Windows Explorer belastet extrem CPU

Bartos · 20.06.2014, 19:27

Hallo,
Ich brauche Eure Hilfe.
Seit drei Tagen spinnt mein PC. Er ist extrem lahm, Windows Explorer belastet extrem CPU. Die Belastung liegt bei 50-70, die CPU-Auslastung insgesamt bei 100% und selbst die Verbindung ins Internet ist deutlich langsamer geworden.
Zusatzinformationen:
Win7, Win-Updates auf dem aktuellen Stand.
Opera verhält sich seltsam und friert ab und zu ein
Rechter Mausklick dauert sehr lange
TuneUp konnte dieses Problem nicht beseitigen

cosinus · 20.06.2014, 19:41

Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Bartos · 20.06.2014, 19:53

FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by George (administrator) on GEORGE-PC on 19-06-2014 16:16:39
Running from C:\Users\George\00  R E S U L T
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Crystal Rich Ltd) C:\Program Files\USB Safely Remove\USBSRService.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(FlyingSnow) C:\Program Files\MacType\MacTray.exe
(Techsoft) C:\Windows\System32\mfsyncsv.exe
() C:\Windows\System32\NMSAccessU.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Digital Networks North America, Inc.) C:\Windows\System32\RioMSC.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Totalidea Software) C:\Windows\System32\Tweak7SystemService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Windows\System32\vsnapvss.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(PS Soft Lab) C:\Program Files\PS Tray Factory\PSTrayFactory.exe
() C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe
(Techsoft) C:\Program Files\MirrorFolder\mrfshl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Anuko International Ltd.) C:\Program Files\Anuko\World Clock\world_clock.exe
(Mortal Universe) C:\Program Files\POP Peeper\POPPeeper.exe
() C:\Program Files\Ad Muncher\AdMuncherUpdater.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Hyperionics Technology LLC) C:\Program Files\FileBX\FileBX.exe
(NTeWORKS) C:\Program Files\PicPick\picpick.exe
(Letasoft) C:\Program Files\Letasoft Sound Booster\SoundBooster.exe
(<appro@fy.chalmers.se>) C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe
() C:\Program Files\WindowTabs\WindowTabs.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Murray Hurps Software Pty Ltd) C:\Program Files\Ad Muncher\AdMunch.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Enterra Icon Keeper] => C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe [57344 2006-06-06] (Enterra, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [3309568 2004-03-24] (NVIDIA Corporation)
HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [388992 2014-04-24] (SHADOWDEFENDER.COM)
HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Run: [TrayFactory] => C:\Program Files\PS Tray Factory\PSTrayFactory.EXE [1304576 2010-05-25] (PS Soft Lab)
HKLM\...\Run: [Minipad] => C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe [236544 2010-11-28] ()
HKLM\...\Run: [MirrorFolderShell] => C:\Program Files\MirrorFolder\mrfshl.exe [228904 2012-12-08] (Techsoft)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [RevertWebViewSecurity] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [TrayFactory] => C:\Program Files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [AnukoWorldClock] => C:\Program Files\Anuko\World Clock\world_clock.exe [571480 2013-12-05] (Anuko International Ltd.)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [POP Peeper] => C:\Program Files\POP Peeper\POPPeeper.exe [2221056 2013-12-20] (Mortal Universe)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [AdMuncherUpdater] => C:\Program Files\Ad Muncher\AdMuncherUpdater.exe [988861 2013-12-15] ()
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2611808 2014-01-20] ()
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3837520 2014-06-04] (Tonec Inc.)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\RunOnce: [PSTF] - C:\Program Files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoDrives] 62914560
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox eXtender.lnk
ShortcutTarget: FileBox eXtender.lnk -> C:\Program Files\FileBX\FileBX.exe (Hyperionics Technology LLC)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AceText.lnk
ShortcutTarget: AceText.lnk -> C:\Program Files\Just Great Software\AceText\AceText.exe (Just Great Software)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdMunch.lnk
ShortcutTarget: AdMunch.lnk -> C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PicPick.lnk
ShortcutTarget: PicPick.lnk -> C:\Program Files\PicPick\picpick.exe (NTeWORKS)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smart mail.lnk
ShortcutTarget: smart mail.lnk -> C:\Program Files\Smart PC Solutions\Smart Mail Notifier\SmartMailNotifier.exe (Smart PC Solutions)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound Booster.lnk
ShortcutTarget: Sound Booster.lnk -> C:\Program Files\Letasoft Sound Booster\SoundBooster.exe (Letasoft)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TXMouse.lnk
ShortcutTarget: TXMouse.lnk -> C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe (<appro@fy.chalmers.se>)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowTabs.lnk
ShortcutTarget: WindowTabs.lnk -> C:\Windows\Installer\{8FB716E9-A14D-4983-8DE0-818CFFF24658}\_11D700C05B80A7BE98D2B6.exe ()
BootExecute: 

==================== Internet (Whitelisted) ====================

ProxyServer: 60.222.224.135:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2155FCF56F08CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ustart.org
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MetaProducts Inquiry Helper - {001165C1-A640-11D7-9FD9-0080481ADA61} - C:\Program Files\MetaProducts Inquiry\inquiry.dll (MetaProducts corp.)
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: WebResearch Browser Helper Object - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
BHO: FLockObj Class - {26C3165B-FC58-4910-802D-250B2E68A04E} - C:\Program Files\GiliSoft\Privacy Protector\FileLockPlugin.dll ()
BHO: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Research Project Colletta IE Add-in - {9da4fcb2-d7ca-4080-94b7-11e7b20d3f63} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - QTToolBar2 - {a84524f0-d48b-4cff-8012-5e67decaf1d5} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Command Bar - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Command Bar 2 - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Management toolbar - {d2bf470e-ed1c-487f-a300-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: QTTabBarLib.ExplorerProcessCaptor - {D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE} - C:\Windows\System32\mscoree.dll [297808 2010-11-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{2E4A2520-01A7-4514-9E86-0193B5E2F54F}: [NameServer]8.8.8.8,8.8.4.4,192.168.1.1
Tcpip\..\Interfaces\{A4034B29-02E2-4202-9945-9C97B2001AC5}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B383CF35-CA4E-4E62-8DA4-A92724620976}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B9A18F8B-589A-45A9-A31A-9650FF81DACD}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF DefaultSearchEngine: uStart
FF SearchEngineOrder.1: uStart
FF Homepage: hxxp://startpage.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @digitalworkshop.com/Plexus - C:\ProgramData\\Digital Workshop\Plexus\npilm500.dll (Digital Workshop)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @metaproducts.com/MPIQ - C:\Program Files\MetaProducts Inquiry\mpsafariiq.dll (MetaProducts corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @siber.com/RoboForm - C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\PROGRA~1\TRACKE~1\PDFVIE~1\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.4-next - C:\Users\George\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF user.js: detected! => C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdbplug.dll (DNAML Pty Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPILM500.dll (Digital Workshop)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\digg.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-blogs.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-books.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-directory.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-finance.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-groups.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-news.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-products.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-trends.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-video.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\longman-english-dictionary.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\thesauruscom.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\youtube.xml
FF Extension: Plus-HD-3.8 - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com [2013-11-22]
FF Extension: pearltrees - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\collector@broceliand.fr [2013-04-28]
FF Extension: Custom Buttons - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\custombuttons@xsms.org [2013-11-19]
FF Extension: SearchNewTab - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\dtrti@yyozfqeyoy.com [2013-05-07]
FF Extension: vis - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-04-18]
FF Extension: FavIconReloader - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\FavIconReloader@mozilla.org [2013-11-22]
FF Extension: Delta Toolbar - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\ffxtlbr@delta.com [2013-03-24]
FF Extension: HashColouredTabs+ - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\hashcolouredtabs@bristol.ac.uk [2013-05-01]
FF Extension: cconttiNiUUetoosaavee - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\qcahoyye@okgmx.net [2013-05-07]
FF Extension: No Name - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged [2013-05-09]
FF Extension: DNL Reader for Mozilla - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\support@dnaml.com [2014-04-27]
FF Extension: The Puzzle Piece - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thePuzzlePiece@quicksaver [2013-09-14]
FF Extension: ColorfulTabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-11-19]
FF Extension: FireShot - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013-10-14]
FF Extension: Flagfox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013-11-22]
FF Extension: Session Manager - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2013-09-14]
FF Extension: RadioTotal1  - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5} [2013-11-19]
FF Extension: EPUBReader - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-04-28]
FF Extension: All-in-One Gestures - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-05-26]
FF Extension: YouTube™ Anywhere Player - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2013-11-19]
FF Extension: Image Spider - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\Artem@Demchenkov.ImageSpider.xpi [2013-04-28]
FF Extension: Classic Bookmarks Button - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\ClassicBookmarksButton@ArisT2Noia4dev.xpi [2013-11-19]
FF Extension: Classic Theme Restorer - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2013-11-19]
FF Extension: FabTabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\fabtab@captaincaveman.nl.xpi [2013-05-01]
FF Extension: FreeHDSport TV - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\fhdp@fhdp.tv.xpi [2013-04-25]
FF Extension: FireGestures - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\firegestures@xuldev.org.xpi [2013-04-28]
FF Extension: IdentFavIcon - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\identfavicon@david.hanak.hu.xpi [2013-04-28]
FF Extension: Side Tabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\jid0-AjzBVlpzVAaBqxcar9QDqMWWAVQ@jetpack.xpi [2013-05-01]
FF Extension: Scroll To Top - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\jid0-gRmSxW9ByuHwGjLhtXJg27YnZRs@jetpack.xpi [2013-05-01]
FF Extension: Multifox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\multifox@hultmann.xpi [2013-05-01]
FF Extension: Multi Links - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\multilinks@plugin.xpi [2013-04-28]
FF Extension: Easy DragToGo+ - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\pig1717@gmail.com.xpi [2013-04-29]
FF Extension: QuickDrag - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2013-04-28]
FF Extension: Scroll to Top/Bottom - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2013-05-01]
FF Extension: The Puzzle Piece - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thePuzzlePiece@quicksaver.xpi [2013-05-26]
FF Extension: Thumbnail Zoom Plus - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-04-28]
FF Extension: Tile Tabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\tiletabs@DW-dev.xpi [2013-05-01]
FF Extension: Google Translator for Firefox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\translator@zoli.bod.xpi [2013-04-28]
FF Extension: Session Manager - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-04-28]
FF Extension: Capture &amp; Print - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2013-04-28]
FF Extension: RunWith - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{2E3C8719-28D0-47fc-BD8E-9A2C02F4144E}.xpi [2013-04-28]
FF Extension: SearchWP - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d}.xpi [2013-05-18]
FF Extension: Tab Clicking Options - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{43520B8F-4107-4351-AC64-9BCC5EEA24B9}.xpi [2013-05-01]
FF Extension: Searchtermhighlighter - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{458482f0-90fb-4257-855f-0ba2790584f9}.xpi [2013-05-18]
FF Extension: Stylish - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-04-28]
FF Extension: DragIt - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{575cbcb9-3b7e-493a-b001-886b3ae793b5}.xpi [2013-04-29]
FF Extension: Quick Translator - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-04-28]
FF Extension: Readability - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2013-04-28]
FF Extension: Speed Dial - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-05-09]
FF Extension: FfChrome - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{9bc51d13-3849-4541-a69c-da418934ca05}.xpi [2013-05-01]
FF Extension: eCleaner - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2013-05-01]
FF Extension: RightToClick - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-04-28]
FF Extension: TextMarker Go - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi [2013-04-28]
FF Extension: CoolPreviews - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2013-04-28]
FF Extension: MetaProducts Integration - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi [2013-04-28]
FF Extension: Tab Mix Plus - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-04-28]
FF Extension: DownThemAll! - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-28]
FF Extension: Greasemonkey - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-04-29]
FF Extension: Menu Editor - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-04-28]
FF Extension: FoxTab - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013-05-09]
FF Extension: Open link in... - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}.xpi [2013-04-28]
FF Extension: MAXA Cookie Manager - C:\Program Files\MAXA Cookie Manager\extension [2012-11-23]
FF Extension: TS Magic Player - C:\Users\George\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-04-12]
FF Extension: IDM CC - C:\Users\George\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-11-17]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012-10-28]
FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] - C:\Program Files\MAXA Cookie Manager\extension
FF Extension: MAXA Cookie Manager - C:\Program Files\MAXA Cookie Manager\extension [2012-11-23]
FF HKCU\...\Firefox\Extensions: [CaptureSaver@goldgingko.com] - C:\Program Files\CaptureSaver\Firefox
FF Extension: No Name - C:\Program Files\CaptureSaver\Firefox [2013-03-22]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\George\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\George\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\George\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\George\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-04-12]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\George\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\George\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]

========================== Services (Whitelisted) =================

S4 Backupper Service; C:\Program Files\AOMEI Backupper Professional Edition 2.0\ABService.exe [29912 2014-04-04] (AOMEI Tech Co., Ltd.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
S4 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2164088 2012-06-29] (Condusiv Technologies)
S4 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
S4 Hddb_Service; C:\Program Files\xp-zed\hddb\Hddb_Srv.exe [150016 2014-05-02] (Xp-Zed.com) [File not signed]
S4 hgvpn; C:\Program Files\HideGuard VPN\hgvpn.exe [770096 2014-03-17] ()
S4 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 MacType; C:\Program Files\MacType\MacTray.exe [605696 2012-10-22] (FlyingSnow) [File not signed]
S4 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-18] (Malwarebytes Corporation)
S4 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-04-18] (Malwarebytes Corporation)
R2 mfsyncsv; C:\Windows\system32\mfsyncsv.exe [182312 2012-12-08] (Techsoft)
R2 NMSAccess; C:\Windows\system32\NMSAccessU.exe [71096 2009-01-12] ()
S4 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)
S4 PCAppStoreSvc_{PCAppStore_4.2.1.5384}; C:\Program Files\Baidu Security\PC App Store\4.2.1.5384\PCAppStoreSvc.exe [575008 2014-04-08] (Baidu Inc.)
R2 PCFasterSvc_{PCFaster_4.0.0.0}; C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [699376 2014-06-06] (Baidu Inc.)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [603760 2013-10-16] (Paramount Software UK Ltd)
R2 RioMSC; C:\Windows\system32\RioMSC.exe [303104 2005-07-25] (Digital Networks North America, Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [130248 2013-10-16] (Sandboxie Holdings, LLC)
S4 SdxEmailCaptureService; C:\Program Files\Sohodox Desktop\Modules\Email Capture\EmailCaptureSvr.exe [69632 2012-06-04] (ITAZ Technologies Pvt Ltd) [File not signed]
S4 SdxFolderMonitorService; C:\Program Files\Sohodox Desktop\Modules\Folder Monitor\FldMonSrv.exe [65536 2011-12-29] (ITAZ Technologies Pvt Ltd) [File not signed]
S4 SdxIndexingService; C:\Program Files\Sohodox Desktop\Modules\Indexing Service\Itaz.Dms.IndexingService.exe [61440 2013-06-04] (ITAZ Technologies Pvt Ltd) [File not signed]
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S4 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3506232 2013-08-03] (SoftEther Project at University of Tsukuba, Japan.)
R2 ShadowProtectSvc; C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [3561472 2012-10-28] (StorageCraft Technology Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [57344 2013-01-08] () [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
S3 TunnelBearMaintenance; C:\Program Files\TunnelBear\TBear.Maintenance.exe [25536 2014-04-08] ()
R2 Tweak7SystemService; C:\Windows\system32\Tweak7SystemService.exe [102904 2013-06-10] (Totalidea Software)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
R2 USBSafelyRemoveService; C:\Program Files\USB Safely Remove\USBSRService.exe [1036088 2014-03-24] (Crystal Rich Ltd)

==================== Drivers (Whitelisted) ====================

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () [File not signed]
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25728 2012-06-05] (Google Inc)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [103744 2014-06-06] (Baidu, Inc.)
R3 cmuda3; C:\Windows\System32\Drivers\cmudax3.sys [1872192 2009-12-01] (C-Media Inc)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [306536 2014-04-24] (SHADOWDEFENDER.COM)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [35120 2012-04-05] (Condusiv Technologies)
S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44496 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [85328 2012-06-07] (Condusiv Technologies)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider) [File not signed]
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
R0 FLGuard; C:\Windows\System32\drivers\FlGuard.sys [35328 2013-11-19] (SafePcTools Software) [File not signed]
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R2 HCWBT8xx; C:\Windows\System32\Drivers\HCWBT8XX.sys [280644 2002-03-01] (Hauppauge Computer Works)
R0 hpt3xx; C:\Windows\System32\Drivers\hpt3xx.sys [43539 2003-05-09] (HighPoint Technologies, Inc.)
R0 hptpro; C:\Windows\System32\Drivers\hptpro.sys [9809 2003-01-27] (HighPoint Technologies, Inc.)
R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2014-03-22] (Highresolution Enterprises [www.highrez.co.uk])
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [30216 2014-03-04] (IObit)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-04-18] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [18136 2013-02-25] ()
R0 mrfoldr; C:\Windows\System32\drivers\mrfoldr.sys [77104 2012-12-08] (Techsoft)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed]
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0055.sys [26208 2013-08-02] (SoftEther Project at University of Tsukuba, Japan.)
R3 PCFApiUtil; C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [119168 2014-03-11] (Baidu, Inc.)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-12-03] (Raxco Software, Inc.)
S3 Point32; C:\Windows\System32\Drivers\point32k.sys [24064 2006-11-08] (Microsoft Corporation) [File not signed]
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [65144 2013-08-01] (Paramount Software UK Ltd)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 PSVolAcc; C:\Windows\system32\Drivers\PSVolAcc.sys [13432 2013-06-28] (Paramount Software UK Ltd)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159840 2013-10-16] (Sandboxie Holdings, LLC)
S3 SEE; C:\Windows\System32\drivers\see.sys [42976 2013-08-03] (SoftEther Project at University of Tsukuba, Japan.)
S3 Spring; C:\Program Files\Baidu Security\PC Faster\4.0.0.0\Spring.sys [96608 2014-06-16] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-10-31] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1451312 2012-03-19] (ShiningMorning Inc.)
U3 IDMTDI; 
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S4 utm0mzgw; \??\C:\Windows\system32\Drivers\utm0mzgw.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\Users\George\AppData\Roaming\ioloGovernor
2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-01-11 22:47 - 2014-04-07 21:28 - 00000000 ____D () C:\ProgramData\iolo
2014-06-19 16:15 - 2014-06-19 16:19 - 00000000 ____D () C:\FRST
2014-06-19 16:04 - 2014-06-19 16:06 - 38672200 _____ (IObit ) C:\Users\George\Desktop\asc-setup_7.3.0.454.exe
2014-06-19 15:48 - 2014-06-19 15:48 - 00059848 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:46 - 2014-06-19 15:46 - 00000056 _____ () C:\Windows\setupact.log
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 15:45 - 2014-06-19 15:46 - 00274664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 21:15 - 2014-06-17 21:15 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  AppData Roa
2014-06-17 21:14 - 2014-06-17 21:14 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  PR
2014-06-14 20:47 - 2014-06-18 19:02 - 00003314 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 15:22 - 2014-06-17 19:26 - 00000000 ____D () C:\Windows\LastGood
2014-06-14 13:43 - 2011-08-15 22:34 - 00108544 _____ (Matrox Graphics Inc.) C:\Windows\system32\Drivers\MxEFUF32.sys
2014-06-14 13:29 - 2014-06-14 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
2014-06-14 11:09 - 2014-06-14 11:09 - 00000000 ____D () C:\Users\George\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-06-14 11:08 - 2014-06-18 17:58 - 00000000 ____D () C:\Program Files\Garden Planner 3
2014-06-12 19:31 - 2014-06-14 09:44 - 00000000 ____D () C:\Program Files\VueScan
2014-06-12 19:31 - 2014-06-12 19:31 - 00000947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
2014-06-12 19:31 - 2014-06-12 19:31 - 00000941 _____ () C:\Users\Public\Desktop\VueScan x32.lnk
2014-06-12 19:15 - 2014-06-12 19:15 - 00000000 ____D () C:\Program Files\Common Files\Canon
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files\PC Drivers HeadQuarters
2014-06-12 18:58 - 2014-06-12 19:38 - 00000000 ____D () C:\Program Files\DriverTuner
2014-06-11 21:33 - 2014-06-18 18:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2014-06-11 21:33 - 2014-06-18 18:08 - 00000000 ____D () C:\Program Files\Canon
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Scribble Code
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\dumps
2014-06-09 12:17 - 2014-06-09 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crosstrainer
2014-06-07 20:23 - 2014-06-07 20:23 - 188416000 _____ () C:\Users\George\Desktop\ampe.iso
2014-06-07 20:08 - 2014-06-07 20:08 - 00001024 ____H () C:\SYSTAG.BIN
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-06-07 20:06 - 2014-06-07 20:08 - 00000082 _____ () C:\Windows\system32\winsevr.dat
2014-06-07 20:05 - 2014-06-07 20:23 - 00000000 ____D () C:\Program Files\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:05 - 2014-06-07 20:05 - 00001164 _____ () C:\Users\Public\Desktop\AOMEI Backupper Professional Edition 2.0.lnk
2014-06-07 20:05 - 2014-06-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:05 - 2013-05-07 14:27 - 00129720 _____ () C:\Windows\system32\ammntdrv.sys
2014-06-07 20:05 - 2013-05-07 14:27 - 00026424 _____ () C:\Windows\system32\ambakdrv.sys
2014-06-07 20:05 - 2013-02-06 15:52 - 00014392 _____ () C:\Windows\system32\amwrtdrv.sys
2014-06-07 14:32 - 2014-06-07 15:02 - 00000000 ____D () C:\Users\George\AppData\Roaming\Tweak-7
2014-06-07 14:32 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Local\Totalidea_Software
2014-06-07 14:30 - 2014-06-07 14:30 - 00001889 _____ () C:\Users\George\Desktop\Tweak-7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001770 _____ () C:\Users\George\Desktop\Shutdown Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Suspend Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Restart Windows 7.lnk
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Windows\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Program Files\Tweak-7
2014-06-07 14:14 - 2014-06-07 14:27 - 00000052 _____ () C:\Windows\system32\actt7.ini
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\OpenSSL-Win32
2014-06-07 14:10 - 2014-06-05 08:07 - 01177088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-06-07 14:10 - 2014-06-05 08:07 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-06-07 14:10 - 2014-06-05 08:07 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll
2014-06-06 23:39 - 2014-06-06 23:39 - 00000000 ____D () C:\Program Files\synedra
2014-06-06 23:38 - 2014-06-06 23:38 - 00000000 ____D () C:\Users\George\.imagej
2014-06-06 23:23 - 2014-06-18 18:15 - 00000000 ____D () C:\Program Files\ImageJ
2014-06-06 22:28 - 2014-06-06 22:28 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-06-06 22:22 - 2014-06-08 14:02 - 00001829 _____ () C:\Users\Public\Desktop\R-Wipe&Clean.lnk
2014-06-06 13:48 - 2014-06-06 13:48 - 00000000 ____D () C:\Users\George\AppData\Roaming\anyburn
2014-06-06 12:40 - 2014-06-06 12:48 - 00000041 ___SH () C:\ProgramData\.zreglib
2014-06-06 12:38 - 2014-06-06 12:38 - 00000000 ____D () C:\ProgramData\SlySoft
2014-06-06 12:37 - 2014-06-06 12:37 - 00000000 ____D () C:\Program Files\SlySoft
2014-06-06 12:00 - 2014-06-06 12:25 - 00000000 ____D () C:\Users\George\Desktop\Drewes
2014-06-05 13:55 - 2014-06-05 13:55 - 00000000 ____D () C:\ProgramData\Opus Professional
2014-06-05 13:54 - 2014-06-05 13:54 - 00001756 _____ () C:\Users\George\Desktop\Opus Pro 9.lnk
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Digital Workshop
2014-06-05 13:53 - 2014-02-02 15:51 - 00196608 _____ (Digital Workshop) C:\Windows\DWUninst.exe
2014-06-05 13:53 - 2010-06-23 09:53 - 01537536 _____ () C:\Windows\system32\erdmpg-hi.dll
2014-06-05 13:53 - 2010-06-23 09:53 - 00405504 _____ (Essien Research & Development) C:\Windows\system32\mpgfiltr.ax
2014-06-05 13:45 - 2014-06-05 13:54 - 00000000 ____D () C:\Program Files\Opus Pro 9
2014-06-05 07:16 - 2014-06-05 03:06 - 00113168 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-06-04 13:46 - 2014-06-18 18:23 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-04 13:45 - 2014-06-04 14:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-04 13:36 - 2014-06-04 13:36 - 00001779 _____ () C:\Users\Public\Desktop\Postbox.lnk
2014-06-04 12:53 - 2014-06-04 14:37 - 00000000 ____D () C:\Users\George\AppData\Roaming\SideSlide
2014-06-03 12:00 - 2014-06-03 12:00 - 00001259 _____ () C:\Users\Public\Desktop\FlipBook Maker Enterprise.lnk
2014-06-02 09:57 - 2014-06-02 09:57 - 00859456 _____ (repkasoft) C:\Windows\yowindow.scr
2014-06-01 14:27 - 2014-06-01 14:27 - 00000913 _____ () C:\Users\Public\Desktop\Registry First Aid.lnk
2014-06-01 14:27 - 2014-06-01 14:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 9
2014-05-31 15:08 - 2014-05-31 15:08 - 00003560 ____N () C:\bootsqm.dat
2014-05-31 13:08 - 2014-05-31 13:08 - 00018372 _____ () C:\Users\George\Documents\cc_20140531_130821.reg
2014-05-30 20:37 - 2014-05-30 20:37 - 00000000 ____D () C:\Program Files\FlashDemo.NET
2014-05-30 20:34 - 2014-05-30 20:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\FourthRaySoftware
2014-05-30 20:28 - 2014-05-30 20:28 - 00000000 ____D () C:\FRS
2014-05-30 11:28 - 2014-05-30 11:28 - 00000942 _____ () C:\Users\George\Desktop\VKMusic 4.lnk
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\Program Files\VKMusic 4
2014-05-29 12:27 - 2014-04-16 15:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-29 12:26 - 2014-04-16 15:15 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-29 12:26 - 2014-04-16 15:15 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-29 12:25 - 2014-04-16 15:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-05-20 15:44 - 2014-05-20 15:44 - 00000979 _____ () C:\Users\George\Desktop\R-Wipe&Clean.lnk
2014-05-20 14:51 - 2014-05-20 14:51 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-05-20 14:51 - 2014-05-20 14:51 - 00000000 ____D () C:\Program Files\DIFX
2014-05-20 14:50 - 2009-07-23 15:02 - 00043008 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\Rtnicxp.sys
2014-05-20 14:50 - 2009-07-20 13:07 - 00073728 _____ () C:\Windows\system32\RtNicProp32.dll
2014-05-20 14:35 - 2014-05-20 14:35 - 00000000 ____D () C:\3DP
2014-05-20 14:05 - 2014-05-20 14:05 - 00002929 _____ () C:\Users\George\Desktop\Photodex ProShow Producer 6.0.3410 EN Portable.exe - Verknüpfung.lnk
2014-05-20 13:25 - 2014-05-20 13:25 - 00000000 ____D () C:\Users\George\Documents\iPixSoft Video Slideshow Maker
2014-05-20 13:22 - 2014-05-20 13:22 - 00001148 _____ () C:\Users\Public\Desktop\iPixSoft Video Slideshow Maker.lnk
2014-05-20 13:05 - 2014-05-20 13:05 - 00002621 _____ () C:\Users\George\Desktop\TweakingRegistryBackup.exe - Verknüpfung.lnk
2014-05-20 12:59 - 2014-05-20 12:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GEORGE-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
2014-05-20 12:54 - 2014-05-20 12:54 - 00000000 ____D () C:\RegBackup

