSID} = Network State Change Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]
  -> {HKLM...Wow...CLSID} = Network State Change Task Handler
                         \InProcServer32\(Default) = C:\Windows\system32\SettingSyncCore.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
launchtrayprocess ->  launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS]
refreshgwxconfig ->  launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS]
refreshgwxconfigandcontent ->  launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS]
refreshgwxcontent ->  launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
Logon-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:7 [MS]
MachineUnlock-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:8 [MS]
OutOfIdle-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:6 [MS]
OutOfSleep-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:9 [MS]
refreshgwxconfig-B ->  launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS]
Telemetry-4xd ->  launches: %windir%\system32\GWX\GWX.exe /event:11 [MS]
Time-5d ->  launches: %windir%\system32\GWX\GWX.exe /event:10 [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Shell
CreateObjectTask -> (HIDDEN!) launches: {990a9f8f-301f-45f7-8d0e-68c5952dba43}
  -> {HKLM...CLSID} = Shell Create Object Task Delegate
                   \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
  -> {HKLM...Wow...CLSID} = Shell Create Object Task Delegate
                         \InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
FamilySafetyMonitor ->  launches: %windir%\System32\wpcmon.exe [MS]
FamilySafetyRefresh ->  launches: {EBF00FCB-0769-4b81-9BEC-6C05514111AA}
  -> {HKLM...CLSID} = FamilySafety.WebSync
                   \InProcServer32\(Default) = C:\Windows\System32\WpcWebSync.dll [MS]
IndexerAutomaticMaintenance ->  launches: {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}
  -> {HKLM...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                   \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]
  -> {HKLM...Wow...CLSID} = Automatic Maintenance task to enable Windows Search to make progress while in Connected Standby
                         \InProcServer32\(Default) = C:\Windows\System32\srchadmin.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SkyDrive
Idle Sync Maintenance Task ->  launches: {bf6c1e47-86ec-4194-9ce5-13c15dcb2001} [InProcServer32 entry not found]
Routine Maintenance Task ->  launches: {1b1f472e-3221-4826-97db-2c2324d389ae} [InProcServer32 entry not found]

C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
SvcRestartTask -> (HIDDEN!) launches: {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
  -> {HKLM...CLSID} = SppSvcRestartTaskHandler Class
                   \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]
  -> {HKLM...Wow...CLSID} = SppSvcRestartTaskHandler Class
                         \InProcServer32\(Default) = C:\Windows\System32\sppcext.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SpacePort
SpaceAgentTask ->  launches: %windir%\system32\SpaceAgent.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Sysmain
WsSwapAssessmentTask ->  launches: %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR ->  launches: %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  -> {HKLM...CLSID} = RunTask
                   \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  -> {HKLM...Wow...CLSID} = RunTask
                         \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TaskScheduler
Idle Maintenance ->  launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
  -> {HKLM...CLSID} = Maintenance Launcher Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
Maintenance Configurator ->  launches: {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8}
  -> {HKLM...CLSID} = Maintenance Configurator
                   \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
Manual Maintenance ->  launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
  -> {HKLM...CLSID} = Maintenance Launcher Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]
Regular Maintenance ->  launches: {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44}
  -> {HKLM...CLSID} = Maintenance Launcher Handler
                   \InProcServer32\(Default) = C:\Windows\system32\msched.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  -> {HKLM...CLSID} = MsCtfMonitor task handler
                   \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
                         \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
ForceSynchronizeTime ->  launches: {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
  -> {HKLM...CLSID} = Time Synchronization Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TimeSyncTask.dll [MS]
SynchronizeTime ->  launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Zone
SynchronizeTimeZone ->  launches: %windir%\system32\tzsync.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TPM
Tpm-Maintenance ->  launches: {5014B7C8-934E-4262-9816-887FA745A6C4}
  -> {HKLM...CLSID} = TPM Maintenance Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\TpmTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig ->  launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
                   \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
                         \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Defender
Windows Defender Cache Maintenance ->  launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance [MS]
Windows Defender Cleanup ->  launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup [MS]
Windows Defender Scheduled Scan ->  launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJob [MS]
Windows Defender Verification ->  launches: %ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting ->  launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary ->  launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate
Scheduled Start ->  launches: C:\Windows\system32\sc.exe start wuauserv [MS]
Scheduled Start With Network ->  launches: C:\Windows\system32\sc.exe start wuauserv [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask ->  launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  -> {HKLM...CLSID} = Wininet Cache task object
                   \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  -> {HKLM...Wow...CLSID} = Wininet Cache task object
                         \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WOF
WIM-Hash-Management ->  launches: {B7BFFB5A-EFA8-4D8C-BBDE-C8D5FAAF54A1}
  -> {HKLM...CLSID} = WOF Task Handler
                   \InProcServer32\(Default) = C:\Windows\system32\WofTasks.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Work Folders
Work Folders Logon Synchronization ->  launches: {97d47d56-3777-49fb-8e8f-90d7e30e1a1e}
  -> {HKLM...CLSID} = Work Folder Logon Trigger Class
                   \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]
Work Folders Maintenance Work ->  launches: {63260bce-a3fb-4a34-aa51-d4d8e877b62b}
  -> {HKLM...CLSID} = Work Folder Maintenance Task Class
                   \InProcServer32\(Default) = C:\Windows\System32\WorkFoldersShell.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WS
Badge Update ->  launches: {00CCDDF6-5107-424D-853D-3907AE5502DC}
  -> {HKLM...CLSID} = WinStore Tile Badge Updater
                   \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]
License Validation -> (HIDDEN!) launches: rundll32.exe WSClient.dll,WSpTLR licensing [MS]
Sync Licenses ->  launches: {10F591BE-3C84-418A-86DD-BAA002E2F36E}
  -> {HKLM...CLSID} = WinStore License Sync task
                   \InProcServer32\(Default) = C:\Windows\winstore\WinStoreUI.dll [MS]
WSRefreshBannedAppsListTask -> (HIDDEN!) launches: rundll32.exe WSClient.dll,RefreshBannedAppsList [MS]
WSTask ->  launches: {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129}
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Windows\System32\WSService.dll [MS]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-435174368-2995637555-2580234153-1001 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Bonjour\mdnsNSP.dll [Apple Inc.]