==================== One Month Modified Files and Folders =======

2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\Users\George\AppData\Roaming\ioloGovernor
2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-06-19 16:24 - 2014-04-02 17:22 - 00000000 ____D () C:\Users\George\00  R E S U L T
2014-06-19 16:19 - 2014-06-19 16:15 - 00000000 ____D () C:\FRST
2014-06-19 16:10 - 2014-05-17 18:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-06-19 16:10 - 2014-05-17 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-06-19 16:06 - 2014-06-19 16:04 - 38672200 _____ (IObit ) C:\Users\George\Desktop\asc-setup_7.3.0.454.exe
2014-06-19 16:00 - 2012-12-13 16:47 - 00013222 _____ () C:\Windows\mrfldr.dat
2014-06-19 15:59 - 2013-07-22 15:13 - 00000000 ____D () C:\Users\George\AppData\Roaming\ClassicShell
2014-06-19 15:51 - 2012-12-13 16:47 - 00013222 _____ () C:\Windows\mrfldr.da0
2014-06-19 15:49 - 2014-03-04 19:27 - 00000000 ____D () C:\Users\George\.rainlendar2
2014-06-19 15:49 - 2012-11-10 17:30 - 00000000 ___SD () C:\Program Files\Ad Muncher
2014-06-19 15:48 - 2014-06-19 15:48 - 00059848 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:47 - 2012-10-30 14:02 - 00003725 _____ () C:\Windows\system32\nvapps.xml
2014-06-19 15:46 - 2014-06-19 15:46 - 00000056 _____ () C:\Windows\setupact.log
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 15:46 - 2014-06-19 15:45 - 00274664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 15:46 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 15:45 - 2013-11-18 18:37 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-18 19:04 - 2009-07-14 06:34 - 00023920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 19:04 - 2009-07-14 06:34 - 00023920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 19:03 - 2012-10-28 10:40 - 00000000 ____D () C:\Users\George\AppData\Roaming\DMCache
2014-06-18 19:02 - 2014-06-14 20:47 - 00003314 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 18:55 - 2012-11-22 15:20 - 00000000 ____D () C:\Users\George\AppData\Roaming\The Bat!
2014-06-18 18:52 - 2013-03-16 16:31 - 00000000 ____D () C:\Users\George\AppData\Local\CrashDumps
2014-06-18 18:28 - 2014-03-14 18:01 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-18 18:28 - 2013-06-24 10:49 - 00000000 ____D () C:\Users\George\AppData\Roaming\Everything
2014-06-18 18:23 - 2014-06-04 13:46 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-18 18:15 - 2014-06-06 23:23 - 00000000 ____D () C:\Program Files\ImageJ
2014-06-18 18:08 - 2014-06-11 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2014-06-18 18:08 - 2014-06-11 21:33 - 00000000 ____D () C:\Program Files\Canon
2014-06-18 17:58 - 2014-06-14 11:08 - 00000000 ____D () C:\Program Files\Garden Planner 3
2014-06-18 17:48 - 2013-07-31 11:29 - 00000000 ___RD () C:\Program Files\TreePadBIZ_8
2014-06-18 16:57 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-17 21:19 - 2012-11-10 16:33 - 00081127 _____ () C:\Users\George\Documents\AceText ClipHistory.atc
2014-06-17 21:15 - 2014-06-17 21:15 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  AppData Roa
2014-06-17 21:14 - 2014-06-17 21:14 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  PR
2014-06-17 19:57 - 2014-04-03 10:46 - 00000000 ____D () C:\Users\George\AppData\Roaming\POP Peeper
2014-06-17 19:57 - 2013-11-30 20:32 - 00000000 ____D () C:\Program Files\QTTabBar
2014-06-17 19:57 - 2013-09-24 17:57 - 00000000 ____D () C:\Users\George\AppData\Roaming\AntispamSniper
2014-06-17 19:57 - 2012-10-28 14:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\picpick
2014-06-17 19:57 - 2012-10-27 23:09 - 00000000 ____D () C:\Users\George
2014-06-17 19:57 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-17 19:26 - 2014-06-14 15:22 - 00000000 ____D () C:\Windows\LastGood
2014-06-17 19:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-16 21:22 - 2014-05-12 18:44 - 00000000 ____D () C:\Users\George\AppData\Roaming\LuraTech
2014-06-16 21:22 - 2013-07-31 12:40 - 00015385 _____ () C:\Windows\FileGuard.bin
2014-06-14 20:46 - 2012-12-07 18:38 - 00000000 ____D () C:\Users\George\AppData\Roaming\uTorrent
2014-06-14 20:46 - 2012-10-28 10:40 - 00000000 ____D () C:\Users\George\AppData\Roaming\IDM
2014-06-14 20:45 - 2012-10-28 14:04 - 00000000 ____D () C:\Windows\Minidump
2014-06-14 13:29 - 2014-06-14 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
2014-06-14 13:29 - 2013-10-01 15:25 - 00000000 ____D () C:\Program Files\The Bat!
2014-06-14 11:09 - 2014-06-14 11:09 - 00000000 ____D () C:\Users\George\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-06-14 09:44 - 2014-06-12 19:31 - 00000000 ____D () C:\Program Files\VueScan
2014-06-14 09:33 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-06-14 08:35 - 2013-10-08 13:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 08:34 - 2012-10-28 10:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-12 19:38 - 2014-06-12 18:58 - 00000000 ____D () C:\Program Files\DriverTuner
2014-06-12 19:31 - 2014-06-12 19:31 - 00000947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
2014-06-12 19:31 - 2014-06-12 19:31 - 00000941 _____ () C:\Users\Public\Desktop\VueScan x32.lnk
2014-06-12 19:15 - 2014-06-12 19:15 - 00000000 ____D () C:\Program Files\Common Files\Canon
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files\PC Drivers HeadQuarters
2014-06-12 16:08 - 2012-10-28 14:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-12 16:08 - 2012-10-28 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-12 16:02 - 2013-04-29 14:36 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-12 16:02 - 2013-04-29 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-11 15:55 - 2014-04-12 23:54 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-06-11 15:40 - 2012-11-22 17:11 - 00000000 ____D () C:\Program Files\Align It
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Scribble Code
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\dumps
2014-06-10 22:15 - 2013-01-02 18:06 - 00000000 ____D () C:\Users\George\AppData\Roaming\XnViewMP
2014-06-09 14:30 - 2013-11-01 15:42 - 00000000 ____D () C:\Users\George\Desktop\Azureus
2014-06-09 12:42 - 2014-03-30 13:07 - 00000000 ____D () C:\Users\George\AppData\Roaming\R-Wipe&Clean
2014-06-09 12:40 - 2014-03-30 13:07 - 00000000 ____D () C:\Program Files\R-Wipe&Clean
2014-06-09 12:29 - 2014-06-09 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crosstrainer
2014-06-09 09:33 - 2012-11-11 20:12 - 00634958 _____ () C:\Users\George\Documents\AceText Recycle Bin.atc
2014-06-08 14:02 - 2014-06-06 22:22 - 00001829 _____ () C:\Users\Public\Desktop\R-Wipe&Clean.lnk
2014-06-08 14:02 - 2014-03-30 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R-Wipe&Clean
2014-06-08 13:26 - 2012-11-10 18:01 - 00000000 ____D () C:\Users\George\AppData\Local\privazer
2014-06-08 13:25 - 2014-05-10 13:13 - 00000000 ____D () C:\Program Files\PrivaZer
2014-06-08 13:25 - 2013-08-18 09:26 - 00001811 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2014-06-08 09:35 - 2014-03-26 14:45 - 00000378 _____ () C:\Windows\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000.job
2014-06-07 20:23 - 2014-06-07 20:23 - 188416000 _____ () C:\Users\George\Desktop\ampe.iso
2014-06-07 20:23 - 2014-06-07 20:05 - 00000000 ____D () C:\Program Files\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:08 - 2014-06-07 20:08 - 00001024 ____H () C:\SYSTAG.BIN
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-06-07 20:08 - 2014-06-07 20:06 - 00000082 _____ () C:\Windows\system32\winsevr.dat
2014-06-07 20:05 - 2014-06-07 20:05 - 00001164 _____ () C:\Users\Public\Desktop\AOMEI Backupper Professional Edition 2.0.lnk
2014-06-07 20:05 - 2014-06-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Professional Edition 2.0
2014-06-07 18:51 - 2013-04-30 12:55 - 00000000 ____D () C:\JRT
2014-06-07 15:20 - 2013-10-25 19:41 - 00000957 _____ () C:\Users\George\Desktop\Suche Everything.lnk
2014-06-07 15:20 - 2012-10-28 13:13 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2014-06-07 15:19 - 2012-10-28 11:02 - 00000000 ____D () C:\Program Files\Everything
2014-06-07 15:02 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Tweak-7
2014-06-07 14:32 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Local\Totalidea_Software
2014-06-07 14:30 - 2014-06-07 14:30 - 00001889 _____ () C:\Users\George\Desktop\Tweak-7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001770 _____ () C:\Users\George\Desktop\Shutdown Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Suspend Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Restart Windows 7.lnk
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Windows\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Program Files\Tweak-7
2014-06-07 14:27 - 2014-06-07 14:14 - 00000052 _____ () C:\Windows\system32\actt7.ini
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\OpenSSL-Win32
2014-06-07 13:10 - 2012-10-28 10:40 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-06-06 23:39 - 2014-06-06 23:39 - 00000000 ____D () C:\Program Files\synedra
2014-06-06 23:38 - 2014-06-06 23:38 - 00000000 ____D () C:\Users\George\.imagej
2014-06-06 22:31 - 2012-11-24 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioShell
2014-06-06 22:31 - 2012-11-24 21:44 - 00000000 ____D () C:\Program Files\AudioShell
2014-06-06 22:28 - 2014-06-06 22:28 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-06-06 22:28 - 2014-03-26 14:45 - 00000438 _____ () C:\Users\George\AppData\Local\UserProducts.xml
2014-06-06 13:48 - 2014-06-06 13:48 - 00000000 ____D () C:\Users\George\AppData\Roaming\anyburn
2014-06-06 12:48 - 2014-06-06 12:40 - 00000041 ___SH () C:\ProgramData\.zreglib
2014-06-06 12:38 - 2014-06-06 12:38 - 00000000 ____D () C:\ProgramData\SlySoft
2014-06-06 12:37 - 2014-06-06 12:37 - 00000000 ____D () C:\Program Files\SlySoft
2014-06-06 12:25 - 2014-06-06 12:00 - 00000000 ____D () C:\Users\George\Desktop\Drewes
2014-06-06 11:38 - 2014-05-17 18:30 - 00103744 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BProtectEx.sys
2014-06-05 13:55 - 2014-06-05 13:55 - 00000000 ____D () C:\ProgramData\Opus Professional
2014-06-05 13:54 - 2014-06-05 13:54 - 00001756 _____ () C:\Users\George\Desktop\Opus Pro 9.lnk
2014-06-05 13:54 - 2014-06-05 13:45 - 00000000 ____D () C:\Program Files\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Digital Workshop
2014-06-05 08:07 - 2014-06-07 14:10 - 01177088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-06-05 08:07 - 2014-06-07 14:10 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-06-05 08:07 - 2014-06-07 14:10 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll
2014-06-05 03:06 - 2014-06-05 07:16 - 00113168 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-06-04 14:37 - 2014-06-04 12:53 - 00000000 ____D () C:\Users\George\AppData\Roaming\SideSlide
2014-06-04 14:01 - 2014-06-04 13:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-04 13:54 - 2012-12-05 13:22 - 00000000 ____D () C:\Users\George\Documents\P E R S Ö H N L I C H
2014-06-04 13:42 - 2012-12-23 13:04 - 00000000 ____D () C:\Users\George\AppData\Local\Postbox
2014-06-04 13:39 - 2012-12-23 13:03 - 00000000 ____D () C:\Program Files\Postbox
2014-06-04 13:36 - 2014-06-04 13:36 - 00001779 _____ () C:\Users\Public\Desktop\Postbox.lnk
2014-06-04 13:36 - 2012-12-23 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postbox
2014-06-03 21:43 - 2013-02-06 14:09 - 00000000 ____D () C:\Program Files\Opera
2014-06-03 17:29 - 2013-10-25 19:41 - 00000000 ____D () C:\Users\George\Desktop\bookmarks
2014-06-03 16:37 - 2014-05-03 15:29 - 00000000 ____D () C:\Users\George\AppData\Local\MEGAsync
2014-06-03 12:00 - 2014-06-03 12:00 - 00001259 _____ () C:\Users\Public\Desktop\FlipBook Maker Enterprise.lnk
2014-06-03 12:00 - 2014-04-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kvisoft
2014-06-03 11:58 - 2014-04-01 18:51 - 00000000 ____D () C:\Program Files\kvisoft
2014-06-02 17:56 - 2014-05-15 22:51 - 00001064 _____ () C:\Users\George\Desktop\MEGAsync.lnk
2014-06-02 15:08 - 2013-08-02 11:19 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-06-02 09:57 - 2014-06-02 09:57 - 00859456 _____ (repkasoft) C:\Windows\yowindow.scr
2014-06-01 19:11 - 2013-04-01 14:51 - 00000000 ____D () C:\ProgramData\RFA_Backups
2014-06-01 17:14 - 2013-06-07 19:25 - 00000000 ____D () C:\ProgramData\FILEminimizer
2014-06-01 14:28 - 2013-04-01 14:48 - 00000000 ____D () C:\Program Files\RFA 9
2014-06-01 14:27 - 2014-06-01 14:27 - 00000913 _____ () C:\Users\Public\Desktop\Registry First Aid.lnk
2014-06-01 14:27 - 2014-06-01 14:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 9
2014-05-31 15:08 - 2014-05-31 15:08 - 00003560 ____N () C:\bootsqm.dat
2014-05-31 13:26 - 2014-04-04 13:35 - 00000000 ____D () C:\Users\George\AppData\Roaming\iolo
2014-05-31 13:26 - 2013-11-03 16:10 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-05-31 13:08 - 2014-05-31 13:08 - 00018372 _____ () C:\Users\George\Documents\cc_20140531_130821.reg
2014-05-30 20:37 - 2014-05-30 20:37 - 00000000 ____D () C:\Program Files\FlashDemo.NET
2014-05-30 20:34 - 2014-05-30 20:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\FourthRaySoftware
2014-05-30 20:28 - 2014-05-30 20:28 - 00000000 ____D () C:\FRS
2014-05-30 11:58 - 2013-11-04 12:35 - 00000000 ____D () C:\Users\George\AppData\Roaming\Yandex
2014-05-30 11:40 - 2013-07-30 22:11 - 00000000 ____D () C:\Users\George\AppData\Local\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000942 _____ () C:\Users\George\Desktop\VKMusic 4.lnk
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\Program Files\VKMusic 4
2014-05-29 20:07 - 2012-12-01 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icaros
2014-05-29 20:07 - 2012-12-01 00:34 - 00000000 ____D () C:\Program Files\Icaros
2014-05-29 12:28 - 2013-11-23 14:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-29 12:26 - 2012-12-11 12:42 - 00000000 ____D () C:\Program Files\Java
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-05-28 15:09 - 2014-05-17 18:29 - 00000000 ____D () C:\Program Files\Baidu Security
2014-05-28 15:09 - 2014-05-17 18:15 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-05-28 15:08 - 2014-05-17 18:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\Baidu Security
2014-05-20 15:44 - 2014-05-20 15:44 - 00000979 _____ () C:\Users\George\Desktop\R-Wipe&Clean.lnk
2014-05-20 14:51 - 2014-05-20 14:51 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-05-20 14:51 - 2014-05-20 14:51 - 00000000 ____D () C:\Program Files\DIFX
2014-05-20 14:35 - 2014-05-20 14:35 - 00000000 ____D () C:\3DP
2014-05-20 14:25 - 2012-10-28 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-05-20 14:05 - 2014-05-20 14:05 - 00002929 _____ () C:\Users\George\Desktop\Photodex ProShow Producer 6.0.3410 EN Portable.exe - Verknüpfung.lnk
2014-05-20 13:25 - 2014-05-20 13:25 - 00000000 ____D () C:\Users\George\Documents\iPixSoft Video Slideshow Maker
2014-05-20 13:25 - 2014-05-19 12:22 - 00000000 ____D () C:\Users\George\AppData\Roaming\iPixSoft
2014-05-20 13:22 - 2014-05-20 13:22 - 00001148 _____ () C:\Users\Public\Desktop\iPixSoft Video Slideshow Maker.lnk
2014-05-20 13:22 - 2014-05-19 12:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iPixSoft
2014-05-20 13:22 - 2014-05-19 12:18 - 00000000 ____D () C:\Program Files\iPixSoft
2014-05-20 13:05 - 2014-05-20 13:05 - 00002621 _____ () C:\Users\George\Desktop\TweakingRegistryBackup.exe - Verknüpfung.lnk
2014-05-20 12:59 - 2014-05-20 12:59 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-GEORGE-PC-Microsoft-Windows-7-Enterprise-(32-bit).dat
2014-05-20 12:54 - 2014-05-20 12:54 - 00000000 ____D () C:\RegBackup

Files to move or delete:
====================
C:\ProgramData\whlpusp32.dll
C:\ProgramData\wvG1VtaE.dat


Some content of TEMP:
====================
C:\Users\George\AppData\Local\Temp\HitmanPro.exe
C:\Users\George\AppData\Local\Temp\QTTabBar.exe
C:\Users\George\AppData\Local\Temp\TBIstRes.dll
C:\Users\George\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2012-10-28 10:15] - [2014-05-01 16:25] - 2691072 ____A (Microsoft Corporation) 9E9F0A0A6CA17370448044242E9F0AC7

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-03-02 19:17

==================== End Of Log ========================

--- --- ---

--- --- ---

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:18-06-2014
Ran by George at 2014-06-19 16:29:01
Running from C:\Users\George\00  R E S U L T
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 2.0.4 - BitTorrent Inc.)
1-abc.net Settings Organizer (Remove only) (HKLM\...\1-abc.net Settings Organizer) (Version:  - )
3D Image Commander 2.20 (HKLM\...\3D Image Commander_is1) (Version:  - binerus)
3D Youtube Downloader (HKLM\...\3D Youtube Downloader) (Version: 1.0.16 - 3DYD Soft)
8 Skin Pack RTM-X86 (HKLM\...\8 Skin Pack) (Version: RTM-X86 - Skin Pack)
AAA (HKLM\...\SmartDeblur_is1) (Version: 2.0b - )
Ace Stream Media 2.2.4-next (HKCU\...\AceStream) (Version: 2.2.4-next - Ace Stream Media)
AceText 3.1.3 (HKLM\...\AceText) (Version: 3.1.3 - Just Great Software)
Ad Muncher 4.93 Build 33707/4486 (HKLM\...\{0EB5F29D-6CC8-4C3A-B300-96154AB3BCBD}_is1) (Version:  - © Murray Hurps Corp Pty Ltd / Andron1975)
Ad Muncher v4.93.33707 (HKCU\...\Ad Muncher) (Version:  - )
ADinf32 v4.14 (HKLM\...\{D93B1C80-470D-484B-98EC-DC695D06E2BE}) (Version: 4.14.0006 - ADinf Development Team)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Align It! 2.12 (HKLM\...\Align It!_is1) (Version: 2.12 - Digital42, Sandra Erb)
AntispamSniper for TheBat! (HKLM\...\AntispamSniper for TheBat!) (Version:  - )
AOMEI Backupper Professional Edition 2.0 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF55E6C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
A-PDF INFO Changer 2.0 (HKLM\...\A-PDF INFO Changer_is1) (Version:  - A-PDF.com)
A-PDF Restrictions Remover (HKLM\...\A-PDF Restrictions Remover_is1) (Version:  - A-PDF Solution)
Atlantis Word Processor (HKLM\...\Atlantis Word Processor) (Version:  - )
Audiogalaxy (HKCU\...\Audiogalaxy) (Version:  - )
AudioShell 2.0 beta 2 (HKLM\...\AudioShell_is1) (Version: 2.0 beta 2 - Softpointer Inc)
AVS Video Converter 8.5 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.1.4.150 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.1.4.150 - Online Media Technologies Ltd.)
Baidu PC Faster (HKLM\...\Baidu PC Faster 4.0.0.0) (Version: 4.0.7.71692 - Baidu Inc.) <==== ATTENTION
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Beyond Compare 3.3.10 (HKLM\...\BeyondCompare3_is1) (Version: 3.3.10.17762 - Scooter Software)
Brightness Guide 2.0.3 (HKLM\...\Brightness Guide_is1) (Version: 2.0.3 - Tint Guide)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CaptureSaver V4.2.5 (HKLM\...\CaptureSaver_is1) (Version:  - www.CaptureSaver.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CD Audio Reader Filter (remove only) (HKLM\...\CD Audio Reader Filter) (Version:  - )
CFi ShellToys v7.4.0 (HKLM\...\CFi ShellToys XP_is1) (Version: 7.4.0 - Cool Focus International Ltd)
Check&Get 3.4 (HKLM\...\CheckAndGet_2xx_is1) (Version: 3.4 - ActiveURLs)
CHM Editor (HKLM\...\CHM Editor) (Version: 1.4 - )
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
ClipName (HKLM\...\ClipName) (Version:  - )
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
DCoder Image Source (remove only) (HKLM\...\DCoder Image Source) (Version:  - )
Debugging Tools for Windows (x86) (HKLM\...\{D09605BE-5587-4B0C-86C8-69B5092CB80F}) (Version: 6.12.2.633 - Microsoft Corporation)
DeskTopAuthor (HKLM\...\{C27B94AA-60AB-4B50-9D63-0928CDC889C3}) (Version: 7.1.5 - dnaml Pty Ltd)
DiaShow von Helmut Rohrbeck (HKLM\...\DiaShow) (Version:  - Helmut Rohrbeck)
Disk Checker (HKLM\...\Disk Checker) (Version:  - )
Document Express DjVu Plug-in (HKLM\...\{09F72EA9-ECE7-459C-BA6D-BCA10C1B5F7C}) (Version: 6.1.31219 - Caminova, Inc.)
Dokan Library 0.6.0 (HKLM\...\DokanLibrary) (Version:  - )
DokuTool (Non Commercial Edition) (HKLM\...\DokuTool 1.0R6_is1) (Version: 1.0.6.3 - Castelware Software GmbH)
DScaler 5 Mpeg Decoders (HKLM\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
Encrypt My Folder (HKLM\...\Encrypt My Folder) (Version:  - )
Enterra Icon Keeper Deluxe 1.1 (HKLM\...\Enterra Icon Keeper Deluxe_is1) (Version:  - Enterra, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Everything 1.3.4.662b (x86) (HKLM\...\Everything) (Version:  - )
Exif Tag Remover 5.0 (HKLM\...\Exif Tag Remover_is1) (Version:  - RL Vision)
FastImageResizer (remove only) (HKLM\...\FastImageResizer) (Version:  - )
FeedDemon (HKLM\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
FenrirFS 2.4.7 (HKLM\...\FenrirFS_is1) (Version:  - Fenrir Inc.)
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
File Property Edit Pro (HKCU\...\File Property Edit Pro) (Version: 3.80 - foryoursoft)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FilerFrog (HKLM\...\{29294ED4-4606-4DAD-B49A-359D12337ED3}) (Version: 2.2.0 - FilerFrog)
FileSearchEX (HKLM\...\FileSearchEX) (Version: 1.0.8.9 - GOFF Concepts LLC)
Fireplace Screensaver (HKLM\...\Fireplace Screensaver) (Version:  - )
Flame Painter 2 Pro 2.5 (HKLM\...\Flame Painter 2 Pro_is1) (Version: 2.5 - Escape Motions, s.r.o)
Flash Player Pro V5.7 (HKLM\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Flip Image (HKLM\...\Flip Image_is1) (Version:  - Flipbuilder Solution)
Flip Writer (HKLM\...\Flip Writer_is1) (Version:  - Flipbuilder Solution)
FlipBook Maker Pro 3.6.8 (HKLM\...\FlipBook Maker Pro_is1) (Version: 3.6.8 - Kvisoft Co,. Ltd)
Flipbook Maker Pro 4.0.0 (HKLM\...\Kvisoft Flipbook Maker Pro_is1) (Version: 4.0.0 - kvisoft.com)
Flipbook Maker4.0.0 (HKLM\...\Kvisoft FlipBook Maker Enterprise_is1) (Version: 4.0.0 - kvisoft.com)
FlipCreator (version 4.6.2.5) (HKLM\...\FlipCreator_is1) (Version:  - Alive Software, Inc.)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 6.0.0202 (HKLM\...\FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1) (Version:  - Aone Software)
FMS Empty File Remover 2.9.1 (HKLM\...\{1C363729-80C0-43D6-A975-6C2BC18A5708}_is1) (Version:  - FileManagerSoft Ltd.)
FMS Empty Folder Remover 1.9.1 (HKLM\...\{B8AA2821-ECF5-496C-BBC1-45B66B56B049}_is1) (Version:  - FileManagerSoft Ltd.)
Folder Actions 1.1 for Windows (HKLM\...\Folder Actions 1.1 for Windows_is1) (Version:  - Leonid Parshukov)
Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)
FolderHighlight 2.4 (HKLM\...\FolderHighlight_is1) (Version: 2.4 - eRiverSoft)
FotoBeschriften 4.2.2.425 (HKLM\...\FotoBeschriften_is1) (Version: 4.2.2.425 - SpeedySoft)
Fresh Flash Catalog 3.7 (HKLM\...\{686D28EC-CD2A-4033-A98D-A50CB2A49D8D}_is1) (Version:  - Gokhan Bulut)
Gabest MPEG Splitter (remove only) (HKLM\...\Gabest MPEG Splitter) (Version:  - )
GiliSoft Privacy Protector 4.1 (HKLM\...\{E282A694-F6F9-46DC-AFA4-023EEF08708F}}_is1) (Version: 4.1 - Gilisoft International LLC.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
GreedyTorrent v1.01 beta build 170 (HKLM\...\GreedyTorrent_is1) (Version:  - Alex N J (www.alexnj.com))
Gyazo 2.0.1 (HKLM\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
HashOnClick (HKLM\...\HashOnClick_is1) (Version:  - 2BrightSparks)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
HideGuard VPN 2.2.0.0 (HKLM\...\{A7BD5DA5-85A2-4FA6-8270-DDEDDBE51379}}_is1) (Version:  - iTVA LLC)
Hot Virtual Keyboard 8.1.5.0 (HKLM\...\{0F896F26-E9C0-4331-BB90-28CDDA490C93}_is1) (Version: 8.1 - Comfort Software Group)
HyperSnap 7 (HKLM\...\HyperSnap 7) (Version: 7.26.01 - Hyperionics Technology LLC)
Icaros 2.2.5 (HKLM\...\Icaros_is1) (Version: 2.2.5.301 - Tabibito Technology)
IcoFX 2.3.1 (HKLM\...\IcoFX 2_is1) (Version:  - )
Image Comparer v3.8 (HKLM\...\{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1) (Version: 3.8 - Bolide Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - )
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5273 - IncrediMail Ltd.)
IncrediMail JunkFilter Plus (HKLM\...\JunkFilterPlus) (Version: 6001167 - IncrediMail Ltd.)
Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iolo technologies' System Mechanic Business (HKLM\...\{ED8F147C-7306-416E-AE7D-86DBC731622A}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iPixSoft Flash Slideshow Creator (4.3.0.0) (HKLM\...\iPixSoft Flash Slideshow Creator_is1) (Version: 4.3.0.0 - iPixSoft)
iPixSoft Video Slideshow Maker (3.3.0.0) (HKLM\...\iPixSoft Video Slideshow Maker_is1) (Version: 3.3.0.0 - iPixSoft)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.8.05.13 - Oracle, Inc.) Hidden
JSignPdf 1.5.1 (HKLM\...\JSignPdf_is1) (Version: 1.5.1 - Josef Cacek)
just another nasty editor (HKLM\...\just another nasty editor) (Version: 1.68.0.0 - TryAndError, Inc. / AreYouParanoid? :))
jv16 PowerTools 2014 (HKLM\...\jv16 PowerTools 2014) (Version:  - Macecraft Software)
K-Lite Mega Codec Pack 10.5.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
Kompas (HKLM\...\Kompas) (Version: 0.1.2 - Humanity)
Kvisoft Flash Slideshow Designer 1.6.0 (HKLM\...\Kvisoft Flash Slideshow Designer_is1) (Version: 1.6.0 - Kvisoft Co.,Ltd.)
Lazesoft Recovery Suite version 3.3 Unlimited Edition (HKLM\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 3.3 - Lazesoft)
Letasoft Sound Booster Version 1.1 (HKLM\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.1 - Letasoft LLC)
Lightshot-5.1.3.0 (HKLM\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.1.3.0 - Skillbrains)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
LucisArt 3.0.5 ED/SE (HKLM\...\{CB30938E-2BCE-4837-9FEB-EB5DAB000235}) (Version: 3.0.5.0 - Image Content Technology)
LuraTech PDF Compressor Desktop 6.1.2.5 (HKLM\...\{DDD86B37-FF0A-4FCC-A415-0B69714F9901}) (Version: 6.1.2005 - LuraTech Imaging GmbH)
Machete 4.0 (HKLM\...\{5E305628-4161-4234-B718-D13623DE66C1}) (Version: 4.0.22 - MacheteSoft)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6427 - Paramount Software (UK) Ltd.) Hidden
Macrorit Disk Scanner 2013 (HKLM\...\Macrorit Disk Scanner) (Version: 2013 - Macrorit Inc.)
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
MagicYUV Lossless Video Codec version 0.9alpha (HKLM\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 0.9alpha - INNOMAGIC, Ltd.)
Mail.Ru Cloud (HKLM\...\{776AF05B-784A-416F-B14C-31A1FBAF8B19}_is1) (Version: 15.01.0015 - Mail.Ru Group) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.2.1007 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1007 - Malwarebytes Corporation)
MAXA Cookie Manager Pro 5.3 (HKLM\...\MAXA Cookie Manager_is1) (Version:  - MAXA)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.0.4000 - Maxthon International Limited)
MediaDrug (HKLM\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B0) (Version: 1.0 - MediaDrug)
MediaTab (HKLM\...\MediaTab) (Version: 1.2 - Juan Manuel Lozano Contreras)
MEGAsync 1.0.22 (HKLM\...\MEGAsync) (Version: 1.0.22 - Mega Limited)
MetaProducts Inquiry (HKLM\...\metaprodInq) (Version:  1.11.600 beta [build 0.18] - evgen_Ú)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Research Project Colletta (Version: 3.0.0.0 - Microsoft Research Ltd) Hidden
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsys Launcher (HKLM\...\560CEE382FE04EEE8EE428712CD776BE_is1) (Version: 2.0.0 - Micro-Sys ApS)
MirrorFolder 5.0.294.116 (Retail) (HKLM\...\ce876f80-8a31-11d4-b9d2-002018382069_is1) (Version: 5.0.294.116 - Techsoft)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0a1 - Mozilla)
MP3Cover (HKLM\...\MP3Cover) (Version:  - )
MP3-Info extension V3.4.25 (HKLM\...\MP3-Info extension_is1) (Version: 3.4.25 - Fabian Cenedese)
MP3jam 1.0.0.2 (HKLM\...\MP3jam_is1) (Version: 1.0.0.2 - MP3jam)
Mp3tag v2.58 (HKLM\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MRU-Blaster v1.5 (Database 3.28.04) (HKLM\...\MRU-Blaster_is1) (Version: 1.5 - BrightFort LLC)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Nightly 28.0a1 (x86 en-US) (HKLM\...\Nightly 28.0a1 (x86 en-US)) (Version: 28.0a1 - Mozilla)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
OkayFreedom (HKLM\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.1 - Steganos Software GmbH)
OnTranslator (HKLM\...\OnTranslator) (Version: 1.0.140 - )
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
OpenSSL 1.0.1h Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 20.0.1387.91 (HKLM\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
Opera Stable 21.0.1432.57 (HKLM\...\Opera 21.0.1432.57) (Version: 21.0.1432.57 - Opera Software ASA)
Opus Pro 9 (HKLM\...\Opus Pro 9) (Version: 9 - Digital Workshop)
Pale Moon 24.5.0 (x86 en-US) (HKLM\...\Pale Moon 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
PDF Creator Pilot 4.3  (HKLM\...\{467D4F46-B75D-4E9F-B710-D933D687B9BD}) (Version: 4.3 - Two Pilots)
PDF Page Delete 1.1 (HKLM\...\PDF Page Delete_is1) (Version:  - PDF Page Delete)
PDF-Tools 4 (HKLM\...\{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1) (Version: 4.0.214.2 - Tracker Software Products Ltd)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd)
PDF-XChange 2012 Pro (HKLM\...\{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1) (Version: 5.0.273.2 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM\...\{2eef0fe2-cc4a-47d6-959c-de2d5c2cc40b}) (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.) Hidden
PerfectTUNES (HKLM\...\PerfectTUNES) (Version: Release 1 Unregistered - Cloud Audio)
PhotoFiltre Studio X (HKCU\...\PhotoFiltre Studio X) (Version:  - )
Photoupz 1.7.1 (HKLM\...\Photoupz) (Version: 1.7.1 - EvenPixel Ltd)
PicPick (HKLM\...\PicPick) (Version: 3.3.3 - NTeWORKS)
PicturesToExe 8.0 (HKLM\...\{A254D625} PicturesToExe 8.0_is1) (Version: 8.0.3 - WnSoft)
POP Peeper (HKLM\...\POP Peeper) (Version:  - Mortal Universe)
Postbox (3.0.11) (HKLM\...\Postbox (3.0.11)) (Version: 3.0.11 (en-US) - Postbox, Inc.)
Primg version 1.2.1.2 (HKLM\...\Primg_is1) (Version: 1.2.1.2 - Hiroshi Inagaki)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.2 - PWI, Inc.)
PrivaZer (HKLM\...\PrivaZer) (Version: 2.21.1.0 - Goversoft LLC)
PrivitizeVPN (HKLM\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION
Project Colletta (HKLM\...\{d6074b06-1636-45dd-bf35-baf3e6d131d2}) (Version: 3.0.0.0 - Microsoft Research Ltd)
Project ROME (HKLM\...\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 0.9.0 (157403) - Adobe Systems Incorporated.)
PS Tray Factory 3.2 (HKLM\...\PS Tray Factory_is1) (Version:  - PS Soft Lab)
PSD Codec by Ardfry Imaging, LLC (32 bit) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.6.1.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.6.1.0 - Ardfry Imaging, LLC)
QTranslate 5.3.1 (HKLM\...\QTranslate) (Version: 5.3.1 - QuestSoft)
RadioSure (HKCU\...\RadioSure) (Version:  - )
Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version:  - )
Registry Crawler (HKLM\...\Registry Crawler) (Version:  - )
Registry First Aid 9 (HKLM\...\RFA9_is1) (Version: 9.3.0 - RoseCitySoftware)
Registry Trash Keys Finder (Freeware) (HKLM\...\Registry Trash Keys Finder) (Version: 3.9.2.1 - SNC)
RegVac Registry Cleaner 5.02 (Registered Version) (HKLM\...\RegVac Registry Cleaner (Registered Version)_is1) (Version:  - Super Win Software, Inc.)
Resonic Alpha (HKLM\...\Resonic Alpha) (Version: 0.58.0.999 - Liqube)
RidNacs 2.0.3 (HKLM\...\RidNacs_is1) (Version:  - Stephan Plath)
Right Click Enhancer Professional 4.1.4 (HKLM\...\Right Click Enhancer Professional) (Version: 4.1.4 - RBSoft, Inc.)
Rio Internet Update (HKLM\...\{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}) (Version: 2.90 - Rio Audio)
Rio Music Manager (HKLM\...\{282EF7E3-AE54-48AE-A11D-27F512F23AB3}) (Version: 2.90 - Rio Audio)
RoboForm 7-9-7-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-7-5 - Siber Systems)
R-Wipe&Clean 10.3 (HKLM\...\R-Wipe&Clean_is1) (Version:  - R-tools Technology Inc.)
Sandboxie 4.06 (32-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Screenpresso (HKCU\...\Screenpresso) (Version: 1.4.2.0 - LearnPulse)
Secret Notes version 1.2.1 (HKLM\...\{E5618ECE-CFCC-489B-BC91-3CC0AAC0B253}_is1) (Version: 1.2.1 - Softorino)
SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version:  - )
SendTo-Convert version 2.7.1.4 (HKLM\...\SendTo-Convert_is1) (Version: 2.7.1.4 - Hiroshi Inagaki)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.519 - ShadowDefender.com)
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
ShadowProtect Desktop (Version: 4.15.9340 - StorageCraft) Hidden
ShareX 9.0.0 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 9.0.0 - ShareX Developers)
Sigil 0.6.1 (HKLM\...\Sigil_is1) (Version:  - John Schember)
SkinPack 9-win7-ver1 (HKLM\...\SkinPack) (Version: 9-win7-ver1 - SkinPack)
Smart Mail Notifier v2.0 (HKLM\...\Smart Mail Notifier_is1) (Version: 2.0 - Smart PC Solutions)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 1.00.9376 - SoftEther Project)
Sohodox 8.3 (HKLM\...\Sohodox_is1) (Version: 8 - ITAZ)
Sound Normalizer 5.72 (HKLM\...\Sound Normalizer_is1) (Version: 5.72 - Kanz Software)
Stanza (HKLM\...\Stanza) (Version:  - )
Stickies 7.1e (HKLM\...\ZhornStickies) (Version:  - Zhorn Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBackPro (HKLM\...\SyncBackPro_is1) (Version: 6.5.38.0 - 2BrightSparks)
SysTrayX (HKLM\...\SysTrayX) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Bat! Professional v6.4.6 (HKLM\...\{F2A4C568-45FB-49DE-BEF3-304E870E3A2F}) (Version: 6.4.6 - Ritlabs)
Thumbnail me 3.0 (HKCU\...\Thumbnail me 3.0) (Version:  - )
Toolwiz FlipBook (HKLM\...\Toolwiz FlipBook_is1) (Version: 1.5.0.0 - Toolwiz)
TP-LINK Client Installation Program (Version: 7.0 - TP-LINK) Hidden
TreePad Business Edition 8.1 (HKLM\...\TreePadBiz) (Version:  - )
Trojan Remover 6.9.1.2929 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software)
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 6.6.3 beta - Tordex)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
TunnelBear (HKLM\...\{2871e92a-2f78-488c-89a4-cabdf26de1d3}) (Version: 2.2.17.0 - TunnelBear)
TunnelBear (Version: 2.2.17.0 - TunnelBear) Hidden
TVgenial 4.10 (HKLM\...\TVgenial) (Version:  - )
Tweak-7 (HKLM\...\Tweak-7) (Version: 1.0 build 1175 - Totalidea Software)
TweakNow PowerPack (HKLM\...\TweakNow PowerPack_is1) (Version: 4.3.0 - TweakNow.com)
UFS Explorer Professional Recovery, version 5.11.1 (HKLM\...\UFS Explorer Professional Recovery (version 5)_is1) (Version: 5.11.1 - LLC "SysDev Laboratories")
UltimateDefrag (HKLM\...\UltimateDefrag) (Version: 4.0.98.0 - DiskTrix, Inc.)
Ultra Video Converter 5.5.0401 (HKLM\...\Ultra Video Converter_is1) (Version:  - Aone Software)
UltraChm 1.0 (HKLM\...\UltraChm) (Version: 1.0 - UltraChm company, Inc.)
uMark 5 (HKLM\...\uMark) (Version: 5.0 - Uconomix)
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 6.3 - fCoder Group, Inc.)
Unknown Device Identifier 8.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.01 - Huntersoft)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
USB Safely Remove 5.2 (HKLM\...\USB Safely Remove_is1) (Version:  - SafelyRemove.com)
uTorrent Turbo Booster (HKLM\...\uTorrent Turbo Booster) (Version: 4.0.2.0 - DownloadBoosters LLC)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VeryPDF Flipbook Maker v2.0 (HKLM\...\VeryPDF Flipbook Maker v2.0_is1) (Version:  - VeryPDF.com Company)
VIS (HKLM\...\VIS) (Version:  - ) <==== ATTENTION
VisiPics V1.31 (HKLM\...\VisiPics_is1) (Version:  - Ozone)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VKMusic 4 (HKLM\...\VKMusic 4_is1) (Version: 4.59 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VPNium  (HKLM\...\VPNium) (Version:  - )
VT Hash Check 1.42 (HKLM\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.42 - Boredom Software)
VueScan x32 (HKLM\...\VueScan x32) (Version:  - )
Watermark Factory 2 (HKLM\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version:  - WatermarkFactory.com)
Watermark Software (HKCU\...\WatermarkSoftware) (Version:  - Watermark Software. All Rights Reserved.)
Web Research Network Add-on (HKLM\...\{DD76AABA-7E4E-4EB6-ACD3-990347356B31}) (Version: 2.80.0336 - macropool GmbH)
WebResearch 3 (HKLM\...\{BD42A7E4-1104-411D-80A9-8E75DE5D9741}) (Version: 3.10.4912 - macropool GmbH)
Win8.1 SkinPack X86 (HKLM\...\Win8.1 SkinPack) (Version: X86 - SkinPack)
Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8023xp) Net  (07/23/2009 6.111.0723.2009) (HKLM\...\E8D765D6F2FD9EF4896D3FB22C0A204D56298D28) (Version: 07/23/2009 6.111.0723.2009 - Realtek Semiconductor Corp.)
WindowTabs (HKLM\...\{8FB716E9-A14D-4983-8DE0-818CFFF24658}) (Version: 0.0.60 - Bemo Software, Inc.)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WonderFox Photo Watermark (HKCU\...\WonderFoxPhotoWatermark) (Version:  - WonderFox Soft. All Rights Reserved.)
Wondershare MobileGo for Android ( Version 2.0.1 ) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 2.0.1 - Wondershare)
Word Artist 2.0 (HKLM\...\{8CB66CF8-F0FC-4EE1-BC98-9EC1EA6F0486}) (Version: 2.0 - Fotoview)
XFlip 2.0.1 (HKLM\...\XFlip Pro_is1) (Version: 2.0.1 - xflip.com)
XnView 2.22 (HKLM\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
XnViewMP 0.64 (HKLM\...\XnViewMP_is1) (Version: 0.64 - Gougelet Pierre-e)
xp-AntiSpy 3.98-2 (HKLM\...\xp-AntiSpy) (Version:  - Christian Taubenheim)
X-Proxy (HKCU\...\e9149030bbc2ac48) (Version: 5.2.0.3 - Sauces Software)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
YoWindow (HKLM\...\yowindow) (Version: 3 - RepkaSoft)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )
Zoom Player deutsche Sprachdateien (entfernen) (HKLM\...\ZoomPlayer_German) (Version:  - )
Zoom Player Russian language (remove only) (HKLM\...\ZoomPlayer_Russian) (Version:  - )
ЛовиВконтакте 3.2.0.0 (HKLM\...\{FD655D52-4E33-40CB-A4D9-21F99DA70712}}_is1) (Version:  - iTVA LLC.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-14 09:52 - 00002351 ____A C:\Windows\system32\Drivers\etc\hosts
	127.0.0.1 tonec.com
	127.0.0.1 www.tonec.com
	127.0.0.1 registeridm.com
	127.0.0.1 www.registeridm.com
	127.0.0.1 secure.registeridm.com
	127.0.0.1 internetdownloadmanager.com
	127.0.0.1 www.internetdownloadmanager.com
	127.0.0.1 secure.internetdownloadmanager.com
	127.0.0.1 www.secure.internetdownloadmanager.com
	127.0.0.1 mirror.internetdownloadmanager.com
	127.0.0.1 www.mirror.internetdownloadmanager.com
	127.0.0.1 mirror2.internetdownloadmanager.com
	127.0.0.1 www.mirror2.internetdownloadmanager.com
	127.0.0.1 mirror3.internetdownloadmanager.com
	127.0.0.1 www.mirror3.internetdownloadmanager.com
	127.0.0.1 validation.sls.microsoft.com
     127.0.0.1 174.133.70.101:443 
     127.0.0.1 174.133.70.101:80 
     127.0.0.1 174.133.70.98 
     127.0.0.1  *internetdownloadmanager.com/data/395012712/register.cgi 
      127.0.0.1  *registeridm.com*
	127.0.0.1 sublimetext.com
	127.0.0.1 www.sublimetext.com
      127.0.0.1 foryoursoft.com
      127.0.0.1 formessengers.com
      127.0.0.1 www.radiosure.com
      127.0.0.1 activation.acronis.com 
      127.0.0.1 support.wondershare.net
      127.0.0.1 www.wondershare.net
      127.0.0.1 support.wondershare.com
      127.0.0.1 www.wondershare.com
      127.0.0.1 www.hamrick.com
      127.0.0.1 stats.hamrick.com
      127.0.0.1 static.hamrick.com
      127.0.0.1 server-54-230-97-253.arn1.r.cloudfront.net

==================== Scheduled Tasks (whitelisted) =============

Task: {09570B1A-14BB-44AC-8CAB-7B68E93AC280} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)
Task: {0F608FDE-6036-49A1-A50E-8C002589EE09} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic Business\iologovernor.exe [2013-12-04] (iolo technologies, LLC)
Task: {128127EF-57FE-41D5-9AC1-CB53011BCA86} - \GoogleUpdateTaskUserS-1-5-21-3944665068-2704869593-2486753056-1000Core No Task File <==== ATTENTION
Task: {19E2F0D9-6D8F-427C-A727-4250513D6656} - System32\Tasks\update-sys => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {1CEEC936-3839-4AD7-9AF6-46509747BDDD} - System32\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe [2014-03-25] ()
Task: {4A589E1A-179E-4AA1-8BA4-B58F3358527B} - System32\Tasks\Baidu PC Faster Update => C:\Program Files\Baidu Security\PC Faster\4.0.0.0\Updater.exe [2014-06-06] (Baidu Inc.)
Task: {4D2FF0DB-9245-4A61-B080-88A7A737FA5F} - \{2CA3B5DE-7774-437B-A36A-C2712266C77A} No Task File <==== ATTENTION
Task: {52DCADF7-033E-48C9-AF6E-DA9012D0C018} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {59819765-5525-47C0-8EE3-72ED45C955BE} - System32\Tasks\Baidu PC Faster Service => C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [2014-06-06] (Baidu Inc.)
Task: {5D9317A8-208E-4A4E-AEE6-A207BBF62486} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C7251DC-4F76-4FBF-85F2-A10A2F5F8A44} - \GoogleUpdateTaskUserS-1-5-21-3944665068-2704869593-2486753056-1000UA No Task File <==== ATTENTION
Task: {70542A51-2B78-40F4-8820-374369D1D464} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {97E9E9E8-1185-4E51-86F4-ABB841136AD2} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {BA4D3980-A9B5-4200-B679-7725F045B808} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMPMNMJMLMKLJMLLMMCNOMHMKLMMCNJLHMPMMLCNNLOLKLNMCNLMNMMLKLLLLLKMMMNMMLHMOMJNJICMIMCNHMCNMMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMJMJMJMJNHICMEKMICNJJCKJNBJCMILKJAJNIIJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {CF2863FC-D335-4387-BB4E-AA2AA8E2D41E} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {F3DFFDE9-6F58-4D72-ADA5-D9263F4E1A9D} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2014-05-14] (Maxthon International ltd.)
Task: {F45CB7D8-7A07-4332-908A-323157C4477C} - System32\Tasks\Opera scheduled Autoupdate 1380044755 => C:\Program Files\Opera Developer\launcher.exe
Task: {FDA56282-9D40-4F98-B6F7-A9FBDF98A578} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-09-15 10:42 - 2012-09-15 10:42 - 00091648 _____ () C:\Program Files\MacType\EasyHK32.dll
2012-11-10 17:56 - 2009-01-12 08:15 - 00071096 _____ () C:\Windows\system32\NMSAccessU.exe
2013-03-12 14:37 - 2012-10-16 11:27 - 00522912 _____ () C:\Program Files\Letasoft Sound Booster\Filters\gain.dll
2013-10-16 15:42 - 2010-04-26 02:18 - 00053248 _____ () C:\Program Files\PS Tray Factory\HKDll.dll
2012-11-10 16:32 - 2010-11-28 10:43 - 00236544 _____ () C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe
2013-07-04 21:09 - 2013-07-04 21:09 - 00348672 _____ () C:\Program Files\POP Peeper\sqlite3.dll
2013-07-25 01:04 - 2013-07-25 01:04 - 00110080 _____ () C:\Program Files\POP Peeper\zip.dll
2013-12-13 19:07 - 2013-12-15 20:43 - 00988861 _____ () C:\Program Files\Ad Muncher\AdMuncherUpdater.exe
2014-03-04 19:32 - 2014-01-20 09:48 - 02611808 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2014-03-04 19:33 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
2014-03-04 19:33 - 2014-01-04 19:20 - 00249344 _____ () C:\Program Files\Rainlendar2\libical.dll
2014-03-04 19:32 - 2014-01-20 09:48 - 00060512 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-03-04 19:33 - 2014-01-04 19:00 - 00065024 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2014-03-04 19:33 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
2011-02-23 17:08 - 2011-02-23 17:08 - 00080384 _____ () C:\Program Files\FileBX\FbxRes.dll
2014-04-01 07:41 - 2014-01-10 11:26 - 03014656 _____ () C:\Program Files\WindowTabs\WindowTabs.exe
2013-10-11 19:52 - 2014-04-22 18:16 - 00835584 _____ () C:\Program Files\Opera\gstreamer\gstreamer.dll
2013-10-11 19:52 - 2014-04-22 18:16 - 00093696 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00094208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00057344 _____ () C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00096256 _____ () C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00062976 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00067072 _____ () C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00158208 _____ () C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00312832 _____ () C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00038912 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00073728 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
2013-10-11 19:52 - 2014-04-22 18:17 - 00101888 _____ () C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
2014-04-15 04:21 - 2014-06-06 11:47 - 00594112 _____ () C:\Program Files\Baidu Security\PC Faster\4.0.0.0\sqlite.dll
2013-07-31 12:40 - 2012-02-06 16:28 - 00053248 _____ () C:\Program Files\GiliSoft\Privacy Protector\FileLockPlugin.dll
2013-07-31 12:40 - 2012-02-08 14:23 - 00708608 _____ () C:\Program Files\GiliSoft\Privacy Protector\KernalUI.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Program Files\Sohodox Desktop:{36007700-3300-6800-3100-33004D004B00}
AlternateDataStreams: C:\Windows\MSI Package Builder 4 Enterprise.xml:MSI_Package_Builder
AlternateDataStreams: C:\Windows\win.ini:WINDOWS
AlternateDataStreams: C:\Windows\system32\desktop.ini:WIN64
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\Users\George\Documents\-----A P P S-----:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\-----A P P S-----:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\----Kostenlos Faxe verschicken----:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\----Kostenlos Faxe verschicken----:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\A N D R O I D +W I N  Tools+Stream:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\A N D R O I D +W I N  Tools+Stream:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Add-in Express:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Add-in Express:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:OECustomProperty
AlternateDataStreams: C:\Users\George\Documents\Anki:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Anki:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Atlantis:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Atlantis:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Brain - GEO_brain:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Brain - GEO_brain:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Calibre Bibliothek:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Calibre Bibliothek:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Calibre Portable:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Calibre Portable:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\CaptureSaver:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\CaptureSaver:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Englische Schimpfwörter:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Englische Schimpfwörter:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Google mit anderen Mail verbinden:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Google mit anderen Mail verbinden:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\IC3:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\IC3:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\INFO+Haushalt:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\INFO+Haushalt:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Micro-Sys:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\mobile:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\My Digital Editions:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\P E R S Ö H N L I C H:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Ratgeber Photovoltaik:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\SecretNotes:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\ShareX:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Simply Super Software:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\SMA Off-Grid Configurator v.1.09 - Solarenergie:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Web Research:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Web-Recherchen:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\webkit:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Weihnachten+Christmas Tree 1.8 - Portable:doo_mRJtPQVz

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: Adjuster => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: FolderSize => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^百度云管家.lnk => C:\Windows\pss\百度云管家.lnk.Startup
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: RoboForm => 

==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2014 03:56:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2014-06-26T13:55:36Z. Fehlercode: 0x80041321.

Error: (06/19/2014 03:47:52 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:52 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.

Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:52 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.

Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.


Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


System errors:
=============
Error: (06/19/2014 03:55:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/19/2014 03:47:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/19/2014 03:47:52 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.

Error: (06/18/2014 05:06:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/17/2014 08:48:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/17/2014 08:36:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/17/2014 08:14:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (06/17/2014 08:07:25 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/17/2014 07:42:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/17/2014 07:12:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet: 
%%5


Microsoft Office Sessions:
=========================
Error: (06/19/2014 03:56:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413212014-06-26T13:55:36Z

Error: (06/19/2014 03:47:52 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:52 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:52 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/19/2014 03:47:52 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Element nicht gefunden.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog


Details:
	Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: 
Details:
	Der Inhaltsindexkatalog ist fehlerhaft.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (06/19/2014 03:47:47 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: 
Details:
	0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft.  (HRESULT : 0xc0041800))


==================== Memory info =========================== 

Percentage of memory in use: 59%
Total physical RAM: 2047.55 MB
Available physical RAM: 833.9 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 2574.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1875.9 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:319.18 GB) (Free:96.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (BIE) (Fixed) (Total:146.48 GB) (Free:81.57 GB) NTFS
Drive g: (SATA) (Fixed) (Total:76.68 GB) (Free:44.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 77 GB) (Disk ID: 96BF04FF)
Partition 1: (Not Active) - (Size=77 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 1D79DA50)
Partition 1: (Active) - (Size=319 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 20.06.2014, 19:57

Zitat:

Platform: Microsoft Windows 7 Enterprise

Wo hast du denn diese Edition her?