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
------------------------------------

Explorer Bars

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [MS]

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Research
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{2670000A-7350-4F3C-8081-5663EE0C6C49}\
ButtonText = Send to OneNote
MenuText = S&end to OneNote
CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C}
  -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
  -> {HKLM...Wow...CLSID} = &Research
                         \InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Apple Mobile Device Service, Apple Mobile Device Service, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
AtherosSvc, AtherosSvc, "C:\Program Files (x86)\Bluetooth Suite\adminservice.exe" [Windows (R) Win 7 DDK provider]
Bonjour Service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]
Conexant Audio Message Service, CxAudMsg, C:\Windows\system32\CxAudMsg64.exe [Conexant Systems Inc.]
Conexant SmartAudio service, SAService, C:\Windows\system32\SAsrv.exe [file not found]
Diagnostics Tracking Service, DiagTrack, C:\Windows\System32\svchost.exe -k utcsvc {C:\Windows\system32\diagtrack.dll [MS]}
HitmanPro Scheduler, HitmanProScheduler, C:\Program Files\HitmanPro\hmpsched.exe [SurfRight B.V.]
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" [Intel Corporation]
Intel(R) HD Graphics Control Panel Service, igfxCUIService1.0.0.0, C:\Windows\system32\igfxCUIService.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [Intel Corporation]
Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
iPod Service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]
LMIGuardianSvc, LMIGuardianSvc, "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" [LogMeIn, Inc.]
LogMeIn Hamachi Tunneling Engine, Hamachi2Svc, "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [LogMeIn Inc.]
MBAMScheduler, MBAMScheduler, "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [Malwarebytes]
Network Connection Broker, NcbService, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\ncbservice.dll [MS]}
NVIDIA Display Driver Service, nvsvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation]
NVIDIA GeForce Experience Service, GfExperienceService, "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" [NVIDIA Corporation]
NVIDIA Network Service, NvNetworkService, "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation]
NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [NVIDIA Corporation]
PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [file not found]
Windows Defender Network Inspection Service, WdNisSvc, "C:\Program Files\Windows Defender\NisSrv.exe" [MS]
ZAM Controller Service, ZAMSvc, "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [Zemana Ltd.]
ZAtheros Bt and Wlan Coex Agent, ZAtheros Bt and Wlan Coex Agent, C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [Atheros]

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> hitmanpro37,
<<!>> hitmanpro37.sys,
<<!>> SystemEventsBroker, Service
<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> Hamachi2Svc, Service
<<!>> hitmanpro37,
<<!>> hitmanpro37.sys,
<<!>> SystemEventsBroker, Service
<<!>> PEVSystemStart, Service

Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
<<!>> UpperFilters = <<!>> SynTP [Synaptics Incorporated],kbdclass [MS]

 