Bartos · 20.06.2014, 20:00

Gmer - 1.log

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-19 22:29:41
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4 WDC_WD5000AAKS-00UU3A0 rev.01.03B01 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\George\AppData\Local\Temp\fxliapob.sys


---- System - GMER 2.1 ----

SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwAdjustPrivilegesToken [0x8D4F6780]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwAlpcSendWaitReceivePort [0x88EC4CA0]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwAssignProcessToJobObject [0x88EC5DB0]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwConnectPort [0x8D4F9B20]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwCreateFile [0x8D4F8DA0]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwCreateKey [0x8D4F6410]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwCreatePort [0x8D4F9E70]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwCreateProcess [0x88EC5770]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwCreateProcessEx [0x88EC5670]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwCreateSection [0x88EC4FF0]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwCreateSymbolicLinkObject [0x8D4F9330]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwCreateThread [0x8D4FA170]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwCreateThreadEx [0x88EC5B00]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwCreateUserProcess [0x8D4F96B0]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwDebugActiveProcess [0x8D4F5EE0]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwDeleteFile [0x88EC4E60]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwDeleteKey [0x8D4F8620]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwDeleteValueKey [0x8D4F8780]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwDeviceIoControlFile [0x88EC4BA0]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwDuplicateObject [0x88EC49F0]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwEnumerateValueKey [0x88EC4820]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwGetNextProcess [0x88EC5C10]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwGetNextThread [0x88EC5930]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwLoadDriver [0x88EC4AE0]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwOpenFile [0x8D4F90A0]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwOpenKey [0x8D4F6210]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwOpenProcess [0x8D4F8940]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwOpenSection [0x8D4F5A30]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwOpenThread [0x8D4F6630]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwProtectVirtualMemory [0x88EC5340]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwQueryValueKey [0x88EC4740]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwQueueApcThread [0x88EC5F80]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwRenameKey [0x88EC55B0]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwRequestWaitReplyPort [0x88EC4670]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwRestoreKey [0x88EC6060]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwResumeThread [0x8D4F9600]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwSecureConnectPort [0x8D4F9CC0]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwSetContextThread [0x88EC54F0]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwSetInformationFile [0x8D4F9450]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwSetSecurityObject [0x88EC6130]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwSetSystemInformation [0x88EC4D90]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwSetValueKey [0x8D4F8450]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwSuspendThread [0x88EC50E0]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwSystemDebugControl [0x88EC5260]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwTerminateProcess [0x8D4F8340]
SSDT                                                                                                                                  \SystemRoot\system32\DRIVERS\pwipf6.sys                                                                                               ZwTerminateThread [0x8D4F8C80]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwUnmapViewOfSection [0x88EC5CF0]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwWriteFile [0x88EC4050]
SSDT                                                                                                                                  \SystemRoot\System32\drivers\Bhbase.sys                                                                                               ZwWriteVirtualMemory [0x88EC4230]

---- Kernel code sections - GMER 2.1 ----

.text                                                                                                                                 ntoskrnl.exe!ZwRollbackEnlistment + 1409                                                                                              820739A5 1 Byte  [06]
.text                                                                                                                                 ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                                                                82093512 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text                                                                                                                                 ntoskrnl.exe!KeRemoveQueueEx + 139F                                                                                                   8209A994 4 Bytes  [80, 67, 4F, 8D] {AND BYTE [EDI+0x4f], 0x8d}
.text                                                                                                                                 ntoskrnl.exe!KeRemoveQueueEx + 140B                                                                                                   8209AA00 4 Bytes  [A0, 4C, EC, 88]
.text                                                                                                                                 ntoskrnl.exe!KeRemoveQueueEx + 141B                                                                                                   8209AA10 4 Bytes  [B0, 5D, EC, 88]
.text                                                                                                                                 ntoskrnl.exe!KeRemoveQueueEx + 145B                                                                                                   8209AA50 4 Bytes  [20, 9B, 4F, 8D]
.text                                                                                                                                 ntoskrnl.exe!KeRemoveQueueEx + 1477                                                                                                   8209AA6C 4 Bytes  [A0, 8D, 4F, 8D]
.text                                                                                                                                 ...                                                                                                                                   
.reloc                                                                                                                                C:\Windows\SYSTEM32\drivers\diskpt.sys                                                                                                section is executable [0x88F6B880, 0x2B5E4, 0xE0000060]
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                                                              section is writeable [0xA05DF400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA0683620]  C:\Windows\system32\drivers\hardlock.sys                                                                                              entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xA0683620]
.protectÿÿÿÿhardlockunknown last code section [0xA0683400, 0x5126, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                                                              unknown last code section [0xA0683400, 0x5126, 0xE0000020]

---- User code sections - GMER 2.1 ----

.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] kernel32.dll!CreateProcessInternalW                                           775A0852 5 Bytes  JMP 01620A38 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!GetStockObject                                                      75D05DDF 5 Bytes  JMP 0162FAB0 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!DeleteObject                                                        75D05F14 5 Bytes  JMP 01624A58 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!GetObjectW                                                          75D07568 5 Bytes  JMP 01621A40 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!ExtTextOutW                                                         75D08192 5 Bytes  JMP 0162DAA0 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!GetObjectA                                                          75D0914F 5 Bytes  JMP 01622A48 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!CreateFontIndirectExW                                               75D0AB70 5 Bytes  JMP 01629A80 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!GetTextFaceW                                                        75D0B73A 5 Bytes  JMP 01625A60 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!GetTextFaceAliasW                                                   75D0BDC8 5 Bytes  JMP 01623A50 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!TextOutW                                                            75D0FB63 5 Bytes  JMP 0162BA90 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!ExtTextOutA                                                         75D10D20 5 Bytes  JMP 0162CA98 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!TextOutA                                                            75D1114C 5 Bytes  JMP 0162AA88 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!GetTextFaceA                                                        75D20D22 5 Bytes  JMP 01626A68 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!GetGlyphOutlineW                                                    75D2C2DA 5 Bytes  JMP 01627A70 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!GetGlyphOutline                                                     75D2C3C5 5 Bytes  JMP 01628A78 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!RemoveFontResourceExW                                               75D2ED7C 5 Bytes  JMP 0162EAA8 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!AbortPath                                                           75D364C6 5 Bytes  JMP 01632AC8 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!BeginPath                                                           75D3651D 5 Bytes  JMP 01630AB8 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] GDI32.dll!EndPath                                                             75D36626 5 Bytes  JMP 01631AC0 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] WS2_32.dll!ioctlsocket + 26                                                   761430AA 7 Bytes  JMP 02830095 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] WS2_32.dll!recv + CA                                                          76146BD8 7 Bytes  JMP 0283002D 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] WS2_32.dll!WSARecv + B9                                                       76147142 7 Bytes  JMP 028300C9 
.text                                                                                                                                 C:\Program Files\Anuko\World Clock\world_clock.exe[364] WS2_32.dll!WSARecvFrom + 94                                                   7614CC3A 7 Bytes  JMP 02830061 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] ntdll.dll!CsrClientCallServer                                                               7768C775 5 Bytes  JMP 004AB910 C:\Program Files\MacType\MacTray.exe
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] kernel32.dll!CreateProcessInternalW                                                         775A0852 5 Bytes  JMP 02110A38 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!GetStockObject                                                                    75D05DDF 5 Bytes  JMP 0211FAB0 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!DeleteObject                                                                      75D05F14 5 Bytes  JMP 02114A58 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!GetObjectW                                                                        75D07568 5 Bytes  JMP 02111A40 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!ExtTextOutW                                                                       75D08192 5 Bytes  JMP 0211DAA0 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!GetObjectA                                                                        75D0914F 5 Bytes  JMP 02112A48 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!CreateFontIndirectExW                                                             75D0AB70 5 Bytes  JMP 02119A80 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!GetTextFaceW                                                                      75D0B73A 5 Bytes  JMP 02115A60 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!GetTextFaceAliasW                                                                 75D0BDC8 5 Bytes  JMP 02113A50 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!TextOutW                                                                          75D0FB63 5 Bytes  JMP 0211BA90 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!ExtTextOutA                                                                       75D10D20 5 Bytes  JMP 0211CA98 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!TextOutA                                                                          75D1114C 5 Bytes  JMP 0211AA88 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!GetTextFaceA                                                                      75D20D22 5 Bytes  JMP 02116A68 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!GetGlyphOutlineW                                                                  75D2C2DA 5 Bytes  JMP 02117A70 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!GetGlyphOutline                                                                   75D2C3C5 5 Bytes  JMP 02118A78 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!RemoveFontResourceExW                                                             75D2ED7C 5 Bytes  JMP 0211EAA8 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!AbortPath                                                                         75D364C6 5 Bytes  JMP 02122AC8 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!BeginPath                                                                         75D3651D 5 Bytes  JMP 02120AB8 
.text                                                                                                                                 C:\Program Files\MacType\MacTray.exe[528] GDI32.dll!EndPath                                                                           75D36626 5 Bytes  JMP 02121AC0 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] kernel32.dll!CreateProcessInternalW                                                              775A0852 5 Bytes  JMP 01960A38 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!GetStockObject                                                                         75D05DDF 5 Bytes  JMP 0196FAB0 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!DeleteObject                                                                           75D05F14 5 Bytes  JMP 01964A58 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!GetObjectW                                                                             75D07568 5 Bytes  JMP 01961A40 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!ExtTextOutW                                                                            75D08192 5 Bytes  JMP 0196DAA0 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!GetObjectA                                                                             75D0914F 5 Bytes  JMP 01962A48 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!CreateFontIndirectExW                                                                  75D0AB70 5 Bytes  JMP 01969A80 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!GetTextFaceW                                                                           75D0B73A 5 Bytes  JMP 01965A60 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!GetTextFaceAliasW                                                                      75D0BDC8 5 Bytes  JMP 01963A50 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!TextOutW                                                                               75D0FB63 5 Bytes  JMP 0196BA90 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!ExtTextOutA                                                                            75D10D20 5 Bytes  JMP 0196CA98 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!TextOutA                                                                               75D1114C 5 Bytes  JMP 0196AA88 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!GetTextFaceA                                                                           75D20D22 5 Bytes  JMP 01966A68 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!GetGlyphOutlineW                                                                       75D2C2DA 5 Bytes  JMP 01967A70 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!GetGlyphOutline                                                                        75D2C3C5 5 Bytes  JMP 01968A78 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!RemoveFontResourceExW                                                                  75D2ED7C 5 Bytes  JMP 0196EAA8 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!AbortPath                                                                              75D364C6 5 Bytes  JMP 01972AC8 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!BeginPath                                                                              75D3651D 5 Bytes  JMP 01970AB8 
.text                                                                                                                                 C:\Windows\system32\wininit.exe[640] GDI32.dll!EndPath                                                                                75D36626 5 Bytes  JMP 01971AC0 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] kernel32.dll!CreateProcessInternalW                                                             775A0852 5 Bytes  JMP 00D20A38 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!GetStockObject                                                                        75D05DDF 5 Bytes  JMP 00D2FAB0 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!DeleteObject                                                                          75D05F14 5 Bytes  JMP 00D24A58 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!GetObjectW                                                                            75D07568 5 Bytes  JMP 00D21A40 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!ExtTextOutW                                                                           75D08192 5 Bytes  JMP 00D2DAA0 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!GetObjectA                                                                            75D0914F 5 Bytes  JMP 00D22A48 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!CreateFontIndirectExW                                                                 75D0AB70 5 Bytes  JMP 00D29A80 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!GetTextFaceW                                                                          75D0B73A 5 Bytes  JMP 00D25A60 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!GetTextFaceAliasW                                                                     75D0BDC8 5 Bytes  JMP 00D23A50 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!TextOutW                                                                              75D0FB63 5 Bytes  JMP 00D2BA90 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!ExtTextOutA                                                                           75D10D20 5 Bytes  JMP 00D2CA98 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!TextOutA                                                                              75D1114C 5 Bytes  JMP 00D2AA88 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!GetTextFaceA                                                                          75D20D22 5 Bytes  JMP 00D26A68 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!GetGlyphOutlineW                                                                      75D2C2DA 5 Bytes  JMP 00D27A70 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!GetGlyphOutline                                                                       75D2C3C5 5 Bytes  JMP 00D28A78 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!RemoveFontResourceExW                                                                 75D2ED7C 5 Bytes  JMP 00D2EAA8 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!AbortPath                                                                             75D364C6 5 Bytes  JMP 00D32AC8 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!BeginPath                                                                             75D3651D 5 Bytes  JMP 00D30AB8 
.text                                                                                                                                 C:\Windows\system32\winlogon.exe[716] GDI32.dll!EndPath                                                                               75D36626 5 Bytes  JMP 00D31AC0 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] kernel32.dll!CreateProcessInternalW                                                              775A0852 5 Bytes  JMP 00C00A38 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!GetStockObject                                                                         75D05DDF 5 Bytes  JMP 00C0FAB0 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!DeleteObject                                                                           75D05F14 5 Bytes  JMP 00C04A58 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!GetObjectW                                                                             75D07568 5 Bytes  JMP 00C01A40 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!ExtTextOutW                                                                            75D08192 5 Bytes  JMP 00C0DAA0 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!GetObjectA                                                                             75D0914F 5 Bytes  JMP 00C02A48 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!CreateFontIndirectExW                                                                  75D0AB70 5 Bytes  JMP 00C09A80 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!GetTextFaceW                                                                           75D0B73A 5 Bytes  JMP 00C05A60 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!GetTextFaceAliasW                                                                      75D0BDC8 5 Bytes  JMP 00C03A50 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!TextOutW                                                                               75D0FB63 5 Bytes  JMP 00C0BA90 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!ExtTextOutA                                                                            75D10D20 5 Bytes  JMP 00C0CA98 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!TextOutA                                                                               75D1114C 5 Bytes  JMP 00C0AA88 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!GetTextFaceA                                                                           75D20D22 5 Bytes  JMP 00C06A68 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!GetGlyphOutlineW                                                                       75D2C2DA 5 Bytes  JMP 00C07A70 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!GetGlyphOutline                                                                        75D2C3C5 5 Bytes  JMP 00C08A78 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!RemoveFontResourceExW                                                                  75D2ED7C 5 Bytes  JMP 00C0EAA8 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!AbortPath                                                                              75D364C6 5 Bytes  JMP 00C12AC8 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!BeginPath                                                                              75D3651D 5 Bytes  JMP 00C10AB8 
.text                                                                                                                                 C:\Windows\system32\svchost.exe[864] GDI32.dll!EndPath                                                                                75D36626 5 Bytes  JMP 00C11AC0 
.text                                                                                                                                 C:\Windows\system32\taskhost.exe[912] ws2_32.dll!ioctlsocket + 26                                                                     761430AA 7 Bytes  JMP 001F0095 
.text                                                                                                                                 C:\Windows\system32\taskhost.exe[912] ws2_32.dll!recv + CA                                                                            76146BD8 7 Bytes  JMP 001F002D 
.text                                                                                                                                 C:\Windows\system32\taskhost.exe[912] ws2_32.dll!WSARecv + B9                                                                         76147142 7 Bytes  JMP 001F00C9 
.text                                                                                                                                 C:\Windows\system32\taskhost.exe[912] ws2_32.dll!WSARecvFrom + 94                                                                     7614CC3A 7 Bytes  JMP 001F0061 
.text                                                                                                                                 C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe[972] kernel32.dll!SetUnhandledExceptionFilter                       7759F5AB 8 Bytes  [33, C0, 90, 90, C2, 04, 00, ...] {XOR EAX, EAX; NOP ; NOP ; RET 0x4; NOP }
.text                                                                                                                                 C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe[1076] kernel32.dll!SetUnhandledExceptionFilter                  7759F5AB 8 Bytes  [33, C0, 90, 90, C2, 04, 00, ...] {XOR EAX, EAX; NOP ; NOP ; RET 0x4; NOP }
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] ntdll.dll!LdrAccessResource                                                                77693D7A 5 Bytes  JMP 00B9C8F0 C:\Program Files\PicPick\picpick.exe
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] ntdll.dll!LdrFindResource_U                                                                7769E231 5 Bytes  JMP 00B9C860 C:\Program Files\PicPick\picpick.exe
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] kernel32.dll!CreateProcessInternalW                                                        775A0852 5 Bytes  JMP 01FE0A38 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!GetStockObject                                                                   75D05DDF 5 Bytes  JMP 01FEFAB0 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!DeleteObject                                                                     75D05F14 5 Bytes  JMP 01FE4A58 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!GetObjectW                                                                       75D07568 5 Bytes  JMP 01FE1A40 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!ExtTextOutW                                                                      75D08192 5 Bytes  JMP 01FEDAA0 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!GetObjectA                                                                       75D0914F 5 Bytes  JMP 01FE2A48 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!CreateFontIndirectExW                                                            75D0AB70 5 Bytes  JMP 01FE9A80 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!GetTextFaceW                                                                     75D0B73A 5 Bytes  JMP 01FE5A60 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!GetTextFaceAliasW                                                                75D0BDC8 5 Bytes  JMP 01FE3A50 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!TextOutW                                                                         75D0FB63 5 Bytes  JMP 01FEBA90 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!ExtTextOutA                                                                      75D10D20 5 Bytes  JMP 01FECA98 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!TextOutA                                                                         75D1114C 5 Bytes  JMP 01FEAA88 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!GetTextFaceA                                                                     75D20D22 5 Bytes  JMP 01FE6A68 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!GetGlyphOutlineW                                                                 75D2C2DA 5 Bytes  JMP 01FE7A70 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!GetGlyphOutline                                                                  75D2C3C5 5 Bytes  JMP 01FE8A78 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!RemoveFontResourceExW                                                            75D2ED7C 5 Bytes  JMP 01FEEAA8 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!AbortPath                                                                        75D364C6 5 Bytes  JMP 01FF2AC8 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!BeginPath                                                                        75D3651D 5 Bytes  JMP 01FF0AB8 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] GDI32.dll!EndPath                                                                          75D36626 5 Bytes  JMP 01FF1AC0 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] ws2_32.dll!ioctlsocket + 26                                                                761430AA 7 Bytes  JMP 01F90095 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] ws2_32.dll!recv + CA                                                                       76146BD8 7 Bytes  JMP 01F9002D 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] ws2_32.dll!WSARecv + B9                                                                    76147142 7 Bytes  JMP 01F900C9 
.text                                                                                                                                 C:\Program Files\PicPick\picpick.exe[2208] ws2_32.dll!WSARecvFrom + 94                                                                7614CC3A 7 Bytes  JMP 01F90061 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] kernel32.dll!CreateProcessInternalW                                                     775A0852 5 Bytes  JMP 01BA0A38 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!GetStockObject                                                                75D05DDF 5 Bytes  JMP 01BAFAB0 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!DeleteObject                                                                  75D05F14 5 Bytes  JMP 01BA4A58 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!GetObjectW                                                                    75D07568 5 Bytes  JMP 01BA1A40 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!ExtTextOutW                                                                   75D08192 5 Bytes  JMP 01BADAA0 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!GetObjectA                                                                    75D0914F 5 Bytes  JMP 01BA2A48 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!CreateFontIndirectExW                                                         75D0AB70 5 Bytes  JMP 01BA9A80 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!GetTextFaceW                                                                  75D0B73A 5 Bytes  JMP 01BA5A60 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!GetTextFaceAliasW                                                             75D0BDC8 5 Bytes  JMP 01BA3A50 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!TextOutW                                                                      75D0FB63 5 Bytes  JMP 01BABA90 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!ExtTextOutA                                                                   75D10D20 5 Bytes  JMP 01BACA98 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!TextOutA                                                                      75D1114C 5 Bytes  JMP 01BAAA88 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!GetTextFaceA                                                                  75D20D22 5 Bytes  JMP 01BA6A68 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!GetGlyphOutlineW                                                              75D2C2DA 5 Bytes  JMP 01BA7A70 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!GetGlyphOutline                                                               75D2C3C5 5 Bytes  JMP 01BA8A78 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!RemoveFontResourceExW                                                         75D2ED7C 5 Bytes  JMP 01BAEAA8 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!AbortPath                                                                     75D364C6 5 Bytes  JMP 01BB2AC8 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!BeginPath                                                                     75D3651D 5 Bytes  JMP 01BB0AB8 
.text                                                                                                                                 C:\Program Files\Ad Muncher\AdMunch.exe[2264] GDI32.dll!EndPath                                                                       75D36626 5 Bytes  JMP 01BB1AC0 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] kernel32.dll!CreateProcessInternalW                                        775A0852 5 Bytes  JMP 01DF0A38 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] WS2_32.dll!ioctlsocket + 26                                                761430AA 7 Bytes  JMP 02B70095 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] WS2_32.dll!recv + CA                                                       76146BD8 7 Bytes  JMP 02B7002D 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] WS2_32.dll!WSARecv + B9                                                    76147142 7 Bytes  JMP 02B700C9 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] WS2_32.dll!WSARecvFrom + 94                                                7614CC3A 7 Bytes  JMP 02B70061 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!GetStockObject                                                   75D05DDF 5 Bytes  JMP 01DFFAB0 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!DeleteObject                                                     75D05F14 5 Bytes  JMP 01DF4A58 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!GetObjectW                                                       75D07568 5 Bytes  JMP 01DF1A40 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!ExtTextOutW                                                      75D08192 5 Bytes  JMP 01DFDAA0 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!GetObjectA                                                       75D0914F 5 Bytes  JMP 01DF2A48 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!CreateFontIndirectExW                                            75D0AB70 5 Bytes  JMP 01DF9A80 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!GetTextFaceW                                                     75D0B73A 5 Bytes  JMP 01DF5A60 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!GetTextFaceAliasW                                                75D0BDC8 5 Bytes  JMP 01DF3A50 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!TextOutW                                                         75D0FB63 5 Bytes  JMP 01DFBA90 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!ExtTextOutA                                                      75D10D20 5 Bytes  JMP 01DFCA98 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!TextOutA                                                         75D1114C 5 Bytes  JMP 01DFAA88 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!GetTextFaceA                                                     75D20D22 5 Bytes  JMP 01DF6A68 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!GetGlyphOutlineW                                                 75D2C2DA 5 Bytes  JMP 01DF7A70 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!GetGlyphOutline                                                  75D2C3C5 5 Bytes  JMP 01DF8A78 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!RemoveFontResourceExW                                            75D2ED7C 5 Bytes  JMP 01DFEAA8 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!AbortPath                                                        75D364C6 5 Bytes  JMP 01E02AC8 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!BeginPath                                                        75D3651D 5 Bytes  JMP 01E00AB8 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IDMan.exe[2344] GDI32.dll!EndPath                                                          75D36626 5 Bytes  JMP 01E01AC0 
.text                                                                                                                                 C:\Windows\system32\taskhost.exe[2412] ws2_32.dll!ioctlsocket + 26                                                                    761430AA 7 Bytes  JMP 01F30095 
.text                                                                                                                                 C:\Windows\system32\taskhost.exe[2412] ws2_32.dll!recv + CA                                                                           76146BD8 7 Bytes  JMP 01F3002D 
.text                                                                                                                                 C:\Windows\system32\taskhost.exe[2412] ws2_32.dll!WSARecv + B9                                                                        76147142 7 Bytes  JMP 01F300C9 
.text                                                                                                                                 C:\Windows\system32\taskhost.exe[2412] ws2_32.dll!WSARecvFrom + 94                                                                    7614CC3A 7 Bytes  JMP 01F30061 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] kernel32.dll!CreateProcessInternalW                                              775A0852 5 Bytes  JMP 01420A38 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!GetStockObject                                                         75D05DDF 5 Bytes  JMP 0142FAB0 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!DeleteObject                                                           75D05F14 5 Bytes  JMP 01424A58 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!GetObjectW                                                             75D07568 5 Bytes  JMP 01421A40 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!ExtTextOutW                                                            75D08192 5 Bytes  JMP 0142DAA0 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!GetObjectA                                                             75D0914F 5 Bytes  JMP 01422A48 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!CreateFontIndirectExW                                                  75D0AB70 5 Bytes  JMP 01429A80 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!GetTextFaceW                                                           75D0B73A 5 Bytes  JMP 01425A60 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!GetTextFaceAliasW                                                      75D0BDC8 5 Bytes  JMP 01423A50 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!TextOutW                                                               75D0FB63 5 Bytes  JMP 0142BA90 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!ExtTextOutA                                                            75D10D20 5 Bytes  JMP 0142CA98 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!TextOutA                                                               75D1114C 5 Bytes  JMP 0142AA88 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!GetTextFaceA                                                           75D20D22 5 Bytes  JMP 01426A68 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!GetGlyphOutlineW                                                       75D2C2DA 5 Bytes  JMP 01427A70 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!GetGlyphOutline                                                        75D2C3C5 5 Bytes  JMP 01428A78 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!RemoveFontResourceExW                                                  75D2ED7C 5 Bytes  JMP 0142EAA8 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!AbortPath                                                              75D364C6 5 Bytes  JMP 01432AC8 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!BeginPath                                                              75D3651D 5 Bytes  JMP 01430AB8 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] GDI32.dll!EndPath                                                                75D36626 5 Bytes  JMP 01431AC0 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] ws2_32.dll!ioctlsocket + 26                                                      761430AA 7 Bytes  JMP 00650095 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] ws2_32.dll!recv + CA                                                             76146BD8 7 Bytes  JMP 0065002D 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] ws2_32.dll!WSARecv + B9                                                          76147142 7 Bytes  JMP 006500C9 
.text                                                                                                                                 C:\Users\George\00  R E S U L T\Gmer-19357.exe[2500] ws2_32.dll!WSARecvFrom + 94                                                      7614CC3A 7 Bytes  JMP 00650061 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] kernel32.dll!CreateProcessInternalW                                    775A0852 5 Bytes  JMP 015E0A38 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetStockObject                                               75D05DDF 5 Bytes  JMP 015EFAB0 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!DeleteObject                                                 75D05F14 5 Bytes  JMP 015E4A58 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetObjectW                                                   75D07568 5 Bytes  JMP 015E1A40 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!ExtTextOutW                                                  75D08192 5 Bytes  JMP 015EDAA0 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetObjectA                                                   75D0914F 5 Bytes  JMP 015E2A48 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!CreateFontIndirectExW                                        75D0AB70 5 Bytes  JMP 015E9A80 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetTextFaceW                                                 75D0B73A 5 Bytes  JMP 015E5A60 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetTextFaceAliasW                                            75D0BDC8 5 Bytes  JMP 015E3A50 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!TextOutW                                                     75D0FB63 5 Bytes  JMP 015EBA90 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!ExtTextOutA                                                  75D10D20 5 Bytes  JMP 015ECA98 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!TextOutA                                                     75D1114C 5 Bytes  JMP 015EAA88 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetTextFaceA                                                 75D20D22 5 Bytes  JMP 015E6A68 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetGlyphOutlineW                                             75D2C2DA 3 Bytes  JMP 015E7A70 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetGlyphOutlineW + 4                                         75D2C2DE 1 Byte  [8B]
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetGlyphOutline                                              75D2C3C5 3 Bytes  JMP 015E8A78 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!GetGlyphOutline + 4                                          75D2C3C9 1 Byte  [8B]
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!RemoveFontResourceExW                                        75D2ED7C 3 Bytes  JMP 015EEAA8 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!RemoveFontResourceExW + 4                                    75D2ED80 1 Byte  [8B]
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!AbortPath                                                    75D364C6 3 Bytes  JMP 015F2AC8 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!AbortPath + 4                                                75D364CA 1 Byte  [8B]
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!BeginPath                                                    75D3651D 3 Bytes  JMP 015F0AB8 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!BeginPath + 4                                                75D36521 1 Byte  [8B]
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!EndPath                                                      75D36626 3 Bytes  JMP 015F1AC0 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] GDI32.dll!EndPath + 4                                                  75D3662A 1 Byte  [8B]
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] WS2_32.DLL!ioctlsocket + 26                                            761430AA 7 Bytes  JMP 01C20095 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] WS2_32.DLL!recv + CA                                                   76146BD8 7 Bytes  JMP 01C2002D 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] WS2_32.DLL!WSARecv + B9                                                76147142 7 Bytes  JMP 01C200C9 
.text                                                                                                                                 C:\Program Files\Letasoft Sound Booster\SoundBooster.exe[2644] WS2_32.DLL!WSARecvFrom + 94                                            7614CC3A 7 Bytes  JMP 01C20061 
.text                                                                                                                                 C:\Windows\system32\Dwm.exe[2740] ws2_32.dll!ioctlsocket + 26                                                                         761430AA 7 Bytes  JMP 00680095 
.text                                                                                                                                 C:\Windows\system32\Dwm.exe[2740] ws2_32.dll!recv + CA                                                                                76146BD8 7 Bytes  JMP 0068002D 
.text                                                                                                                                 C:\Windows\system32\Dwm.exe[2740] ws2_32.dll!WSARecv + B9                                                                             76147142 7 Bytes  JMP 006800C9 
.text                                                                                                                                 C:\Windows\system32\Dwm.exe[2740] ws2_32.dll!WSARecvFrom + 94                                                                         7614CC3A 7 Bytes  JMP 00680061 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] kernel32.dll!CreateProcessInternalW                                                                     775A0852 5 Bytes  JMP 00290A38 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!GetStockObject                                                                                75D05DDF 5 Bytes  JMP 0029FAB0 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!DeleteObject                                                                                  75D05F14 5 Bytes  JMP 00294A58 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!GetObjectW                                                                                    75D07568 5 Bytes  JMP 00291A40 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!ExtTextOutW                                                                                   75D08192 5 Bytes  JMP 0029DAA0 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!GetObjectA                                                                                    75D0914F 5 Bytes  JMP 00292A48 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!CreateFontIndirectExW                                                                         75D0AB70 5 Bytes  JMP 00299A80 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!GetTextFaceW                                                                                  75D0B73A 5 Bytes  JMP 00295A60 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!GetTextFaceAliasW                                                                             75D0BDC8 5 Bytes  JMP 00293A50 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!TextOutW                                                                                      75D0FB63 5 Bytes  JMP 0029BA90 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!ExtTextOutA                                                                                   75D10D20 5 Bytes  JMP 0029CA98 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!TextOutA                                                                                      75D1114C 5 Bytes  JMP 0029AA88 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!GetTextFaceA                                                                                  75D20D22 5 Bytes  JMP 00296A68 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!GetGlyphOutlineW                                                                              75D2C2DA 5 Bytes  JMP 00297A70 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!GetGlyphOutline                                                                               75D2C3C5 5 Bytes  JMP 00298A78 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!RemoveFontResourceExW                                                                         75D2ED7C 5 Bytes  JMP 0029EAA8 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!AbortPath                                                                                     75D364C6 5 Bytes  JMP 002A2AC8 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!BeginPath                                                                                     75D3651D 5 Bytes  JMP 002A0AB8 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] GDI32.dll!EndPath                                                                                       75D36626 5 Bytes  JMP 002A1AC0 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] WS2_32.dll!ioctlsocket + 26                                                                             761430AA 7 Bytes  JMP 05D20095 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] WS2_32.dll!recv + CA                                                                                    76146BD8 7 Bytes  JMP 05D2002D 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] WS2_32.dll!WSARecv + B9                                                                                 76147142 7 Bytes  JMP 05D200C9 
.text                                                                                                                                 C:\Windows\Explorer.EXE[2760] WS2_32.dll!WSARecvFrom + 94                                                                             7614CC3A 7 Bytes  JMP 05D20061

Bartos · 20.06.2014, 20:02

Gmer - 2.log

Code:

ATTFilter

.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] kernel32.dll!CreateProcessInternalW                       775A0852 5 Bytes  JMP 01480A38 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!GetStockObject                                  75D05DDF 5 Bytes  JMP 0148FAB0 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!DeleteObject                                    75D05F14 5 Bytes  JMP 01484A58 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!GetObjectW                                      75D07568 5 Bytes  JMP 01481A40 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!ExtTextOutW                                     75D08192 5 Bytes  JMP 0148DAA0 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!GetObjectA                                      75D0914F 5 Bytes  JMP 01482A48 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!CreateFontIndirectExW                           75D0AB70 5 Bytes  JMP 01489A80 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!GetTextFaceW                                    75D0B73A 5 Bytes  JMP 01485A60 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!GetTextFaceAliasW                               75D0BDC8 5 Bytes  JMP 01483A50 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!TextOutW                                        75D0FB63 5 Bytes  JMP 0148BA90 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!ExtTextOutA                                     75D10D20 5 Bytes  JMP 0148CA98 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!TextOutA                                        75D1114C 5 Bytes  JMP 0148AA88 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!GetTextFaceA                                    75D20D22 5 Bytes  JMP 01486A68 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!GetGlyphOutlineW                                75D2C2DA 5 Bytes  JMP 01487A70 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!GetGlyphOutline                                 75D2C3C5 5 Bytes  JMP 01488A78 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!RemoveFontResourceExW                           75D2ED7C 5 Bytes  JMP 0148EAA8 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!AbortPath                                       75D364C6 5 Bytes  JMP 01492AC8 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!BeginPath                                       75D3651D 5 Bytes  JMP 01490AB8 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] GDI32.dll!EndPath                                         75D36626 5 Bytes  JMP 01491AC0 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] ws2_32.dll!ioctlsocket + 26                               761430AA 7 Bytes  JMP 003D0095 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] ws2_32.dll!recv + CA                                      76146BD8 7 Bytes  JMP 003D002D 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] ws2_32.dll!WSARecv + B9                                   76147142 7 Bytes  JMP 003D00C9 
.text                                                                                                                                 C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe[3000] ws2_32.dll!WSARecvFrom + 94                               7614CC3A 7 Bytes  JMP 003D0061 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] kernel32.dll!CreateProcessInternalW                                                  775A0852 5 Bytes  JMP 00D60A38 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!GetStockObject                                                             75D05DDF 5 Bytes  JMP 00D6FAB0 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!DeleteObject                                                               75D05F14 5 Bytes  JMP 00D64A58 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!GetObjectW                                                                 75D07568 5 Bytes  JMP 00D61A40 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!ExtTextOutW                                                                75D08192 5 Bytes  JMP 00D6DAA0 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!GetObjectA                                                                 75D0914F 5 Bytes  JMP 00D62A48 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!CreateFontIndirectExW                                                      75D0AB70 5 Bytes  JMP 00D69A80 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!GetTextFaceW                                                               75D0B73A 5 Bytes  JMP 00D65A60 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!GetTextFaceAliasW                                                          75D0BDC8 5 Bytes  JMP 00D63A50 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!TextOutW                                                                   75D0FB63 5 Bytes  JMP 00D6BA90 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!ExtTextOutA                                                                75D10D20 5 Bytes  JMP 00D6CA98 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!TextOutA                                                                   75D1114C 5 Bytes  JMP 00D6AA88 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!GetTextFaceA                                                               75D20D22 5 Bytes  JMP 00D66A68 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!GetGlyphOutlineW                                                           75D2C2DA 5 Bytes  JMP 00D67A70 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!GetGlyphOutline                                                            75D2C3C5 5 Bytes  JMP 00D68A78 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!RemoveFontResourceExW                                                      75D2ED7C 5 Bytes  JMP 00D6EAA8 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!AbortPath                                                                  75D364C6 5 Bytes  JMP 00D72AC8 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!BeginPath                                                                  75D3651D 5 Bytes  JMP 00D70AB8 
.text                                                                                                                                 C:\Windows\system32\SearchProtocolHost.exe[3584] GDI32.dll!EndPath                                                                    75D36626 5 Bytes  JMP 00D71AC0 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] kernel32.dll!CreateProcessInternalW                                  775A0852 5 Bytes  JMP 01C00A38 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] WS2_32.dll!ioctlsocket + 26                                          761430AA 7 Bytes  JMP 003A0095 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] WS2_32.dll!recv + CA                                                 76146BD8 7 Bytes  JMP 003A002D 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] WS2_32.dll!WSARecv + B9                                              76147142 7 Bytes  JMP 003A00C9 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] WS2_32.dll!WSARecvFrom + 94                                          7614CC3A 7 Bytes  JMP 003A0061 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!GetStockObject                                             75D05DDF 5 Bytes  JMP 01C0FAB0 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!DeleteObject                                               75D05F14 5 Bytes  JMP 01C04A58 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!GetObjectW                                                 75D07568 5 Bytes  JMP 01C01A40 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!ExtTextOutW                                                75D08192 5 Bytes  JMP 01C0DAA0 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!GetObjectA                                                 75D0914F 5 Bytes  JMP 01C02A48 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!CreateFontIndirectExW                                      75D0AB70 5 Bytes  JMP 01C09A80 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!GetTextFaceW                                               75D0B73A 5 Bytes  JMP 01C05A60 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!GetTextFaceAliasW                                          75D0BDC8 5 Bytes  JMP 01C03A50 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!TextOutW                                                   75D0FB63 5 Bytes  JMP 01C0BA90 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!ExtTextOutA                                                75D10D20 5 Bytes  JMP 01C0CA98 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!TextOutA                                                   75D1114C 5 Bytes  JMP 01C0AA88 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!GetTextFaceA                                               75D20D22 5 Bytes  JMP 01C06A68 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!GetGlyphOutlineW                                           75D2C2DA 5 Bytes  JMP 01C07A70 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!GetGlyphOutline                                            75D2C3C5 5 Bytes  JMP 01C08A78 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!RemoveFontResourceExW                                      75D2ED7C 5 Bytes  JMP 01C0EAA8 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!AbortPath                                                  75D364C6 5 Bytes  JMP 01C12AC8 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!BeginPath                                                  75D3651D 5 Bytes  JMP 01C10AB8 
.text                                                                                                                                 C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe[3992] GDI32.dll!EndPath                                                    75D36626 5 Bytes  JMP 01C11AC0 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] kernel32.dll!CreateProcessInternalW                                          775A0852 5 Bytes  JMP 01B40A38 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!GetStockObject                                                     75D05DDF 5 Bytes  JMP 01B4FAB0 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!DeleteObject                                                       75D05F14 5 Bytes  JMP 01B44A58 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!GetObjectW                                                         75D07568 5 Bytes  JMP 01B41A40 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!ExtTextOutW                                                        75D08192 5 Bytes  JMP 01B4DAA0 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!GetObjectA                                                         75D0914F 5 Bytes  JMP 01B42A48 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!CreateFontIndirectExW                                              75D0AB70 5 Bytes  JMP 01B49A80 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!GetTextFaceW                                                       75D0B73A 5 Bytes  JMP 01B45A60 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!GetTextFaceAliasW                                                  75D0BDC8 5 Bytes  JMP 01B43A50 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!TextOutW                                                           75D0FB63 5 Bytes  JMP 01B4BA90 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!ExtTextOutA                                                        75D10D20 5 Bytes  JMP 01B4CA98 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!TextOutA                                                           75D1114C 5 Bytes  JMP 01B4AA88 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!GetTextFaceA                                                       75D20D22 5 Bytes  JMP 01B46A68 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!GetGlyphOutlineW                                                   75D2C2DA 5 Bytes  JMP 01B47A70 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!GetGlyphOutline                                                    75D2C3C5 5 Bytes  JMP 01B48A78 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!RemoveFontResourceExW                                              75D2ED7C 5 Bytes  JMP 01B4EAA8 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!AbortPath                                                          75D364C6 5 Bytes  JMP 01B52AC8 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!BeginPath                                                          75D3651D 5 Bytes  JMP 01B50AB8 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] GDI32.dll!EndPath                                                            75D36626 5 Bytes  JMP 01B51AC0 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] ws2_32.dll!ioctlsocket + 26                                                  761430AA 7 Bytes  JMP 01D80095 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] ws2_32.dll!recv + CA                                                         76146BD8 7 Bytes  JMP 01D8002D 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] ws2_32.dll!WSARecv + B9                                                      76147142 7 Bytes  JMP 01D800C9 
.text                                                                                                                                 C:\Program Files\PS Tray Factory\PSTrayFactory.exe[4012] ws2_32.dll!WSARecvFrom + 94                                                  7614CC3A 7 Bytes  JMP 01D80061 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] kernel32.dll!CreateProcessInternalW                                                    775A0852 5 Bytes  JMP 009E0A38 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!GetStockObject                                                               75D05DDF 5 Bytes  JMP 009EFAB0 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!DeleteObject                                                                 75D05F14 5 Bytes  JMP 009E4A58 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!GetObjectW                                                                   75D07568 5 Bytes  JMP 009E1A40 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!ExtTextOutW                                                                  75D08192 5 Bytes  JMP 009EDAA0 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!GetObjectA                                                                   75D0914F 5 Bytes  JMP 009E2A48 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!CreateFontIndirectExW                                                        75D0AB70 5 Bytes  JMP 009E9A80 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!GetTextFaceW                                                                 75D0B73A 5 Bytes  JMP 009E5A60 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!GetTextFaceAliasW                                                            75D0BDC8 5 Bytes  JMP 009E3A50 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!TextOutW                                                                     75D0FB63 5 Bytes  JMP 009EBA90 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!ExtTextOutA                                                                  75D10D20 5 Bytes  JMP 009ECA98 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!TextOutA                                                                     75D1114C 5 Bytes  JMP 009EAA88 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!GetTextFaceA                                                                 75D20D22 5 Bytes  JMP 009E6A68 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!GetGlyphOutlineW                                                             75D2C2DA 5 Bytes  JMP 009E7A70 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!GetGlyphOutline                                                              75D2C3C5 5 Bytes  JMP 009E8A78 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!RemoveFontResourceExW                                                        75D2ED7C 5 Bytes  JMP 009EEAA8 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!AbortPath                                                                    75D364C6 5 Bytes  JMP 009F2AC8 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!BeginPath                                                                    75D3651D 5 Bytes  JMP 009F0AB8 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] GDI32.dll!EndPath                                                                      75D36626 5 Bytes  JMP 009F1AC0 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] ws2_32.dll!ioctlsocket + 26                                                            761430AA 7 Bytes  JMP 007E0095 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] ws2_32.dll!recv + CA                                                                   76146BD8 7 Bytes  JMP 007E002D 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] ws2_32.dll!WSARecv + B9                                                                76147142 7 Bytes  JMP 007E00C9 
.text                                                                                                                                 C:\Program Files\MirrorFolder\mrfshl.exe[4052] ws2_32.dll!WSARecvFrom + 94                                                            7614CC3A 7 Bytes  JMP 007E0061 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] kernel32.dll!CreateProcessInternalW                                         775A0852 5 Bytes  JMP 01860A38 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!GetStockObject                                                    75D05DDF 5 Bytes  JMP 0186FAB0 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!DeleteObject                                                      75D05F14 5 Bytes  JMP 01864A58 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!GetObjectW                                                        75D07568 5 Bytes  JMP 01861A40 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!ExtTextOutW                                                       75D08192 5 Bytes  JMP 0186DAA0 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!GetObjectA                                                        75D0914F 5 Bytes  JMP 01862A48 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!CreateFontIndirectExW                                             75D0AB70 5 Bytes  JMP 01869A80 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!GetTextFaceW                                                      75D0B73A 5 Bytes  JMP 01865A60 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!GetTextFaceAliasW                                                 75D0BDC8 5 Bytes  JMP 01863A50 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!TextOutW                                                          75D0FB63 5 Bytes  JMP 0186BA90 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!ExtTextOutA                                                       75D10D20 5 Bytes  JMP 0186CA98 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!TextOutA                                                          75D1114C 5 Bytes  JMP 0186AA88 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!GetTextFaceA                                                      75D20D22 5 Bytes  JMP 01866A68 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!GetGlyphOutlineW                                                  75D2C2DA 5 Bytes  JMP 01867A70 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!GetGlyphOutline                                                   75D2C3C5 5 Bytes  JMP 01868A78 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!RemoveFontResourceExW                                             75D2ED7C 5 Bytes  JMP 0186EAA8 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!AbortPath                                                         75D364C6 5 Bytes  JMP 01872AC8 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!BeginPath                                                         75D3651D 5 Bytes  JMP 01870AB8 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] GDI32.dll!EndPath                                                           75D36626 5 Bytes  JMP 01871AC0 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] ws2_32.dll!ioctlsocket + 26                                                 761430AA 7 Bytes  JMP 018A0095 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] ws2_32.dll!recv + CA                                                        76146BD8 7 Bytes  JMP 018A002D 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] ws2_32.dll!WSARecv + B9                                                     76147142 7 Bytes  JMP 018A00C9 
.text                                                                                                                                 C:\Program Files\Classic Shell\ClassicStartMenu.exe[4068] ws2_32.dll!WSARecvFrom + 94                                                 7614CC3A 7 Bytes  JMP 018A0061 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] kernel32.dll!CreateProcessInternalW                                    775A0852 5 Bytes  JMP 014C0A38 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!GetStockObject                                               75D05DDF 5 Bytes  JMP 014CFAB0 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!DeleteObject                                                 75D05F14 5 Bytes  JMP 014C4A58 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!GetObjectW                                                   75D07568 5 Bytes  JMP 014C1A40 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!ExtTextOutW                                                  75D08192 5 Bytes  JMP 014CDAA0 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!GetObjectA                                                   75D0914F 5 Bytes  JMP 014C2A48 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!CreateFontIndirectExW                                        75D0AB70 5 Bytes  JMP 014C9A80 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!GetTextFaceW                                                 75D0B73A 5 Bytes  JMP 014C5A60 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!GetTextFaceAliasW                                            75D0BDC8 5 Bytes  JMP 014C3A50 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!TextOutW                                                     75D0FB63 5 Bytes  JMP 014CBA90 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!ExtTextOutA                                                  75D10D20 5 Bytes  JMP 014CCA98 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!TextOutA                                                     75D1114C 5 Bytes  JMP 014CAA88 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!GetTextFaceA                                                 75D20D22 5 Bytes  JMP 014C6A68 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!GetGlyphOutlineW                                             75D2C2DA 5 Bytes  JMP 014C7A70 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!GetGlyphOutline                                              75D2C3C5 5 Bytes  JMP 014C8A78 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!RemoveFontResourceExW                                        75D2ED7C 5 Bytes  JMP 014CEAA8 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!AbortPath                                                    75D364C6 5 Bytes  JMP 014D2AC8 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!BeginPath                                                    75D3651D 5 Bytes  JMP 014D0AB8 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] GDI32.dll!EndPath                                                      75D36626 5 Bytes  JMP 014D1AC0 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] ws2_32.dll!ioctlsocket + 26                                            761430AA 7 Bytes  JMP 004E0095 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] ws2_32.dll!recv + CA                                                   76146BD8 7 Bytes  JMP 004E002D 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] ws2_32.dll!WSARecv + B9                                                76147142 7 Bytes  JMP 004E00C9 
.text                                                                                                                                 C:\Program Files\Internet Download Manager\IEMonitor.exe[4284] ws2_32.dll!WSARecvFrom + 94                                            7614CC3A 7 Bytes  JMP 004E0061 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] kernel32.dll!CreateProcessInternalW                                                       775A0852 5 Bytes  JMP 00960A38 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!GetStockObject                                                                  75D05DDF 5 Bytes  JMP 0096FAB0 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!DeleteObject                                                                    75D05F14 5 Bytes  JMP 00964A58 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!GetObjectW                                                                      75D07568 5 Bytes  JMP 00961A40 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!ExtTextOutW                                                                     75D08192 5 Bytes  JMP 0096DAA0 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!GetObjectA                                                                      75D0914F 5 Bytes  JMP 00962A48 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!CreateFontIndirectExW                                                           75D0AB70 5 Bytes  JMP 00969A80 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!GetTextFaceW                                                                    75D0B73A 5 Bytes  JMP 00965A60 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!GetTextFaceAliasW                                                               75D0BDC8 5 Bytes  JMP 00963A50 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!TextOutW                                                                        75D0FB63 5 Bytes  JMP 0096BA90 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!ExtTextOutA                                                                     75D10D20 5 Bytes  JMP 0096CA98 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!TextOutA                                                                        75D1114C 5 Bytes  JMP 0096AA88 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!GetTextFaceA                                                                    75D20D22 5 Bytes  JMP 00966A68 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!GetGlyphOutlineW                                                                75D2C2DA 5 Bytes  JMP 00967A70 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!GetGlyphOutline                                                                 75D2C3C5 5 Bytes  JMP 00968A78 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!RemoveFontResourceExW                                                           75D2ED7C 5 Bytes  JMP 0096EAA8 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!AbortPath                                                                       75D364C6 5 Bytes  JMP 00972AC8 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!BeginPath                                                                       75D3651D 5 Bytes  JMP 00970AB8 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[4292] GDI32.dll!EndPath                                                                         75D36626 5 Bytes  JMP 00971AC0 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] kernel32.dll!CreateProcessInternalW                                                       775A0852 5 Bytes  JMP 00AC0A38 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!GetStockObject                                                                  75D05DDF 5 Bytes  JMP 00ACFAB0 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!DeleteObject                                                                    75D05F14 5 Bytes  JMP 00AC4A58 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!GetObjectW                                                                      75D07568 5 Bytes  JMP 00AC1A40 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!ExtTextOutW                                                                     75D08192 5 Bytes  JMP 00ACDAA0 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!GetObjectA                                                                      75D0914F 5 Bytes  JMP 00AC2A48 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!CreateFontIndirectExW                                                           75D0AB70 5 Bytes  JMP 00AC9A80 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!GetTextFaceW                                                                    75D0B73A 5 Bytes  JMP 00AC5A60 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!GetTextFaceAliasW                                                               75D0BDC8 5 Bytes  JMP 00AC3A50 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!TextOutW                                                                        75D0FB63 5 Bytes  JMP 00ACBA90 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!ExtTextOutA                                                                     75D10D20 5 Bytes  JMP 00ACCA98 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!TextOutA                                                                        75D1114C 5 Bytes  JMP 00ACAA88 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!GetTextFaceA                                                                    75D20D22 5 Bytes  JMP 00AC6A68 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!GetGlyphOutlineW                                                                75D2C2DA 5 Bytes  JMP 00AC7A70 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!GetGlyphOutline                                                                 75D2C3C5 5 Bytes  JMP 00AC8A78 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!RemoveFontResourceExW                                                           75D2ED7C 5 Bytes  JMP 00ACEAA8 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!AbortPath                                                                       75D364C6 5 Bytes  JMP 00AD2AC8 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!BeginPath                                                                       75D3651D 5 Bytes  JMP 00AD0AB8 
.text                                                                                                                                 C:\Windows\system32\wbem\wmiprvse.exe[5752] GDI32.dll!EndPath                                                                         75D36626 5 Bytes  JMP 00AD1AC0 

---- Devices - GMER 2.1 ----

Device                                                                                                                                                                                                                                                                      Ntfs.sys

AttachedDevice                                                                                                                                                                                                                                                              diskpt.sys

Device                                                                                                                                                                                                                                                                      fastfat.SYS

AttachedDevice                                                                                                                        \Driver\tdx \Device\Tcp                                                                                                               pwipf6.sys

Device                                                                                                                                                                                                                                                                      volmgr.sys

AttachedDevice                                                                                                                                                                                                                                                              FLTMGR.SYS
AttachedDevice                                                                                                                        \Driver\tdx \Device\Udp                                                                                                               pwipf6.sys
AttachedDevice                                                                                                                        \Driver\tdx \Device\RawIp                                                                                                             pwipf6.sys

---- Registry - GMER 2.1 ----

Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId                                18
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlModified                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlErrors                            1
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@PersistedFullCrawlCount                                             6
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0                                                            
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@CrawlType                                                  1
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@InProgress                                                 1
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@DoneAddingCrawlSeeds                                       1
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@IsCatalogLevel                                             0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@LogStartAddId                                              0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@SuccessfulTransactions                                     0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@ErrorTransactions                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@WarningTransactions                                        0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@ExcludedTransactions                                       0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@RetryTransactions                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@KilobytesCrawled                                           0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@Modified                                                   0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@UnvisitedItems                                             0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\0@ForcedFullCrawl                                            0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2                                                            
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@CrawlType                                                  1
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@InProgress                                                 1
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@DoneAddingCrawlSeeds                                       1
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@IsCatalogLevel                                             0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@LogStartAddId                                              4
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@SuccessfulTransactions                                     0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@ErrorTransactions                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@WarningTransactions                                        0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@ExcludedTransactions                                       0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@RetryTransactions                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@KilobytesCrawled                                           0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@Modified                                                   0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@UnvisitedItems                                             0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\2@ForcedFullCrawl                                            0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5                                                            
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@CrawlType                                                  5
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@InProgress                                                 0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@DoneAddingCrawlSeeds                                       0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@IsCatalogLevel                                             0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@LogStartAddId                                              65535
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@SuccessfulTransactions                                     0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@ErrorTransactions                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@WarningTransactions                                        0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@ExcludedTransactions                                       0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@RetryTransactions                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@KilobytesCrawled                                           0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@Modified                                                   0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@UnvisitedItems                                             0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\5@ForcedFullCrawl                                            0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9                                                            
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@CrawlType                                                  5
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@InProgress                                                 0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@DoneAddingCrawlSeeds                                       0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@IsCatalogLevel                                             0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@LogStartAddId                                              65535
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@SuccessfulTransactions                                     0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@ErrorTransactions                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@WarningTransactions                                        0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@ExcludedTransactions                                       0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@RetryTransactions                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@KilobytesCrawled                                           0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@Modified                                                   0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@UnvisitedItems                                             0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@ForcedFullCrawl                                            0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@CrawlNumberInProgress                                  0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@CrawlNumberScheduled                                   9
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\0@LastCrawlType                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@CrawlNumberInProgress                                  2
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@CrawlNumberScheduled                                   5
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\4@LastCrawlType                                          0
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{340F1DD8-2079-11E2-ABD2-806E6F6E6963}                858265648
Reg                                                                                                                                   HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{E0F8377D-2079-11E2-852A-0030849CC525}                3014656
Reg                                                                                                                                   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D7D7B19-3580-E71A-158D-AC67A1131DD6}                       
Reg                                                                                                                                   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D7D7B19-3580-E71A-158D-AC67A1131DD6}@jakjjfmelhgplnokgnhc  0x63 0x61 0x6D 0x65 ...
Reg                                                                                                                                   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D25AA628-F92F-B997-BEF7-2A7AF3ECE5D7}                       
Reg                                                                                                                                   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D25AA628-F92F-B997-BEF7-2A7AF3ECE5D7}@ialmjicakiokhfkabe    0x6A 0x61 0x6B 0x68 ...
Reg                                                                                                                                   HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D25AA628-F92F-B997-BEF7-2A7AF3ECE5D7}@hafjplhgjgfnmjdl      0x6A 0x61 0x68 0x68 ...