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\11Q1FB4H will be deleted at reboot
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\1SIGYYVG will be deleted at reboot
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\2IR0YX0K will be deleted at reboot
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\D33M4VDM will be deleted at reboot
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\EJUV7PUF will be deleted at reboot
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\UNWS19DK will be deleted at reboot
C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\W1CWQ7Z1 will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\tomi\AppData\Local\Mozilla\Firefox\Profiles\hgfoqh2d.default\cache2 emptied successfully
C:\Users\tomi\AppData\Local\Mozilla\Firefox\Profiles\xdm075yn.default\cache2 will be emptied at reboot
C:\Users\tomi\AppData\Local\Mozilla\Firefox\Profiles\ycil4qxg.default-1447878131954\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\tomi\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=95 folders=80 118164155 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\tomi\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\tomi\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\11Q1FB4H" not found
"C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\1SIGYYVG" not found
"C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\2IR0YX0K" not found
"C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\D33M4VDM" not found
"C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\EJUV7PUF" not found
"C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\UNWS19DK" not found
"C:\Users\tomi\AppData\Local\Microsoft\Windows\INetCache\IE\W1CWQ7Z1" not found

==== EOF on Thu 11/19/2015 at  8:10:36.14 ======================

 

scan_151119-085316.txt

Emsisoft Emergency Kit - Version 10.0
Last update: 11/19/2015 8:48:50 AM
User account: LENOVO\tomi

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    11/19/2015 8:53:16 AM
C:\Program Files (x86)\GameSpy Arcade\     detected: Adware.Win32.Gaspacade (A)
C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade\     detected: Adware.Win32.Gaspacade (A)
C:\Users\tomi\Desktop\GameSpy Arcade.lnk     detected: Adware.Win32.Gaspacade (A)
Key: HKEY_USERS\S-1-5-21-435174368-2995637555-2580234153-1001\SOFTWARE\GAMESPY\GAMESPY ARCADE     detected: Adware.Win32.Gaspacade (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GAMESPY ARCADE     detected: Adware.Win32.Gaspacade (A)
Value: HKEY_USERS\S-1-5-21-435174368-2995637555-2580234153-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR     detected: Setting.DisableTaskMgr (A)

Scanned    80707
Found    6

Scan end:    11/19/2015 9:02:06 AM
Scan time:    0:08:50

Value: HKEY_USERS\S-1-5-21-435174368-2995637555-2580234153-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR    Quarantined Setting.DisableTaskMgr (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GAMESPY ARCADE    Quarantined Adware.Win32.Gaspacade (A)
Key: HKEY_USERS\S-1-5-21-435174368-2995637555-2580234153-1001\SOFTWARE\GAMESPY\GAMESPY ARCADE    Quarantined Adware.Win32.Gaspacade (A)
C:\Users\tomi\Desktop\GameSpy Arcade.lnk    Quarantined Adware.Win32.Gaspacade (A)
C:\Users\tomi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade\    Quarantined Adware.Win32.Gaspacade (A)
C:\Program Files (x86)\GameSpy Arcade\    Quarantined Adware.Win32.Gaspacade (A)

Quarantined    6

 

zoek-results.txt

 

scan_151119-085316.txt

[Kris 193]

I would suggest that you disable windows defender. Turn Windows Defender on or off  This program is as useless as the guy below for being a bouncer in night club in Detroit. I would replace it with 360 Total Security

 

Eset Online Scanner.

 

Eset Scan

Click Me To Download Eset Scan

Disable your antivirus prior to this scan.
 
 
 

•  Save it to your desktop.
• Double click on the icon on your desktop.
• Check "YES, I accept the Terms of Use."
• Click the Start button.
• Accept any security warnings from your browser.
• Under scan settings, check "Scan Archives" and "Remove found threats"
• Click Advanced settings and select the following:
• Scan potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth technology
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click List Threats
• Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Click the Back button.
• Click the Finish button.
• NOTE:Sometimes if ESET finds no infections it will not create a log.

 

CCleaner.

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

https://www.piriform.com/ccleaner/download


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task.



Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

• Hit options.
• Settings.
• Place a tick to run Ccleaner when the computer starts.

 

 

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

 

Also run a deep clean up with PrivaZer Then Defrag with TooWiz Smart Defrag  (Do Not Defrag If SSD) Now reboot your machine and tell me how things are. I will have a fixlist prepared for you, once you complete the above steps.

 

[Kris 193]

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Click me to download fixlist.txt

[Guest Killer_Beast]

I have used the ESET scanner as best as I could, but I couldn't follow the instructions, exactly, especially on the "remove found threats" option, which I simply couldn't find. It's currently scanning. It is a bit late, but I'll report tomorrow, when my next rounds of scans are, hopefully, done.

[Kris 193]

If you can get the log from eset, then if you did not tick remove threats.... I can use FRST to remove anything BAD manually.  Thanks for the update.  

 

Just make sure your computer does not go to sleep during the scan.

[Guest Killer_Beast]

Heh, I think it might've, sorry to say... It is continuing to scan, now. I'll be doing some work on it, so I'll be done with this scan soon, hopefully. Since I'm providing updates, I think I managed to turn Windows Defender off, replacing it with 360 Total Security. Now waiting to finish up this scan, so I can move along and do the rest.