---- Disk sectors - GMER 2.1 ----

Disk                                                                                                                                  \Device\Harddisk1\DR1                                                                                                                 unknown MBR code

---- EOF - GMER 2.1 ----

Bartos · 20.06.2014, 20:04

malwarebytes.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 19.06.2014
Scan Time: 19:46:15
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.19.08
Rootkit Database: v2014.06.02.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: George

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 260453
Time Elapsed: 1 hr, 5 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 6
PUP.Optional.Complitly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlfienamagdnkekbbbocojppncdambda, , [62f24337d7a4de58c03b8d1f8a78857b], 
PUP.Optional.PlusHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8, , [73e13545205baf87af5fceec3bc7af51], 
PUP.Optional.PlusHD.A, HKU\S-1-5-21-3944665068-2704869593-2486753056-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-3.8, , [5afa12683249a393090515a5a55d48b8], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3944665068-2704869593-2486753056-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, , [371d057568130c2aa44de0e655ad758b], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3944665068-2704869593-2486753056-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, , [4d07fd7df586350122d72ab27390a35d], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-3944665068-2704869593-2486753056-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, , [1b3988f2b7c4989ee4bb9e172ad8e719], 

Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3944665068-2704869593-2486753056-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, , [4d07fd7df586350122d72ab27390a35d]

Registry Data: 0
(No malicious items detected)

Folders: 29
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\defaults, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\defaults\preferences, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\userCode, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\defaults, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\defaults\preferences, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\locale, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\locale\en-US, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\locale, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\locale\en-US, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\FFXTLBR@DELTA.COM, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\FFXTLBR@DELTA.COM\components, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\FFXTLBR@DELTA.COM\content, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\FFXTLBR@DELTA.COM\content\imgs, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\FFXTLBR@DELTA.COM\content\imgs\flgs, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\EXTENSIONS\FFXTLBR@DELTA.COM\META-INF, , [2a2a087294e72a0cf47f93ff25ddf20e], 

Files: 301
PUP.Riskware.Patcher, C:\Users\George\00  R E S U L T\Partition Bad Disk 3.4_New.rar, , [c58fdd9dbdbe34024fbcb759867baa56], 
PUP.Riskware.Patcher, C:\Users\George\00  R E S U L T\rsload.net.Internet.Download.Manager.6.20.Build.2.Patch-URET.zip, , [60f43248d3a851e5df2c5cb40cf51be5], 
PUP.Riskware.Patcher, C:\Users\George\00  R E S U L T\rsload.net.Internet.Download.Manager.v6.20.Build.3.Retail.zip, , [e173c6b42f4cc175c14a1ff12cd52cd4], 
PUP.Riskware.Patcher, C:\Users\George\00  R E S U L T\rsload.net.Internet.Download.Manager.v6.x.x.Patch.MERRY.CHRISTMAS-REiS.zip, , [4c0885f5aecd2214fa117e92d031f50b], 
Riskware.Tool.CK, C:\Users\George\00  R E S U L T\Sandboxie.4.12.zip, , [d57facce9ddeab8b4e95464b47bd8779], 
PUP.Hacktool.Patcher, C:\Users\George\00  R E S U L T\BlackBerry.BB.Flashback.Pro.v4.1.9.build.3121.patch-SND.zip, , [e86c5a20a2d9999d4b6f19ecd9277e82], 
PUP.Optional.FreeHD.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\FHDP@FHDP.TV.XPI, , [e96b5d1db2c95fd7b9fa634f639f17e9], 
PUP.Optional.BProtector.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\BPROTECTOR_EXTENSIONS.SQLITE, , [df75f98125561f17ad4bd1eaee145da3], 
PUP.Optional.BProtector.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\BPROTECTOR_PREFS.JS, , [e27254269ae12b0b0cedfac1857d5aa6], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\searchplugins\delta.xml, , [9db79cdef08bd75fbf62fbc18e748c74], 
PUP.Optional.WebSearch.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\searchplugins\WEBSEARCH.XML, , [520275055922999d1ee4497424de9967], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome.manifest, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\install.rdf, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\background.html, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\baseObject.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\browser.xul, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\dialog.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\main.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\options.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\options.xul, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\search_dialog.xul, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\asyncDB.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\background.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\browserAction.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\contextMenu.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\dbManager.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\dom_bg.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\fileManager.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefox.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefoxNotifications.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\firefoxOmnibox.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\message.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\pageAction.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\request.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\tabs.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\api\webRequest.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\console.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\consts.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\delegate.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\extensionDataStore.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\folderIOWrapper.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\httpObserver.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\IDBWrapper.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\installer.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\logFile.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\prefs.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\progressListenerObserver.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\registry.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\reloadObserver.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\reports.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\requestObject.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\searchSettings.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\uninstallObserver.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\updateManager.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\utils.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\chrome\content\core\xhr.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\defaults\preferences\prefs.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\manifest.xml, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins.json, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\72_appApiValidation.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\78_CrossriderInfo.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\7_hooks.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\87_ginyas_wrapper.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\98_omniCommands.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\9_search_engine_hook.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\175_coolmirage_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\177_crossriderDashboard.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\178_revizer_ws_dynamic_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\179_revizer_p_dynamic_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\17_jQuery.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\180_bpo_serp_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\182_openUrl.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\183_tabsWrapper.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\184_noproblemppc_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\189_active_sanity.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\190_pops_5_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\14_CrossriderUtils.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\159_cortica_rollover_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\16_FFAppAPIWrapper.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\170_icm1_5_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\171_arcadi2_sourceID_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\13_CrossriderAppUtils.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\191_ciuvo_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\194_retargeting_bi_m.js.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\195_icm_convertmedia_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\197_kreapixel_pops_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\1_base.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\207_dbWrapper.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\21_debug.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\220_icm_base_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\223_imonomy_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\22_resources.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\246_setup.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\254_cortica_pricecomp_m.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\28_initializer.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\47_resources_background.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\4_jquery_1_7_1.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\64_appApiMessage.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\userCode\background.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\userCode\extension.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome.manifest, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\install.rdf, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\background.html, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\baseObject.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\browser.xul, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\dialog.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\main.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\options.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\options.xul, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\search_dialog.xul, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\asyncDB.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\background.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\browserAction.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\contextMenu.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\dbManager.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\dom_bg.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\fileManager.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\firefox.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\firefoxNotifications.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\firefoxOmnibox.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\message.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\pageAction.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\request.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\tabs.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\api\webRequest.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\console.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\consts.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\delegate.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\extensionDataStore.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\folderIOWrapper.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\httpObserver.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\IDBWrapper.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\installer.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\logFile.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\prefs.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\progressListenerObserver.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\registry.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\reloadObserver.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\reports.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\requestObject.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\searchSettings.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\uninstallObserver.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\updateManager.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\utils.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\chrome\content\core\xhr.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\defaults\preferences\prefs.js, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\locale\en-US\translations.dtd, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\button1.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\button2.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\button3.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\button4.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\button5.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\crossrider_statusbar.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\icon24.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\icon48.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\panelarrow-up.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\popup.html, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\skin.css, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\firefox-production\skin\update.css, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\locale\en-US\translations.dtd, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button1.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button2.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button3.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button4.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\button5.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\crossrider_statusbar.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon128.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon16.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon24.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\icon48.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\panelarrow-up.png, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\popup.html, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\skin.css, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\skin\update.css, , [b2a29fdbf7840e280a548b07b74b9f61], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\chrome.manifest, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\install.rdf, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\components\FFDisp.dll, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\delta.css, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\delta.xul, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\dpk.htm, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\hlprs.js, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\loader.xul, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\mtstart.js, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\serp.js, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\tmplt.js, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\arwDwn.gif, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\closeo.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\help_16.gif, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\home.gif, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\icon_seperator.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\logo.PNG, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\privecy_16_hot.gif, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\sign.jpg, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\specialoffer.gif, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\tellafriend.gif, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\uninstall.gif, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ae.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\bg.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ch.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\cn.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\cz.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\de.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\eg.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\en.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\es.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\fr.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\gr.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\he.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\il.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\it.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ja.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\jp.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\nl.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\no.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\pl.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\pt.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ro.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ru.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\sa.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\se.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\sv.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\tr.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\ua.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\content\imgs\flgs\us.png, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\META-INF\manifest.mf, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\META-INF\zigbert.rsa, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@delta.com\META-INF\zigbert.sf, , [2a2a087294e72a0cf47f93ff25ddf20e], 
PUP.Optional.CrossRider.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "1427046b723905d0173bf4e312573829");), ,[3b190674ee8dc76fec43a8042dd74eb2]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.admin", false);), ,[e1733f3bbdbe2610ab941a92996b9d63]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), ,[0252a6d47902280e0f30d9d3c63e6e92]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");), ,[71e3a0daf883b97d9ba42c8015ef11ef]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.autoRvrt", "false");), ,[a5af4c2e72090135b9860ba1c341b44c]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), ,[22320f6bfa8162d4e15e7735ab5956aa]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.excTlbr", false);), ,[a8accab0e09bed4986b9a3097e8604fc]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.ffxUnstlRst", false);), ,[3b192e4c6d0e90a652ed46660afaa15f]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.id", "68993d8f000000000000002586d0c098");), ,[f75da8d25e1d6dc92d12505c8f75926e]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.instlDay", "15740");), ,[7ed6e49681fac0760639b7f519eb3ac6]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), ,[60f4acce96e53df9340b9b11f11305fb]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.newTab", false);), ,[61f36e0ca9d2df578eb1b8f48a7a42be]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), ,[2034077390eb90a665da5557e61e817f]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), ,[6ce80e6cb0cb1d19b28d54585ca8d12f]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.rvrt", "false");), ,[4b09afcb463534025de26745c143e51b]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.smplGrp", "none");), ,[d480ceacff7c0f277cc349631aeaf709]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.tlbrId", "uninst");), ,[96bec3b7f388a096a49b3f6dbb4914ec]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=68993d8f000000000000002586d0c098&q=");), ,[62f21b5f334871c52d121498ba4a857b]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.2");), ,[be960773d8a339fd9fa0d5d78b7920e0]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.213:52:56");), ,[cd876d0dea91c67026199715c73d857b]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.2");), ,[dd776d0d37444beb172886268f75dd23]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babExt", "");), ,[aca866148eed1f17122debc1d52f4bb5]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=118526&tt=030213_v112");), ,[2a2aadcdc4b70234fa459c105aaa55ab]
PUP.Optional.Babylon.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), ,[fb59f387176476c0013e9a12b45017e9]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), ,[56fe1a60c9b2dd59b591ac00ea1a9868]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), ,[aaaa9fdb0774171ff74f04a83bc914ec]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[de760d6d38431620281e8a22a55f7b85]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), ,[d97b3446f28979bd6bdbb7f5f41009f7]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "en");), ,[7fd57406b4c79b9b65e1852726de619f]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), ,[66eefa806e0dd26459edcce0ca3a8080]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), ,[3024cfab7cff8aacc77f0d9f699b16ea]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "68993d8f00000000000000ffffa9b89a");), ,[95bf8feb29525adc32140f9dfc08d22e]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15825");), ,[124206747b00e056a4a2713b7e863dc3]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), ,[3420ea9088f37db96bdbf7b5d82c2ad6]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), ,[064e9ae0adcecf67b88e5f4d29dbdf21]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), ,[f55f4d2d7ffcdd59a2a434788183718f]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), ,[70e4e298a5d649eda2a457553cc836ca]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), ,[58fcfa803e3d38febc8a1e8e3aca58a8]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), ,[0450b0cad2a9cb6bf84e25875aaa49b7]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[2d270f6babd0c373dd6954584aba5ba5]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.16.16");), ,[97bd8eecea913cfad175604c38ccca36]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.16.1612:50:16");), ,[ca8ad2a8156676c08eb8fab22dd7e31d]
PUP.Optional.Delta.A, C:\Users\George\AppData\Roaming\Mozilla\firefox\Profiles\nahd6ha2.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.16.16");), ,[520218621b602e08d76f94187391a45c]

Physical Sectors: 0
(No malicious items detected)


(end)

cosinus · 20.06.2014, 20:10

Wo haste denn jetzt das Enterprise Win7 her? Ist das ein gewerblich genutztes System? Eine Lizenz für Win7 Enterprise bekommt man nicht mal eben so im nächsten Laden um die Ecke!

Bartos · 20.06.2014, 20:20

ja, ist quasi gewerblich,da ich selbständig arbeite

cosinus · 20.06.2014, 20:48

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Bartos · 21.06.2014, 18:34

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 21/06/2014 um 10:26:11
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzername : George - GEORGE-PC
# Gestartet von : C:\Users\George\00  R E S U L T\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flash Player Pro
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mail.Ru
Ordner Gelöscht : C:\Program Files\Flash Player Pro
Ordner Gelöscht : C:\Program Files\LSHunter.TV
Ordner Gelöscht : C:\Program Files\Skillbrains
Ordner Gelöscht : C:\Users\George\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\George\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\George\AppData\Local\Mail.Ru
Ordner Gelöscht : C:\Users\George\AppData\Local\Skillbrains
Ordner Gelöscht : C:\Users\George\AppData\Local\Yandex
Ordner Gelöscht : C:\Users\George\AppData\LocalLow\Yandex
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Yandex
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LSHunter.TV
Ordner Gelöscht : C:\Users\George\Documents\Flash Player Pro
Ordner Gelöscht : C:\Users\Public\Documents\baidu
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\CT3317892
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\ffxtlbr@delta.com
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\dtrti@yyozfqeyoy.com
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\qcahoyye@okgmx.net
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{422f7661-9403-4da4-b4ef-cc3e268817b5}
Ordner Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
Datei Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\fhdp@fhdp.tv.xpi
Datei Gelöscht : C:\Users\George\daemonprocess.txt
Datei Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js
Datei Gelöscht : C:\Windows\Tasks\update-sys.job
Datei Gelöscht : C:\Windows\System32\Tasks\update-sys

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19E2F0D9-6D8F-427C-A727-4250513D6656}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19E2F0D9-6D8F-427C-A727-4250513D6656}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [AdMuncherUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-1111-2222-3333-444444444444}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Schlüssel Gelöscht : HKCU\Software\SkillBrains
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Show-Password
Schlüssel Gelöscht : HKLM\Software\SkillBrains
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

[ Datei : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js ]

Zeile gelöscht : user_pref("CT3317892.FF19Solved", "true");
Zeile gelöscht : user_pref("CT3317892.UserID", "UN40453020052204263");
Zeile gelöscht : user_pref("CT3317892.fullUserID", "UN40453020052204263.IN.20131114194409");
Zeile gelöscht : user_pref("CT3317892.installDate", "14/11/2013 19:44:26");
Zeile gelöscht : user_pref("CT3317892.installSessionId", "{6927252F-F15A-4D89-AA0D-FC185FA6895D}");
Zeile gelöscht : user_pref("CT3317892.installSp", "false");
Zeile gelöscht : user_pref("CT3317892.installerVersion", "1.8.1.4");
Zeile gelöscht : user_pref("CT3317892.keyword", "true");
Zeile gelöscht : user_pref("CT3317892.originalSearchAddressUrl", "");
Zeile gelöscht : user_pref("CT3317892.searchRevert", "false");
Zeile gelöscht : user_pref("CT3317892.searchUninstallUserMode", "2");
Zeile gelöscht : user_pref("CT3317892.searchUserMode", "2");
Zeile gelöscht : user_pref("CT3317892.toolbarInstallDate", "14-11-2013 19:44:11");
Zeile gelöscht : user_pref("CT3317892.versionFromInstaller", "10.22.3.18");
Zeile gelöscht : user_pref("CT3317892.xpeMode", "0");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("extensions.5188ce2f0b0a7.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf[...]
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "68993d8f000000000000002586d0c098");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15740");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=68993d8f000000000000002586d0c098&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.213:52:56");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=118526&tt=030213_v112");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1427046b723905d0173bf4e312573829");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "68993d8f00000000000000ffffa9b89a");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15825");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1612:50:16");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k1", "0");
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k2", "0");
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k3", "0");
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k4", "0");
Zeile gelöscht : user_pref("extensions.kango.storage.m2_k5", "1397841015790");
Zeile gelöscht : user_pref("extensions.kango.storage.minibar.config", "{\"name\":\"Apps Hat\",\"description\":\"Apps Hat\",\"button\":{\"tooltip\":\"Visit AppsHat.com\",\"icon\":\"hxxp://www.bigspeedpro.com/button/%af[...]
Zeile gelöscht : user_pref("extensions.kango.storage.nero_options", "\"{\\\"m1\\\":{\\\"ads\\\":{\\\"n1\\\":{\\\"url\\\":\\\"//ulayout.com/nero/hatter/google_post_results_728x90.html?aff_slug=appshat\\\",\\\"width\\\"[...]
Zeile gelöscht : user_pref("extensions.kango.storage.ui.button.iconCache", "\"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABMAAAATCAYAAAByUDbMAAADlElEQVQ4jb3S3U9adxwG8F/BuooQAQscXj0cOIC8nANUPYjoHDClvqAoZ04gpqsZKmrUV[...]
Zeile gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT3317892");
Zeile gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN40453020052204263&UM=2&q=");
Zeile gelöscht : user_pref("smartbar.machineId", "IZC8QNWTZYMAB55RUHCJXKN1SPJ3EZHXZQUEDKO+AC6KZQVC89JICBOD42LC+RH5Y4SLJT5GQMTTCB/ZLKBYTA");

*************************

AdwCleaner[R0].txt - [25595 octets] - [20/10/2013 14:02:54]
AdwCleaner[R1].txt - [25715 octets] - [20/10/2013 15:09:13]
AdwCleaner[R2].txt - [25835 octets] - [20/10/2013 15:24:16]
AdwCleaner[R3].txt - [3562 octets] - [20/10/2013 15:28:41]
AdwCleaner[R4].txt - [2748 octets] - [20/10/2013 15:40:36]
AdwCleaner[R5].txt - [6818 octets] - [06/11/2013 17:15:50]
AdwCleaner[R6].txt - [13020 octets] - [20/06/2014 22:09:24]
AdwCleaner[R7].txt - [12413 octets] - [21/06/2014 10:16:46]
AdwCleaner[S0].txt - [360 octets] - [20/10/2013 14:44:11]
AdwCleaner[S1].txt - [360 octets] - [20/10/2013 15:14:11]
AdwCleaner[S2].txt - [25946 octets] - [20/10/2013 15:26:15]
AdwCleaner[S3].txt - [3608 octets] - [20/10/2013 15:32:53]
AdwCleaner[S4].txt - [12345 octets] - [21/06/2014 10:26:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [12406 octets] ##########

Junkware Removal Tool läßt sich nicht bis zum Ende durchführen.
Bei Shortcut.dat erscheint eine Fehlermeldung, die sich nicht wegklicken läßt.
Das Programm schließt sich selbst, ohne JRT.txt abzulegen.

FRST.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by George (administrator) on GEORGE-PC on 21-06-2014 15:20:36
Running from C:\Users\George\00  R E S U L T
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Crystal Rich Ltd) C:\Program Files\USB Safely Remove\USBSRService.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
(Baidu Inc.) C:\Program Files\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(FlyingSnow) C:\Program Files\MacType\MacTray.exe
(Techsoft) C:\Windows\System32\mfsyncsv.exe
() C:\Windows\System32\NMSAccessU.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Digital Networks North America, Inc.) C:\Windows\System32\RioMSC.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
(Totalidea Software) C:\Windows\System32\Tweak7SystemService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Windows\System32\vsnapvss.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(PS Soft Lab) C:\Program Files\PS Tray Factory\PSTrayFactory.exe
() C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe
(Techsoft) C:\Program Files\MirrorFolder\mrfshl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Mortal Universe) C:\Program Files\POP Peeper\POPPeeper.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Hyperionics Technology LLC) C:\Program Files\FileBX\FileBX.exe
(Murray Hurps Software Pty Ltd) C:\Program Files\Ad Muncher\AdMunch.exe
(NTeWORKS) C:\Program Files\PicPick\picpick.exe
(Smart PC Solutions) C:\Program Files\Smart PC Solutions\Smart Mail Notifier\SmartMailNotifier.exe
(Letasoft) C:\Program Files\Letasoft Sound Booster\SoundBooster.exe
(<appro@fy.chalmers.se>) C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe
() C:\Program Files\WindowTabs\WindowTabs.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Anuko International Ltd.) C:\Program Files\Anuko\World Clock\world_clock.exe
() C:\Program Files\Everything\Everything.exe
(Just Great Software) C:\Program Files\Just Great Software\AceText\AceText.exe
(Optimum X) C:\Users\George\AppData\Local\Temp\jrt\SHORTCUT.DAT
(Microsoft Corporation) C:\Windows\System32\findstr.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Enterra Icon Keeper] => C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe [57344 2006-06-06] (Enterra, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [3309568 2004-03-24] (NVIDIA Corporation)
HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [388992 2014-04-24] (SHADOWDEFENDER.COM)
HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Run: [TrayFactory] => C:\Program Files\PS Tray Factory\PSTrayFactory.EXE [1304576 2010-05-25] (PS Soft Lab)
HKLM\...\Run: [Minipad] => C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe [236544 2010-11-28] ()
HKLM\...\Run: [MirrorFolderShell] => C:\Program Files\MirrorFolder\mrfshl.exe [228904 2012-12-08] (Techsoft)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [RevertWebViewSecurity] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [TrayFactory] => C:\Program Files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [AnukoWorldClock] => C:\Program Files\Anuko\World Clock\world_clock.exe [571480 2013-12-05] (Anuko International Ltd.)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [POP Peeper] => C:\Program Files\POP Peeper\POPPeeper.exe [2221056 2013-12-20] (Mortal Universe)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2611808 2014-01-20] ()
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3837520 2014-06-04] (Tonec Inc.)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\RunOnce: [PSTF] - C:\Program Files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoDrives] 62914560
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\MountPoints2: D - D:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox eXtender.lnk
ShortcutTarget: FileBox eXtender.lnk -> C:\Program Files\FileBX\FileBX.exe (Hyperionics Technology LLC)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AceText.lnk
ShortcutTarget: AceText.lnk -> C:\Program Files\Just Great Software\AceText\AceText.exe (Just Great Software)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdMunch.lnk
ShortcutTarget: AdMunch.lnk -> C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PicPick.lnk
ShortcutTarget: PicPick.lnk -> C:\Program Files\PicPick\picpick.exe (NTeWORKS)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smart mail.lnk
ShortcutTarget: smart mail.lnk -> C:\Program Files\Smart PC Solutions\Smart Mail Notifier\SmartMailNotifier.exe (Smart PC Solutions)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound Booster.lnk
ShortcutTarget: Sound Booster.lnk -> C:\Program Files\Letasoft Sound Booster\SoundBooster.exe (Letasoft)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TXMouse.lnk
ShortcutTarget: TXMouse.lnk -> C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe (<appro@fy.chalmers.se>)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowTabs.lnk
ShortcutTarget: WindowTabs.lnk -> C:\Windows\Installer\{8FB716E9-A14D-4983-8DE0-818CFFF24658}\_11D700C05B80A7BE98D2B6.exe ()
ShellIconOverlayIdentifiers:   MailRuCloudIconOverlay0 -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} =>  No File
ShellIconOverlayIdentifiers:   MailRuCloudIconOverlay1 -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} =>  No File
ShellIconOverlayIdentifiers:   MailRuCloudIconOverlay2 -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} =>  No File
ShellIconOverlayIdentifiers:  0Cloudfogger -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers:  1Cloudfogger -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers:  2Cloudfogger -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
BootExecute: 

==================== Internet (Whitelisted) ====================

ProxyServer: 60.222.224.135:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2155FCF56F08CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ustart.org
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MetaProducts Inquiry Helper - {001165C1-A640-11D7-9FD9-0080481ADA61} - C:\Program Files\MetaProducts Inquiry\inquiry.dll (MetaProducts corp.)
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: WebResearch Browser Helper Object - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
BHO: FLockObj Class - {26C3165B-FC58-4910-802D-250B2E68A04E} - C:\Program Files\GiliSoft\Privacy Protector\FileLockPlugin.dll ()
BHO: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Research Project Colletta IE Add-in - {9da4fcb2-d7ca-4080-94b7-11e7b20d3f63} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - QTToolBar2 - {a84524f0-d48b-4cff-8012-5e67decaf1d5} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Command Bar - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Command Bar 2 - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Management toolbar - {d2bf470e-ed1c-487f-a300-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: QTTabBarLib.ExplorerProcessCaptor - {D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE} - C:\Windows\System32\mscoree.dll [297808 2010-11-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{2E4A2520-01A7-4514-9E86-0193B5E2F54F}: [NameServer]8.8.8.8,8.8.4.4,192.168.1.1
Tcpip\..\Interfaces\{A4034B29-02E2-4202-9945-9C97B2001AC5}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B383CF35-CA4E-4E62-8DA4-A92724620976}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B9A18F8B-589A-45A9-A31A-9650FF81DACD}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF DefaultSearchEngine: uStart
FF SearchEngineOrder.1: uStart
FF Homepage: hxxp://startpage.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @digitalworkshop.com/Plexus - C:\ProgramData\\Digital Workshop\Plexus\npilm500.dll (Digital Workshop)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @metaproducts.com/MPIQ - C:\Program Files\MetaProducts Inquiry\mpsafariiq.dll (MetaProducts corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @siber.com/RoboForm - C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\PROGRA~1\TRACKE~1\PDFVIE~1\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.4-next - C:\Users\George\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdbplug.dll (DNAML Pty Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPILM500.dll (Digital Workshop)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\digg.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-blogs.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-books.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-directory.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-finance.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-groups.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-news.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-products.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-trends.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-video.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\longman-english-dictionary.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\thesauruscom.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\youtube.xml
FF Extension: pearltrees - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\collector@broceliand.fr [2013-04-28]
FF Extension: Custom Buttons - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\custombuttons@xsms.org [2013-11-19]
FF Extension: FavIconReloader - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\FavIconReloader@mozilla.org [2013-11-22]
FF Extension: HashColouredTabs+ - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\hashcolouredtabs@bristol.ac.uk [2013-05-01]
FF Extension: No Name - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\staged [2013-05-09]
FF Extension: DNL Reader for Mozilla - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\support@dnaml.com [2014-04-27]
FF Extension: The Puzzle Piece - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thePuzzlePiece@quicksaver [2013-09-14]
FF Extension: ColorfulTabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-11-19]
FF Extension: FireShot - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013-10-14]
FF Extension: Flagfox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013-11-22]
FF Extension: EPUBReader - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-04-28]
FF Extension: All-in-One Gestures - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-05-26]
FF Extension: YouTube™ Anywhere Player - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2013-11-19]
FF Extension: Image Spider - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\Artem@Demchenkov.ImageSpider.xpi [2013-04-28]
FF Extension: Classic Bookmarks Button - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\ClassicBookmarksButton@ArisT2Noia4dev.xpi [2013-11-19]
FF Extension: Classic Theme Restorer - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2013-11-19]
FF Extension: FabTabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\fabtab@captaincaveman.nl.xpi [2013-05-01]
FF Extension: FireGestures - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\firegestures@xuldev.org.xpi [2013-04-28]
FF Extension: IdentFavIcon - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\identfavicon@david.hanak.hu.xpi [2013-04-28]
FF Extension: Side Tabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\jid0-AjzBVlpzVAaBqxcar9QDqMWWAVQ@jetpack.xpi [2013-05-01]
FF Extension: Scroll To Top - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\jid0-gRmSxW9ByuHwGjLhtXJg27YnZRs@jetpack.xpi [2013-05-01]
FF Extension: Multifox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\multifox@hultmann.xpi [2013-05-01]
FF Extension: Multi Links - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\multilinks@plugin.xpi [2013-04-28]
FF Extension: Easy DragToGo+ - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\pig1717@gmail.com.xpi [2013-04-29]
FF Extension: QuickDrag - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2013-04-28]
FF Extension: Scroll to Top/Bottom - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2013-05-01]
FF Extension: The Puzzle Piece - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thePuzzlePiece@quicksaver.xpi [2013-05-26]
FF Extension: Thumbnail Zoom Plus - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-04-28]
FF Extension: Tile Tabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\tiletabs@DW-dev.xpi [2013-05-01]
FF Extension: Google Translator for Firefox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\translator@zoli.bod.xpi [2013-04-28]
FF Extension: Session Manager - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-04-28]
FF Extension: Capture &amp; Print - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2013-04-28]
FF Extension: RunWith - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{2E3C8719-28D0-47fc-BD8E-9A2C02F4144E}.xpi [2013-04-28]
FF Extension: SearchWP - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d}.xpi [2013-05-18]
FF Extension: Tab Clicking Options - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{43520B8F-4107-4351-AC64-9BCC5EEA24B9}.xpi [2013-05-01]
FF Extension: Searchtermhighlighter - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{458482f0-90fb-4257-855f-0ba2790584f9}.xpi [2013-05-18]
FF Extension: Stylish - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-04-28]
FF Extension: DragIt - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{575cbcb9-3b7e-493a-b001-886b3ae793b5}.xpi [2013-04-29]
FF Extension: Quick Translator - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-04-28]
FF Extension: Readability - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2013-04-28]
FF Extension: Speed Dial - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-05-09]
FF Extension: FfChrome - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{9bc51d13-3849-4541-a69c-da418934ca05}.xpi [2013-05-01]
FF Extension: eCleaner - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2013-05-01]
FF Extension: RightToClick - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-04-28]
FF Extension: TextMarker Go - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi [2013-04-28]
FF Extension: CoolPreviews - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2013-04-28]
FF Extension: MetaProducts Integration - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi [2013-04-28]
FF Extension: Tab Mix Plus - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-04-28]
FF Extension: DownThemAll! - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-28]
FF Extension: Greasemonkey - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-04-29]
FF Extension: Menu Editor - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-04-28]
FF Extension: FoxTab - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013-05-09]
FF Extension: Open link in... - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}.xpi [2013-04-28]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-11-17]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012-10-28]
FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] - C:\Program Files\MAXA Cookie Manager\extension
FF Extension: MAXA Cookie Manager - C:\Program Files\MAXA Cookie Manager\extension [2012-11-23]
FF HKCU\...\Firefox\Extensions: [CaptureSaver@goldgingko.com] - C:\Program Files\CaptureSaver\Firefox
FF Extension: No Name - C:\Program Files\CaptureSaver\Firefox [2013-03-22]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\George\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\George\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\George\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\George\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-04-12]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\George\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\George\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]

========================== Services (Whitelisted) =================

S4 Backupper Service; C:\Program Files\AOMEI Backupper Professional Edition 2.0\ABService.exe [29912 2014-04-04] (AOMEI Tech Co., Ltd.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
S4 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2164088 2012-06-29] (Condusiv Technologies)
S4 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
S4 Hddb_Service; C:\Program Files\xp-zed\hddb\Hddb_Srv.exe [150016 2014-05-02] (Xp-Zed.com) [File not signed]
S4 hgvpn; C:\Program Files\HideGuard VPN\hgvpn.exe [770096 2014-03-17] ()
S4 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 MacType; C:\Program Files\MacType\MacTray.exe [605696 2012-10-22] (FlyingSnow) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mfsyncsv; C:\Windows\system32\mfsyncsv.exe [182312 2012-12-08] (Techsoft)
R2 NMSAccess; C:\Windows\system32\NMSAccessU.exe [71096 2009-01-12] ()
S4 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)
S4 PCAppStoreSvc_{PCAppStore_4.2.1.5384}; C:\Program Files\Baidu Security\PC App Store\4.2.1.5384\PCAppStoreSvc.exe [575008 2014-04-08] (Baidu Inc.)
R2 PCFasterSvc_{PCFaster_4.0.0.0}; C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [699376 2014-06-06] (Baidu Inc.)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [603760 2013-10-16] (Paramount Software UK Ltd)
R2 RioMSC; C:\Windows\system32\RioMSC.exe [303104 2005-07-25] (Digital Networks North America, Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [130248 2013-10-16] (Sandboxie Holdings, LLC)
S4 SdxEmailCaptureService; C:\Program Files\Sohodox Desktop\Modules\Email Capture\EmailCaptureSvr.exe [69632 2012-06-04] (ITAZ Technologies Pvt Ltd) [File not signed]
S4 SdxFolderMonitorService; C:\Program Files\Sohodox Desktop\Modules\Folder Monitor\FldMonSrv.exe [65536 2011-12-29] (ITAZ Technologies Pvt Ltd) [File not signed]
S4 SdxIndexingService; C:\Program Files\Sohodox Desktop\Modules\Indexing Service\Itaz.Dms.IndexingService.exe [61440 2013-06-04] (ITAZ Technologies Pvt Ltd) [File not signed]
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S4 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3506232 2013-08-03] (SoftEther Project at University of Tsukuba, Japan.)
R2 ShadowProtectSvc; C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [3561472 2012-10-28] (StorageCraft Technology Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [57344 2013-01-08] () [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
S3 TunnelBearMaintenance; C:\Program Files\TunnelBear\TBear.Maintenance.exe [25536 2014-04-08] ()
R2 Tweak7SystemService; C:\Windows\system32\Tweak7SystemService.exe [102904 2013-06-10] (Totalidea Software)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
R2 USBSafelyRemoveService; C:\Program Files\USB Safely Remove\USBSRService.exe [1036088 2014-03-24] (Crystal Rich Ltd)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () [File not signed]
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25728 2012-06-05] (Google Inc)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R1 BprotectEx; C:\Windows\System32\drivers\BprotectEx.sys [103744 2014-06-06] (Baidu, Inc.)
R3 cmuda3; C:\Windows\System32\Drivers\cmudax3.sys [1872192 2009-12-01] (C-Media Inc)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [306536 2014-04-24] (SHADOWDEFENDER.COM)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [35120 2012-04-05] (Condusiv Technologies)
S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44496 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [85328 2012-06-07] (Condusiv Technologies)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider) [File not signed]
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
R0 FLGuard; C:\Windows\System32\drivers\FlGuard.sys [35328 2013-11-19] (SafePcTools Software) [File not signed]
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R2 HCWBT8xx; C:\Windows\System32\Drivers\HCWBT8XX.sys [280644 2002-03-01] (Hauppauge Computer Works)
R0 hpt3xx; C:\Windows\System32\Drivers\hpt3xx.sys [43539 2003-05-09] (HighPoint Technologies, Inc.)
R0 hptpro; C:\Windows\System32\Drivers\hptpro.sys [9809 2003-01-27] (HighPoint Technologies, Inc.)
R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2014-03-22] (Highresolution Enterprises [www.highrez.co.uk])
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [30216 2014-03-04] (IObit)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [18136 2013-02-25] ()
R0 mrfoldr; C:\Windows\System32\drivers\mrfoldr.sys [77104 2012-12-08] (Techsoft)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed]
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0055.sys [26208 2013-08-02] (SoftEther Project at University of Tsukuba, Japan.)
R3 PCFApiUtil; C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [119168 2014-03-11] (Baidu, Inc.)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-12-03] (Raxco Software, Inc.)
S3 Point32; C:\Windows\System32\Drivers\point32k.sys [24064 2006-11-08] (Microsoft Corporation) [File not signed]
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [65144 2013-08-01] (Paramount Software UK Ltd)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 PSVolAcc; C:\Windows\system32\Drivers\PSVolAcc.sys [13432 2013-06-28] (Paramount Software UK Ltd)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159840 2013-10-16] (Sandboxie Holdings, LLC)
S3 SEE; C:\Windows\System32\drivers\see.sys [42976 2013-08-03] (SoftEther Project at University of Tsukuba, Japan.)
S3 Spring; C:\Program Files\Baidu Security\PC Faster\4.0.0.0\Spring.sys [96608 2014-06-16] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-10-31] (RapidSolution Software AG)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1451312 2012-03-19] (ShiningMorning Inc.)
U3 IDMTDI; 
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S4 utm0mzgw; \??\C:\Windows\system32\Drivers\utm0mzgw.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\Users\George\AppData\Roaming\ioloGovernor
2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-01-11 22:47 - 2014-04-07 21:28 - 00000000 ____D () C:\ProgramData\iolo
2014-06-21 10:30 - 2014-06-21 10:30 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-06-21 09:07 - 2014-06-21 09:07 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-21 08:50 - 2014-06-21 10:30 - 00002468 _____ () C:\Windows\PFRO.log
2014-06-20 21:49 - 2014-06-21 09:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-20 20:09 - 2014-06-20 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-20 20:09 - 2014-06-20 20:09 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-20 19:00 - 2014-06-20 19:00 - 00000000 ____D () C:\Users\George\AppData\Roaming\ProductData
2014-06-19 22:41 - 2014-06-19 22:41 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-19 22:36 - 2014-06-19 22:36 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-19 19:40 - 2014-06-19 19:40 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 16:15 - 2014-06-21 15:22 - 00000000 ____D () C:\FRST
2014-06-19 15:48 - 2014-06-19 15:48 - 00059848 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:46 - 2014-06-21 10:54 - 00000504 _____ () C:\Windows\setupact.log
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 15:45 - 2014-06-19 15:46 - 00274664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 21:15 - 2014-06-17 21:15 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  AppData Roa
2014-06-17 21:14 - 2014-06-19 19:24 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  PR
2014-06-14 20:47 - 2014-06-21 09:49 - 00005176 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 13:43 - 2011-08-15 22:34 - 00108544 _____ (Matrox Graphics Inc.) C:\Windows\system32\Drivers\MxEFUF32.sys
2014-06-14 13:29 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
2014-06-14 11:09 - 2014-06-14 11:09 - 00000000 ____D () C:\Users\George\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-06-14 11:08 - 2014-06-18 17:58 - 00000000 ____D () C:\Program Files\Garden Planner 3
2014-06-12 19:31 - 2014-06-19 19:24 - 00000000 ____D () C:\Program Files\VueScan
2014-06-12 19:31 - 2014-06-12 19:31 - 00000947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
2014-06-12 19:31 - 2014-06-12 19:31 - 00000941 _____ () C:\Users\Public\Desktop\VueScan x32.lnk
2014-06-12 19:15 - 2014-06-19 19:24 - 00000000 ____D () C:\Program Files\Common Files\Canon
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files\PC Drivers HeadQuarters
2014-06-12 18:58 - 2014-06-12 19:38 - 00000000 ____D () C:\Program Files\DriverTuner
2014-06-11 21:33 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2014-06-11 21:33 - 2014-06-18 18:08 - 00000000 ____D () C:\Program Files\Canon
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Scribble Code
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\dumps
2014-06-09 12:17 - 2014-06-09 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crosstrainer
2014-06-07 20:23 - 2014-06-07 20:23 - 188416000 _____ () C:\Users\George\Desktop\ampe.iso
2014-06-07 20:08 - 2014-06-07 20:08 - 00001024 ____H () C:\SYSTAG.BIN
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-06-07 20:06 - 2014-06-07 20:08 - 00000082 _____ () C:\Windows\system32\winsevr.dat
2014-06-07 20:05 - 2014-06-07 20:23 - 00000000 ____D () C:\Program Files\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:05 - 2014-06-07 20:05 - 00001164 _____ () C:\Users\Public\Desktop\AOMEI Backupper Professional Edition 2.0.lnk
2014-06-07 20:05 - 2014-06-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:05 - 2013-05-07 14:27 - 00129720 _____ () C:\Windows\system32\ammntdrv.sys
2014-06-07 20:05 - 2013-05-07 14:27 - 00026424 _____ () C:\Windows\system32\ambakdrv.sys
2014-06-07 20:05 - 2013-02-06 15:52 - 00014392 _____ () C:\Windows\system32\amwrtdrv.sys
2014-06-07 14:32 - 2014-06-07 15:02 - 00000000 ____D () C:\Users\George\AppData\Roaming\Tweak-7
2014-06-07 14:32 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Local\Totalidea_Software
2014-06-07 14:30 - 2014-06-07 14:30 - 00001889 _____ () C:\Users\George\Desktop\Tweak-7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001770 _____ () C:\Users\George\Desktop\Shutdown Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Suspend Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Restart Windows 7.lnk
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Windows\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Program Files\Tweak-7
2014-06-07 14:14 - 2014-06-07 14:27 - 00000052 _____ () C:\Windows\system32\actt7.ini
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\OpenSSL-Win32
2014-06-07 14:10 - 2014-06-05 08:07 - 01177088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-06-07 14:10 - 2014-06-05 08:07 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-06-07 14:10 - 2014-06-05 08:07 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll
2014-06-06 23:39 - 2014-06-06 23:39 - 00000000 ____D () C:\Program Files\synedra
2014-06-06 23:38 - 2014-06-06 23:38 - 00000000 ____D () C:\Users\George\.imagej
2014-06-06 23:23 - 2014-06-18 18:15 - 00000000 ____D () C:\Program Files\ImageJ
2014-06-06 22:28 - 2014-06-06 22:28 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-06-06 22:22 - 2014-06-08 14:02 - 00001829 _____ () C:\Users\Public\Desktop\R-Wipe&Clean.lnk
2014-06-06 13:48 - 2014-06-06 13:48 - 00000000 ____D () C:\Users\George\AppData\Roaming\anyburn
2014-06-06 12:40 - 2014-06-06 12:48 - 00000041 ___SH () C:\ProgramData\.zreglib
2014-06-06 12:38 - 2014-06-06 12:38 - 00000000 ____D () C:\ProgramData\SlySoft
2014-06-06 12:37 - 2014-06-06 12:37 - 00000000 ____D () C:\Program Files\SlySoft
2014-06-06 12:00 - 2014-06-06 12:25 - 00000000 ____D () C:\Users\George\Desktop\Drewes
2014-06-05 13:55 - 2014-06-05 13:55 - 00000000 ____D () C:\ProgramData\Opus Professional
2014-06-05 13:54 - 2014-06-05 13:54 - 00001756 _____ () C:\Users\George\Desktop\Opus Pro 9.lnk
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Digital Workshop
2014-06-05 13:53 - 2014-02-02 15:51 - 00196608 _____ (Digital Workshop) C:\Windows\DWUninst.exe
2014-06-05 13:53 - 2010-06-23 09:53 - 01537536 _____ () C:\Windows\system32\erdmpg-hi.dll
2014-06-05 13:53 - 2010-06-23 09:53 - 00405504 _____ (Essien Research & Development) C:\Windows\system32\mpgfiltr.ax
2014-06-05 13:45 - 2014-06-05 13:54 - 00000000 ____D () C:\Program Files\Opus Pro 9
2014-06-05 07:16 - 2014-06-05 03:06 - 00113168 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-06-04 13:46 - 2014-06-18 18:23 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-04 13:45 - 2014-06-04 14:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-04 13:36 - 2014-06-04 13:36 - 00001779 _____ () C:\Users\Public\Desktop\Postbox.lnk
2014-06-04 12:53 - 2014-06-04 14:37 - 00000000 ____D () C:\Users\George\AppData\Roaming\SideSlide
2014-06-03 12:00 - 2014-06-03 12:00 - 00001259 _____ () C:\Users\Public\Desktop\FlipBook Maker Enterprise.lnk
2014-06-02 09:57 - 2014-06-02 09:57 - 00859456 _____ (repkasoft) C:\Windows\yowindow.scr
2014-06-01 14:27 - 2014-06-01 14:27 - 00000913 _____ () C:\Users\Public\Desktop\Registry First Aid.lnk
2014-06-01 14:27 - 2014-06-01 14:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 9
2014-05-31 15:08 - 2014-05-31 15:08 - 00003560 ____N () C:\bootsqm.dat
2014-05-31 13:08 - 2014-05-31 13:08 - 00018372 _____ () C:\Users\George\Documents\cc_20140531_130821.reg
2014-05-30 20:37 - 2014-05-30 20:37 - 00000000 ____D () C:\Program Files\FlashDemo.NET
2014-05-30 20:34 - 2014-05-30 20:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\FourthRaySoftware
2014-05-30 20:28 - 2014-05-30 20:28 - 00000000 ____D () C:\FRS
2014-05-30 11:28 - 2014-05-30 11:28 - 00000942 _____ () C:\Users\George\Desktop\VKMusic 4.lnk
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\Program Files\VKMusic 4
2014-05-29 12:27 - 2014-04-16 15:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-29 12:26 - 2014-04-16 15:15 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-29 12:26 - 2014-04-16 15:15 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-29 12:25 - 2014-04-16 15:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store

==================== One Month Modified Files and Folders =======

2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\Users\George\AppData\Roaming\ioloGovernor
2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-06-21 15:22 - 2014-06-19 16:15 - 00000000 ____D () C:\FRST
2014-06-21 15:20 - 2014-04-02 17:22 - 00000000 ____D () C:\Users\George\00  R E S U L T
2014-06-21 14:58 - 2009-07-14 06:34 - 00023920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-21 14:58 - 2009-07-14 06:34 - 00023920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 14:04 - 2013-07-31 12:40 - 00015385 _____ () C:\Windows\FileGuard.bin
2014-06-21 12:49 - 2012-12-13 16:47 - 00013222 _____ () C:\Windows\mrfldr.dat
2014-06-21 12:45 - 2014-05-12 18:44 - 00000000 ____D () C:\Users\George\AppData\Roaming\LuraTech
2014-06-21 12:01 - 2014-01-30 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-06-21 11:20 - 2012-11-10 16:33 - 00248489 _____ () C:\Users\George\Documents\AceText ClipHistory.atc
2014-06-21 11:17 - 2013-06-24 10:49 - 00000000 ____D () C:\Users\George\AppData\Roaming\Everything
2014-06-21 11:02 - 2013-07-22 15:13 - 00000000 ____D () C:\Users\George\AppData\Roaming\ClassicShell
2014-06-21 11:00 - 2012-10-27 23:09 - 00000000 ____D () C:\Users\George
2014-06-21 10:57 - 2014-03-04 19:27 - 00000000 ____D () C:\Users\George\.rainlendar2
2014-06-21 10:57 - 2012-12-13 16:47 - 00013222 _____ () C:\Windows\mrfldr.da0
2014-06-21 10:55 - 2014-05-17 18:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-06-21 10:55 - 2014-05-17 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
2014-06-21 10:55 - 2012-10-30 14:02 - 00003725 _____ () C:\Windows\system32\nvapps.xml
2014-06-21 10:54 - 2014-06-19 15:46 - 00000504 _____ () C:\Windows\setupact.log
2014-06-21 10:54 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-21 10:53 - 2012-10-28 10:40 - 00000000 ____D () C:\Users\George\AppData\Roaming\DMCache
2014-06-21 10:30 - 2014-06-21 10:30 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2014-06-21 10:30 - 2014-06-21 08:50 - 00002468 _____ () C:\Windows\PFRO.log
2014-06-21 10:28 - 2013-10-20 14:02 - 00000000 ____D () C:\AdwCleaner
2014-06-21 10:28 - 2013-03-16 16:31 - 00000000 ____D () C:\Users\George\AppData\Local\CrashDumps
2014-06-21 10:11 - 2012-12-07 11:47 - 00007613 _____ () C:\Users\George\AppData\Local\Resmon.ResmonCfg
2014-06-21 10:06 - 2012-11-10 17:30 - 00000000 ___SD () C:\Program Files\Ad Muncher
2014-06-21 09:57 - 2014-06-20 21:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-21 09:49 - 2014-06-14 20:47 - 00005176 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 09:34 - 2014-03-14 18:01 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-21 09:32 - 2012-12-31 13:34 - 00000000 ____D () C:\ProgramData\IObit
2014-06-21 09:31 - 2012-12-31 13:33 - 00000000 ____D () C:\Program Files\IObit
2014-06-21 09:07 - 2014-06-21 09:07 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-20 21:37 - 2012-10-28 10:40 - 00000000 ____D () C:\Users\George\AppData\Roaming\IDM
2014-06-20 20:09 - 2014-06-20 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-20 20:09 - 2014-06-20 20:09 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-20 19:00 - 2014-06-20 19:00 - 00000000 ____D () C:\Users\George\AppData\Roaming\ProductData
2014-06-19 22:41 - 2014-06-19 22:41 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-19 22:40 - 2013-03-21 12:26 - 00000000 ____D () C:\Users\George\AppData\Roaming\IObit
2014-06-19 22:36 - 2014-06-19 22:36 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-19 20:44 - 2013-07-31 11:29 - 00000000 ___RD () C:\Program Files\TreePadBIZ_8
2014-06-19 19:40 - 2014-06-19 19:40 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 19:40 - 2014-01-30 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 19:40 - 2014-01-30 12:15 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-19 19:24 - 2014-06-17 21:14 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  PR
2014-06-19 19:24 - 2014-06-14 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
2014-06-19 19:24 - 2014-06-12 19:31 - 00000000 ____D () C:\Program Files\VueScan
2014-06-19 19:24 - 2014-06-12 19:15 - 00000000 ____D () C:\Program Files\Common Files\Canon
2014-06-19 19:24 - 2014-06-11 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2014-06-19 19:24 - 2014-05-10 13:13 - 00000000 ____D () C:\Program Files\PrivaZer
2014-06-19 19:24 - 2014-04-03 10:46 - 00000000 ____D () C:\Users\George\AppData\Roaming\POP Peeper
2014-06-19 19:24 - 2014-03-30 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R-Wipe&Clean
2014-06-19 19:24 - 2014-03-30 13:07 - 00000000 ____D () C:\Program Files\R-Wipe&Clean
2014-06-19 19:24 - 2013-12-15 22:12 - 00000000 ____D () C:\Users\George\AppData\Roaming\Anuko
2014-06-19 19:24 - 2013-11-30 20:32 - 00000000 ____D () C:\Program Files\QTTabBar
2014-06-19 19:24 - 2013-10-01 15:25 - 00000000 ____D () C:\Program Files\The Bat!
2014-06-19 19:24 - 2013-09-24 17:57 - 00000000 ____D () C:\Users\George\AppData\Roaming\AntispamSniper
2014-06-19 19:24 - 2013-04-29 14:36 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 19:24 - 2013-04-29 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 19:24 - 2013-03-24 16:35 - 00000000 ____D () C:\Users\George\AppData\Roaming\jane
2014-06-19 19:24 - 2013-01-02 18:06 - 00000000 ____D () C:\Users\George\AppData\Roaming\XnViewMP
2014-06-19 19:24 - 2012-11-22 15:20 - 00000000 ____D () C:\Users\George\AppData\Roaming\The Bat!
2014-06-19 19:24 - 2012-11-10 18:01 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2014-06-19 19:24 - 2012-11-10 18:01 - 00000000 ____D () C:\Users\George\AppData\Local\privazer
2014-06-19 19:24 - 2012-10-30 15:23 - 00000000 ____D () C:\Users\George\AppData\Roaming\XnView
2014-06-19 19:24 - 2012-10-28 14:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\picpick
2014-06-19 19:24 - 2012-10-28 10:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-19 19:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Branding
2014-06-19 19:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-19 15:48 - 2014-06-19 15:48 - 00059848 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 15:46 - 2014-06-19 15:45 - 00274664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 15:45 - 2013-11-18 18:37 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-18 18:23 - 2014-06-04 13:46 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-18 18:15 - 2014-06-06 23:23 - 00000000 ____D () C:\Program Files\ImageJ
2014-06-18 18:08 - 2014-06-11 21:33 - 00000000 ____D () C:\Program Files\Canon
2014-06-18 17:58 - 2014-06-14 11:08 - 00000000 ____D () C:\Program Files\Garden Planner 3
2014-06-18 16:57 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-17 21:15 - 2014-06-17 21:15 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  AppData Roa
2014-06-17 19:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-14 20:46 - 2012-12-07 18:38 - 00000000 ____D () C:\Users\George\AppData\Roaming\uTorrent
2014-06-14 20:45 - 2012-10-28 14:04 - 00000000 ____D () C:\Windows\Minidump
2014-06-14 11:09 - 2014-06-14 11:09 - 00000000 ____D () C:\Users\George\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-06-14 09:33 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-06-14 08:35 - 2013-10-08 13:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 19:38 - 2014-06-12 18:58 - 00000000 ____D () C:\Program Files\DriverTuner
2014-06-12 19:31 - 2014-06-12 19:31 - 00000947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
2014-06-12 19:31 - 2014-06-12 19:31 - 00000941 _____ () C:\Users\Public\Desktop\VueScan x32.lnk
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files\PC Drivers HeadQuarters
2014-06-12 16:08 - 2012-10-28 14:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-12 16:08 - 2012-10-28 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-11 15:55 - 2014-04-12 23:54 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-06-11 15:40 - 2012-11-22 17:11 - 00000000 ____D () C:\Program Files\Align It
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Scribble Code
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\dumps
2014-06-09 14:30 - 2013-11-01 15:42 - 00000000 ____D () C:\Users\George\Desktop\Azureus
2014-06-09 12:42 - 2014-03-30 13:07 - 00000000 ____D () C:\Users\George\AppData\Roaming\R-Wipe&Clean
2014-06-09 12:29 - 2014-06-09 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crosstrainer
2014-06-09 09:33 - 2012-11-11 20:12 - 00634958 _____ () C:\Users\George\Documents\AceText Recycle Bin.atc
2014-06-08 14:02 - 2014-06-06 22:22 - 00001829 _____ () C:\Users\Public\Desktop\R-Wipe&Clean.lnk
2014-06-08 13:25 - 2013-08-18 09:26 - 00001811 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2014-06-08 09:35 - 2014-03-26 14:45 - 00000378 _____ () C:\Windows\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000.job
2014-06-07 20:23 - 2014-06-07 20:23 - 188416000 _____ () C:\Users\George\Desktop\ampe.iso
2014-06-07 20:23 - 2014-06-07 20:05 - 00000000 ____D () C:\Program Files\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:08 - 2014-06-07 20:08 - 00001024 ____H () C:\SYSTAG.BIN
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-06-07 20:08 - 2014-06-07 20:06 - 00000082 _____ () C:\Windows\system32\winsevr.dat
2014-06-07 20:05 - 2014-06-07 20:05 - 00001164 _____ () C:\Users\Public\Desktop\AOMEI Backupper Professional Edition 2.0.lnk
2014-06-07 20:05 - 2014-06-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Professional Edition 2.0
2014-06-07 18:51 - 2013-04-30 12:55 - 00000000 ____D () C:\JRT
2014-06-07 15:20 - 2013-10-25 19:41 - 00000957 _____ () C:\Users\George\Desktop\Suche Everything.lnk
2014-06-07 15:20 - 2012-10-28 13:13 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2014-06-07 15:19 - 2012-10-28 11:02 - 00000000 ____D () C:\Program Files\Everything
2014-06-07 15:02 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Tweak-7
2014-06-07 14:32 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Local\Totalidea_Software
2014-06-07 14:30 - 2014-06-07 14:30 - 00001889 _____ () C:\Users\George\Desktop\Tweak-7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001770 _____ () C:\Users\George\Desktop\Shutdown Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Suspend Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Restart Windows 7.lnk
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Windows\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Program Files\Tweak-7
2014-06-07 14:27 - 2014-06-07 14:14 - 00000052 _____ () C:\Windows\system32\actt7.ini
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\OpenSSL-Win32
2014-06-07 13:10 - 2012-10-28 10:40 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-06-06 23:39 - 2014-06-06 23:39 - 00000000 ____D () C:\Program Files\synedra
2014-06-06 23:38 - 2014-06-06 23:38 - 00000000 ____D () C:\Users\George\.imagej
2014-06-06 22:31 - 2012-11-24 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioShell
2014-06-06 22:31 - 2012-11-24 21:44 - 00000000 ____D () C:\Program Files\AudioShell
2014-06-06 22:28 - 2014-06-06 22:28 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-06-06 22:28 - 2014-03-26 14:45 - 00000438 _____ () C:\Users\George\AppData\Local\UserProducts.xml
2014-06-06 13:48 - 2014-06-06 13:48 - 00000000 ____D () C:\Users\George\AppData\Roaming\anyburn
2014-06-06 12:48 - 2014-06-06 12:40 - 00000041 ___SH () C:\ProgramData\.zreglib
2014-06-06 12:38 - 2014-06-06 12:38 - 00000000 ____D () C:\ProgramData\SlySoft
2014-06-06 12:37 - 2014-06-06 12:37 - 00000000 ____D () C:\Program Files\SlySoft
2014-06-06 12:25 - 2014-06-06 12:00 - 00000000 ____D () C:\Users\George\Desktop\Drewes
2014-06-06 11:38 - 2014-05-17 18:30 - 00103744 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BProtectEx.sys
2014-06-05 13:55 - 2014-06-05 13:55 - 00000000 ____D () C:\ProgramData\Opus Professional
2014-06-05 13:54 - 2014-06-05 13:54 - 00001756 _____ () C:\Users\George\Desktop\Opus Pro 9.lnk
2014-06-05 13:54 - 2014-06-05 13:45 - 00000000 ____D () C:\Program Files\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Digital Workshop
2014-06-05 08:07 - 2014-06-07 14:10 - 01177088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-06-05 08:07 - 2014-06-07 14:10 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-06-05 08:07 - 2014-06-07 14:10 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll
2014-06-05 03:06 - 2014-06-05 07:16 - 00113168 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-06-04 14:37 - 2014-06-04 12:53 - 00000000 ____D () C:\Users\George\AppData\Roaming\SideSlide
2014-06-04 14:01 - 2014-06-04 13:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-04 13:54 - 2012-12-05 13:22 - 00000000 ____D () C:\Users\George\Documents\P E R S Ö H N L I C H
2014-06-04 13:42 - 2012-12-23 13:04 - 00000000 ____D () C:\Users\George\AppData\Local\Postbox
2014-06-04 13:39 - 2012-12-23 13:03 - 00000000 ____D () C:\Program Files\Postbox
2014-06-04 13:36 - 2014-06-04 13:36 - 00001779 _____ () C:\Users\Public\Desktop\Postbox.lnk
2014-06-04 13:36 - 2012-12-23 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postbox
2014-06-03 21:43 - 2013-02-06 14:09 - 00000000 ____D () C:\Program Files\Opera
2014-06-03 17:29 - 2013-10-25 19:41 - 00000000 ____D () C:\Users\George\Desktop\bookmarks
2014-06-03 16:37 - 2014-05-03 15:29 - 00000000 ____D () C:\Users\George\AppData\Local\MEGAsync
2014-06-03 12:00 - 2014-06-03 12:00 - 00001259 _____ () C:\Users\Public\Desktop\FlipBook Maker Enterprise.lnk
2014-06-03 12:00 - 2014-04-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kvisoft
2014-06-03 11:58 - 2014-04-01 18:51 - 00000000 ____D () C:\Program Files\kvisoft
2014-06-02 17:56 - 2014-05-15 22:51 - 00001064 _____ () C:\Users\George\Desktop\MEGAsync.lnk
2014-06-02 15:08 - 2013-08-02 11:19 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-06-02 09:57 - 2014-06-02 09:57 - 00859456 _____ (repkasoft) C:\Windows\yowindow.scr
2014-06-01 19:11 - 2013-04-01 14:51 - 00000000 ____D () C:\ProgramData\RFA_Backups
2014-06-01 17:14 - 2013-06-07 19:25 - 00000000 ____D () C:\ProgramData\FILEminimizer
2014-06-01 14:28 - 2013-04-01 14:48 - 00000000 ____D () C:\Program Files\RFA 9
2014-06-01 14:27 - 2014-06-01 14:27 - 00000913 _____ () C:\Users\Public\Desktop\Registry First Aid.lnk
2014-06-01 14:27 - 2014-06-01 14:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 9
2014-05-31 15:08 - 2014-05-31 15:08 - 00003560 ____N () C:\bootsqm.dat
2014-05-31 13:26 - 2014-04-04 13:35 - 00000000 ____D () C:\Users\George\AppData\Roaming\iolo
2014-05-31 13:26 - 2013-11-03 16:10 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-05-31 13:08 - 2014-05-31 13:08 - 00018372 _____ () C:\Users\George\Documents\cc_20140531_130821.reg
2014-05-30 20:37 - 2014-05-30 20:37 - 00000000 ____D () C:\Program Files\FlashDemo.NET
2014-05-30 20:34 - 2014-05-30 20:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\FourthRaySoftware
2014-05-30 20:28 - 2014-05-30 20:28 - 00000000 ____D () C:\FRS
2014-05-30 11:40 - 2013-07-30 22:11 - 00000000 ____D () C:\Users\George\AppData\Local\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000942 _____ () C:\Users\George\Desktop\VKMusic 4.lnk
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\Program Files\VKMusic 4
2014-05-29 20:07 - 2012-12-01 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icaros
2014-05-29 20:07 - 2012-12-01 00:34 - 00000000 ____D () C:\Program Files\Icaros
2014-05-29 12:28 - 2013-11-23 14:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-29 12:26 - 2012-12-11 12:42 - 00000000 ____D () C:\Program Files\Java
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-05-29 10:45 - 2014-05-29 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu PC App Store
2014-05-28 15:09 - 2014-05-17 18:29 - 00000000 ____D () C:\Program Files\Baidu Security
2014-05-28 15:09 - 2014-05-17 18:15 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2014-05-28 15:08 - 2014-05-17 18:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\Baidu Security