[Guest Killer_Beast]

Right, ESET has finished scanning. I'll place the log here. I'm sort of halting this, as I now need urgent help with another matter. I just followed the CCleaner steps, but that deleted my Firefox and Chrome sessions, history, quick-tabs and all that. I really... REALLY need those. The only reason I still have the Firefox tabs is because I tend to save the recovery file. So, I'm kinda freaking out right now over losing tabs and other things. I wish to know if there's any way at all to recover these, besides a system restore, which would be a bit too early. Cheers.

ESETScan.txt

 

C:\Users\tomi\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/OpenCandy.A potentially unsafe application    cleaned by deleting - quarantined
C:\Users\tomi\AppData\Roaming\ZHP\Quarantine\hosts    Win32/Qhost trojan    cleaned by deleting - quarantined
C:\Users\tomi\Downloads\rcsetup151.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\zoek_backup\C_Users_tomi_AppData_Roaming_ZsfnGqc44e.vir    JS/Toolbar.Crossrider.C potentially unwanted application    deleted - quarantined
E:\iPhone Music\Metallica___The_Greatest_Hits_2011_2CDRip__Bubanee_.exe    Win32/Adware.1ClickDownload.AN application    cleaned by deleting - quarantined
E:\iPhone Music\Tropico_3_OST.exe    multiple threats    cleaned by deleting - quarantined

 

[Kris 193]

On 11/19/2015, 12:01:11, Kris said:

under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task.

 

These were the only things that I advised to disable, nothing from your browsers. A system restore would be the only way I know of to get them back.  When you installed 360 Total it should have created a restore point.

[Killer Beast 0]

First step was literally "Run Cleaner". Before any warning about files. And the Windows tab step would've been after this. It literally cleaned out all of my browser data. It's really bloody annoying, as my last system restore seems to be early, yesterday, but it sounds as I don't have much of a choice. There are a couple guides/forums online which talk about "Recuva", or some other form of software that may help. I don't know what to do, right now. And the bloody reply button won't work, either... For me, right now, this is more damaging than whatever virus I had. I still have CCleaner up as well, in case that would help. I just made an account, since I couldn't reply. Feeling gagged is the last thing I need right now.

[Kris 193]

So you need your browser history back, system restore is what is going to be needed. Recuva is not going to help you get browsing history back.

[Killer Beast 0]

Got it. Guess I'll go with that, since I have the tabs for Firefox, as they were this morning.

[Kris 193]

I will be changing my instructions, I have been using those same instructions for years helping in other forums. Never has this been an issue. I do apologize for the the way this unfolded. If you see the instructions for posting here, we do suggest a backup. :)

 

[Guest]

Right... I'm back! Chrome's fucked, but it was just a secondary browser to me. Firefox is largely recovered, although I'll have to see what links I missed. I'd say I'm good for now. We may have to re-do steps, or something, since I think some software got removed with that. Sorry about that. I was, quite literally, losing my mind. Well, we definitely need to do that, now. I can't access my e-mail again. Fun times!

[Kris 193]

Start again from the top, just skip CCleaner.  I do apologize for the browser history. Never had anyone mention anything about this to me before.  :)

[Guest Killer_Beast]

No worries! So, by the top, should I start literally from the beginning? I mean, I think it may be the case, since I only have a partial set of antiviruses installed now, or whatever. Also, I should apologise for being such a bother. I imagine you meant the "top" top, since we need info and all of that again. If that's the case, should I just re-do everything, with the exception of CCleaner?

[Kris 193]

Yes start from the link below with JRT, skip the FRST logs we know what is on the machine.

 

 

 

 

[Guest Killer_Beast]

Understood. Should I also use ADWCleaner?

[Kris 193]

15 minutes ago, Guest Killer_Beast said:

Understood. Should I also use ADWCleaner?

 

 

Yes indeed.

[Guest Killer_Beast]

And here we go again! There we go... I've done everything, up to and including installing 360 Total Protection, replacing Defender. Now, I have one question. I know I must do the other things from the last post, of course. Do I still have to download and run the ESET scan, though? I just need to know that since it will take a lot of time. Also, avoid CCleaner. I haven't forgotten, no worries!

AdwCleaner[C2].txt

AdwCleaner[S2].txt

JRT.txt

Scan_Logs_2015_11_21_00_29_34.txt

Repair_Logs_2015_11_21_00_29_34.txt

ZHPCleaner.txt

2015.11.21-01.35.55-i0-t4294967295-d7.txt

zoek-results.txt

scan_151121-055039.txt

[Guest Killer_Beast]

As a little "bonus", here's the log from my 360 Total Security scan!

20151121060754.log