Files to move or delete:
====================
C:\ProgramData\whlpusp32.dll
C:\ProgramData\wvG1VtaE.dat


Some content of TEMP:
====================
C:\Users\George\AppData\Local\Temp\HitmanPro.exe
C:\Users\George\AppData\Local\Temp\QTTabBar.exe
C:\Users\George\AppData\Local\Temp\Quarantine.exe
C:\Users\George\AppData\Local\Temp\TBIstRes.dll
C:\Users\George\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-03-02 19:17

==================== End Of Log ============================

--- --- ---

Bartos · 21.06.2014, 18:35

Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by George at 2014-06-21 15:37:47
Running from C:\Users\George\00  R E S U L T
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 2.0.4 - BitTorrent Inc.)
1-abc.net Settings Organizer (Remove only) (HKLM\...\1-abc.net Settings Organizer) (Version:  - )
3D Image Commander 2.20 (HKLM\...\3D Image Commander_is1) (Version:  - binerus)
3D Youtube Downloader (HKLM\...\3D Youtube Downloader) (Version: 1.0.16 - 3DYD Soft)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
8 Skin Pack RTM-X86 (HKLM\...\8 Skin Pack) (Version: RTM-X86 - Skin Pack)
AAA (HKLM\...\SmartDeblur_is1) (Version: 2.0b - )
Ace Stream Media 2.2.4-next (HKCU\...\AceStream) (Version: 2.2.4-next - Ace Stream Media)
AceText 3.1.3 (HKLM\...\AceText) (Version: 3.1.3 - Just Great Software)
Ad Muncher 4.93 Build 33707/4486 (HKLM\...\{0EB5F29D-6CC8-4C3A-B300-96154AB3BCBD}_is1) (Version:  - © Murray Hurps Corp Pty Ltd / Andron1975)
Ad Muncher v4.93.33707 (HKCU\...\Ad Muncher) (Version:  - )
ADinf32 v4.14 (HKLM\...\{D93B1C80-470D-484B-98EC-DC695D06E2BE}) (Version: 4.14.0006 - ADinf Development Team)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Align It! 2.12 (HKLM\...\Align It!_is1) (Version: 2.12 - Digital42, Sandra Erb)
AntispamSniper for TheBat! (HKLM\...\AntispamSniper for TheBat!) (Version:  - )
AOMEI Backupper Professional Edition 2.0 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF55E6C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
A-PDF INFO Changer 2.0 (HKLM\...\A-PDF INFO Changer_is1) (Version:  - A-PDF.com)
A-PDF Restrictions Remover (HKLM\...\A-PDF Restrictions Remover_is1) (Version:  - A-PDF Solution)
Atlantis Word Processor (HKLM\...\Atlantis Word Processor) (Version:  - )
Audiogalaxy (HKCU\...\Audiogalaxy) (Version:  - )
AudioShell 2.0 beta 2 (HKLM\...\AudioShell_is1) (Version: 2.0 beta 2 - Softpointer Inc)
AVS Video Converter 8.5 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.1.4.150 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.1.4.150 - Online Media Technologies Ltd.)
Baidu PC Faster (HKLM\...\Baidu PC Faster 4.0.0.0) (Version: 4.0.7.71692 - Baidu Inc.) <==== ATTENTION
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Beyond Compare 3.3.10 (HKLM\...\BeyondCompare3_is1) (Version: 3.3.10.17762 - Scooter Software)
Brightness Guide 2.0.3 (HKLM\...\Brightness Guide_is1) (Version: 2.0.3 - Tint Guide)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CaptureSaver V4.2.5 (HKLM\...\CaptureSaver_is1) (Version:  - www.CaptureSaver.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CD Audio Reader Filter (remove only) (HKLM\...\CD Audio Reader Filter) (Version:  - )
CFi ShellToys v7.4.0 (HKLM\...\CFi ShellToys XP_is1) (Version: 7.4.0 - Cool Focus International Ltd)
Check&Get 3.4 (HKLM\...\CheckAndGet_2xx_is1) (Version: 3.4 - ActiveURLs)
CHM Editor (HKLM\...\CHM Editor) (Version: 1.4 - )
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
ClipName (HKLM\...\ClipName) (Version:  - )
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
DCoder Image Source (remove only) (HKLM\...\DCoder Image Source) (Version:  - )
Debugging Tools for Windows (x86) (HKLM\...\{D09605BE-5587-4B0C-86C8-69B5092CB80F}) (Version: 6.12.2.633 - Microsoft Corporation)
DeskTopAuthor (HKLM\...\{C27B94AA-60AB-4B50-9D63-0928CDC889C3}) (Version: 7.1.5 - dnaml Pty Ltd)
DiaShow von Helmut Rohrbeck (HKLM\...\DiaShow) (Version:  - Helmut Rohrbeck)
Disk Checker (HKLM\...\Disk Checker) (Version:  - )
Document Express DjVu Plug-in (HKLM\...\{09F72EA9-ECE7-459C-BA6D-BCA10C1B5F7C}) (Version: 6.1.31219 - Caminova, Inc.)
Dokan Library 0.6.0 (HKLM\...\DokanLibrary) (Version:  - )
DokuTool (Non Commercial Edition) (HKLM\...\DokuTool 1.0R6_is1) (Version: 1.0.6.3 - Castelware Software GmbH)
DScaler 5 Mpeg Decoders (HKLM\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
Encrypt My Folder (HKLM\...\Encrypt My Folder) (Version:  - )
Enterra Icon Keeper Deluxe 1.1 (HKLM\...\Enterra Icon Keeper Deluxe_is1) (Version:  - Enterra, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Everything 1.3.4.662b (x86) (HKLM\...\Everything) (Version:  - )
Exif Tag Remover 5.0 (HKLM\...\Exif Tag Remover_is1) (Version:  - RL Vision)
FastImageResizer (remove only) (HKLM\...\FastImageResizer) (Version:  - )
FeedDemon (HKLM\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
FenrirFS 2.4.7 (HKLM\...\FenrirFS_is1) (Version:  - Fenrir Inc.)
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
File Property Edit Pro (HKCU\...\File Property Edit Pro) (Version: 3.80 - foryoursoft)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FilerFrog (HKLM\...\{29294ED4-4606-4DAD-B49A-359D12337ED3}) (Version: 2.2.0 - FilerFrog)
FileSearchEX (HKLM\...\FileSearchEX) (Version: 1.0.8.9 - GOFF Concepts LLC)
Fireplace Screensaver (HKLM\...\Fireplace Screensaver) (Version:  - )
Flame Painter 2 Pro 2.5 (HKLM\...\Flame Painter 2 Pro_is1) (Version: 2.5 - Escape Motions, s.r.o)
Flash Player Pro V5.7 (HKLM\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Flip Image (HKLM\...\Flip Image_is1) (Version:  - Flipbuilder Solution)
Flip Writer (HKLM\...\Flip Writer_is1) (Version:  - Flipbuilder Solution)
FlipBook Maker Pro 3.6.8 (HKLM\...\FlipBook Maker Pro_is1) (Version: 3.6.8 - Kvisoft Co,. Ltd)
Flipbook Maker Pro 4.0.0 (HKLM\...\Kvisoft Flipbook Maker Pro_is1) (Version: 4.0.0 - kvisoft.com)
Flipbook Maker4.0.0 (HKLM\...\Kvisoft FlipBook Maker Enterprise_is1) (Version: 4.0.0 - kvisoft.com)
FlipCreator (version 4.6.2.5) (HKLM\...\FlipCreator_is1) (Version:  - Alive Software, Inc.)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 6.0.0202 (HKLM\...\FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1) (Version:  - Aone Software)
FMS Empty File Remover 2.9.1 (HKLM\...\{1C363729-80C0-43D6-A975-6C2BC18A5708}_is1) (Version:  - FileManagerSoft Ltd.)
FMS Empty Folder Remover 1.9.1 (HKLM\...\{B8AA2821-ECF5-496C-BBC1-45B66B56B049}_is1) (Version:  - FileManagerSoft Ltd.)
Folder Actions 1.1 for Windows (HKLM\...\Folder Actions 1.1 for Windows_is1) (Version:  - Leonid Parshukov)
Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)
FolderHighlight 2.4 (HKLM\...\FolderHighlight_is1) (Version: 2.4 - eRiverSoft)
FotoBeschriften 4.2.2.425 (HKLM\...\FotoBeschriften_is1) (Version: 4.2.2.425 - SpeedySoft)
Fresh Flash Catalog 3.7 (HKLM\...\{686D28EC-CD2A-4033-A98D-A50CB2A49D8D}_is1) (Version:  - Gokhan Bulut)
Gabest MPEG Splitter (remove only) (HKLM\...\Gabest MPEG Splitter) (Version:  - )
GiliSoft Privacy Protector 4.1 (HKLM\...\{E282A694-F6F9-46DC-AFA4-023EEF08708F}}_is1) (Version: 4.1 - Gilisoft International LLC.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
GreedyTorrent v1.01 beta build 170 (HKLM\...\GreedyTorrent_is1) (Version:  - Alex N J (www.alexnj.com))
Gyazo 2.0.1 (HKLM\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
HashOnClick (HKLM\...\HashOnClick_is1) (Version:  - 2BrightSparks)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
HideGuard VPN 2.2.0.0 (HKLM\...\{A7BD5DA5-85A2-4FA6-8270-DDEDDBE51379}}_is1) (Version:  - iTVA LLC)
Hot Virtual Keyboard 8.1.5.0 (HKLM\...\{0F896F26-E9C0-4331-BB90-28CDDA490C93}_is1) (Version: 8.1 - Comfort Software Group)
HyperSnap 7 (HKLM\...\HyperSnap 7) (Version: 7.26.01 - Hyperionics Technology LLC)
Icaros 2.2.5 (HKLM\...\Icaros_is1) (Version: 2.2.5.301 - Tabibito Technology)
IcoFX 2.3.1 (HKLM\...\IcoFX 2_is1) (Version:  - )
Image Comparer v3.8 (HKLM\...\{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1) (Version: 3.8 - Bolide Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - )
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5273 - IncrediMail Ltd.)
IncrediMail JunkFilter Plus (HKLM\...\JunkFilterPlus) (Version: 6001167 - IncrediMail Ltd.)
Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iolo technologies' System Mechanic Business (HKLM\...\{ED8F147C-7306-416E-AE7D-86DBC731622A}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iPixSoft Flash Slideshow Creator (4.3.0.0) (HKLM\...\iPixSoft Flash Slideshow Creator_is1) (Version: 4.3.0.0 - iPixSoft)
iPixSoft Video Slideshow Maker (3.3.0.0) (HKLM\...\iPixSoft Video Slideshow Maker_is1) (Version: 3.3.0.0 - iPixSoft)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.8.05.13 - Oracle, Inc.) Hidden
JSignPdf 1.5.1 (HKLM\...\JSignPdf_is1) (Version: 1.5.1 - Josef Cacek)
just another nasty editor (HKLM\...\just another nasty editor) (Version: 1.68.0.0 - TryAndError, Inc. / AreYouParanoid? :))
jv16 PowerTools 2014 (HKLM\...\jv16 PowerTools 2014) (Version:  - Macecraft Software)
K-Lite Mega Codec Pack 10.5.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
Kompas (HKLM\...\Kompas) (Version: 0.1.2 - Humanity)
Kvisoft Flash Slideshow Designer 1.6.0 (HKLM\...\Kvisoft Flash Slideshow Designer_is1) (Version: 1.6.0 - Kvisoft Co.,Ltd.)
Lazesoft Recovery Suite version 3.3 Unlimited Edition (HKLM\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 3.3 - Lazesoft)
Letasoft Sound Booster Version 1.1 (HKLM\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.1 - Letasoft LLC)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
LucisArt 3.0.5 ED/SE (HKLM\...\{CB30938E-2BCE-4837-9FEB-EB5DAB000235}) (Version: 3.0.5.0 - Image Content Technology)
LuraTech PDF Compressor Desktop 6.1.2.5 (HKLM\...\{DDD86B37-FF0A-4FCC-A415-0B69714F9901}) (Version: 6.1.2005 - LuraTech Imaging GmbH)
Machete 4.0 (HKLM\...\{5E305628-4161-4234-B718-D13623DE66C1}) (Version: 4.0.22 - MacheteSoft)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6427 - Paramount Software (UK) Ltd.) Hidden
Macrorit Disk Scanner 2013 (HKLM\...\Macrorit Disk Scanner) (Version: 2013 - Macrorit Inc.)
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
MagicYUV Lossless Video Codec version 0.9alpha (HKLM\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 0.9alpha - INNOMAGIC, Ltd.)
Mail.Ru Cloud (HKLM\...\{776AF05B-784A-416F-B14C-31A1FBAF8B19}_is1) (Version: 15.01.0015 - Mail.Ru Group) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MAXA Cookie Manager Pro 5.3 (HKLM\...\MAXA Cookie Manager_is1) (Version:  - MAXA)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.0.4000 - Maxthon International Limited)
MediaDrug (HKLM\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B0) (Version: 1.0 - MediaDrug)
MediaTab (HKLM\...\MediaTab) (Version: 1.2 - Juan Manuel Lozano Contreras)
MEGAsync 1.0.22 (HKLM\...\MEGAsync) (Version: 1.0.22 - Mega Limited)
MetaProducts Inquiry (HKLM\...\metaprodInq) (Version:  1.11.600 beta [build 0.18] - evgen_Ú)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Research Project Colletta (Version: 3.0.0.0 - Microsoft Research Ltd) Hidden
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsys Launcher (HKLM\...\560CEE382FE04EEE8EE428712CD776BE_is1) (Version: 2.0.0 - Micro-Sys ApS)
MirrorFolder 5.0.294.116 (Retail) (HKLM\...\ce876f80-8a31-11d4-b9d2-002018382069_is1) (Version: 5.0.294.116 - Techsoft)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0a1 - Mozilla)
MP3Cover (HKLM\...\MP3Cover) (Version:  - )
MP3-Info extension V3.4.25 (HKLM\...\MP3-Info extension_is1) (Version: 3.4.25 - Fabian Cenedese)
MP3jam 1.0.0.2 (HKLM\...\MP3jam_is1) (Version: 1.0.0.2 - MP3jam)
Mp3tag v2.58 (HKLM\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MRU-Blaster v1.5 (Database 3.28.04) (HKLM\...\MRU-Blaster_is1) (Version: 1.5 - BrightFort LLC)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Nightly 28.0a1 (x86 en-US) (HKLM\...\Nightly 28.0a1 (x86 en-US)) (Version: 28.0a1 - Mozilla)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
OkayFreedom (HKLM\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.1 - Steganos Software GmbH)
OnTranslator (HKLM\...\OnTranslator) (Version: 1.0.140 - )
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
OpenSSL 1.0.1h Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 20.0.1387.91 (HKLM\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
Opera Stable 21.0.1432.57 (HKLM\...\Opera 21.0.1432.57) (Version: 21.0.1432.57 - Opera Software ASA)
Opus Pro 9 (HKLM\...\Opus Pro 9) (Version: 9 - Digital Workshop)
Pale Moon 24.5.0 (x86 en-US) (HKLM\...\Pale Moon 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
PDF Creator Pilot 4.3  (HKLM\...\{467D4F46-B75D-4E9F-B710-D933D687B9BD}) (Version: 4.3 - Two Pilots)
PDF Page Delete 1.1 (HKLM\...\PDF Page Delete_is1) (Version:  - PDF Page Delete)
PDF-Tools 4 (HKLM\...\{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1) (Version: 4.0.214.2 - Tracker Software Products Ltd)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd)
PDF-XChange 2012 Pro (HKLM\...\{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1) (Version: 5.0.273.2 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM\...\{2eef0fe2-cc4a-47d6-959c-de2d5c2cc40b}) (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.) Hidden
PerfectTUNES (HKLM\...\PerfectTUNES) (Version: Release 1 Unregistered - Cloud Audio)
PhotoFiltre Studio X (HKCU\...\PhotoFiltre Studio X) (Version:  - )
Photoupz 1.7.1 (HKLM\...\Photoupz) (Version: 1.7.1 - EvenPixel Ltd)
PicPick (HKLM\...\PicPick) (Version: 3.3.3 - NTeWORKS)
PicturesToExe 8.0 (HKLM\...\{A254D625} PicturesToExe 8.0_is1) (Version: 8.0.3 - WnSoft)
POP Peeper (HKLM\...\POP Peeper) (Version:  - Mortal Universe)
Postbox (3.0.11) (HKLM\...\Postbox (3.0.11)) (Version: 3.0.11 (en-US) - Postbox, Inc.)
Primg version 1.2.1.2 (HKLM\...\Primg_is1) (Version: 1.2.1.2 - Hiroshi Inagaki)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.2 - PWI, Inc.)
PrivaZer (HKLM\...\PrivaZer) (Version: 2.21.1.0 - Goversoft LLC)
PrivitizeVPN (HKLM\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION
Project Colletta (HKLM\...\{d6074b06-1636-45dd-bf35-baf3e6d131d2}) (Version: 3.0.0.0 - Microsoft Research Ltd)
Project ROME (HKLM\...\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 0.9.0 (157403) - Adobe Systems Incorporated.)
PS Tray Factory 3.2 (HKLM\...\PS Tray Factory_is1) (Version:  - PS Soft Lab)
PSD Codec by Ardfry Imaging, LLC (32 bit) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.6.1.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.6.1.0 - Ardfry Imaging, LLC)
QTranslate 5.3.1 (HKLM\...\QTranslate) (Version: 5.3.1 - QuestSoft)
RadioSure (HKCU\...\RadioSure) (Version:  - )
Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version:  - )
Registry Crawler (HKLM\...\Registry Crawler) (Version:  - )
Registry First Aid 9 (HKLM\...\RFA9_is1) (Version: 9.3.0 - RoseCitySoftware)
Registry Trash Keys Finder (Freeware) (HKLM\...\Registry Trash Keys Finder) (Version: 3.9.2.1 - SNC)
RegVac Registry Cleaner 5.02 (Registered Version) (HKLM\...\RegVac Registry Cleaner (Registered Version)_is1) (Version:  - Super Win Software, Inc.)
Resonic Alpha (HKLM\...\Resonic Alpha) (Version: 0.58.0.999 - Liqube)
RidNacs 2.0.3 (HKLM\...\RidNacs_is1) (Version:  - Stephan Plath)
Right Click Enhancer Professional 4.1.4 (HKLM\...\Right Click Enhancer Professional) (Version: 4.1.4 - RBSoft, Inc.)
Rio Internet Update (HKLM\...\{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}) (Version: 2.90 - Rio Audio)
Rio Music Manager (HKLM\...\{282EF7E3-AE54-48AE-A11D-27F512F23AB3}) (Version: 2.90 - Rio Audio)
RoboForm 7-9-7-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-7-5 - Siber Systems)
R-Wipe&Clean 10.3 (HKLM\...\R-Wipe&Clean_is1) (Version:  - R-tools Technology Inc.)
Sandboxie 4.06 (32-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Screenpresso (HKCU\...\Screenpresso) (Version: 1.4.2.0 - LearnPulse)
Secret Notes version 1.2.1 (HKLM\...\{E5618ECE-CFCC-489B-BC91-3CC0AAC0B253}_is1) (Version: 1.2.1 - Softorino)
SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version:  - )
SendTo-Convert version 2.7.1.4 (HKLM\...\SendTo-Convert_is1) (Version: 2.7.1.4 - Hiroshi Inagaki)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.519 - ShadowDefender.com)
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
ShadowProtect Desktop (Version: 4.15.9340 - StorageCraft) Hidden
ShareX 9.0.0 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 9.0.0 - ShareX Developers)
Sigil 0.6.1 (HKLM\...\Sigil_is1) (Version:  - John Schember)
SkinPack 9-win7-ver1 (HKLM\...\SkinPack) (Version: 9-win7-ver1 - SkinPack)
Smart Mail Notifier v2.0 (HKLM\...\Smart Mail Notifier_is1) (Version: 2.0 - Smart PC Solutions)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 1.00.9376 - SoftEther Project)
Sohodox 8.3 (HKLM\...\Sohodox_is1) (Version: 8 - ITAZ)
Sound Normalizer 5.72 (HKLM\...\Sound Normalizer_is1) (Version: 5.72 - Kanz Software)
Stanza (HKLM\...\Stanza) (Version:  - )
Stickies 7.1e (HKLM\...\ZhornStickies) (Version:  - Zhorn Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBackPro (HKLM\...\SyncBackPro_is1) (Version: 6.5.38.0 - 2BrightSparks)
SysTrayX (HKLM\...\SysTrayX) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Bat! Professional v6.4.6 (HKLM\...\{F2A4C568-45FB-49DE-BEF3-304E870E3A2F}) (Version: 6.4.6 - Ritlabs)
Thumbnail me 3.0 (HKCU\...\Thumbnail me 3.0) (Version:  - )
Toolwiz FlipBook (HKLM\...\Toolwiz FlipBook_is1) (Version: 1.5.0.0 - Toolwiz)
TP-LINK Client Installation Program (Version: 7.0 - TP-LINK) Hidden
TreePad Business Edition 8.1 (HKLM\...\TreePadBiz) (Version:  - )
Trojan Remover 6.9.1.2929 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software)
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 6.6.3 beta - Tordex)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
TunnelBear (HKLM\...\{2871e92a-2f78-488c-89a4-cabdf26de1d3}) (Version: 2.2.17.0 - TunnelBear)
TunnelBear (Version: 2.2.17.0 - TunnelBear) Hidden
TVgenial 4.10 (HKLM\...\TVgenial) (Version:  - )
Tweak-7 (HKLM\...\Tweak-7) (Version: 1.0 build 1175 - Totalidea Software)
TweakNow PowerPack (HKLM\...\TweakNow PowerPack_is1) (Version: 4.3.0 - TweakNow.com)
UFS Explorer Professional Recovery, version 5.11.1 (HKLM\...\UFS Explorer Professional Recovery (version 5)_is1) (Version: 5.11.1 - LLC "SysDev Laboratories")
UltimateDefrag (HKLM\...\UltimateDefrag) (Version: 4.0.98.0 - DiskTrix, Inc.)
Ultra Video Converter 5.5.0401 (HKLM\...\Ultra Video Converter_is1) (Version:  - Aone Software)
UltraChm 1.0 (HKLM\...\UltraChm) (Version: 1.0 - UltraChm company, Inc.)
uMark 5 (HKLM\...\uMark) (Version: 5.0 - Uconomix)
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 6.3 - fCoder Group, Inc.)
Unknown Device Identifier 8.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.01 - Huntersoft)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
USB Safely Remove 5.2 (HKLM\...\USB Safely Remove_is1) (Version:  - SafelyRemove.com)
uTorrent Turbo Booster (HKLM\...\uTorrent Turbo Booster) (Version: 4.0.2.0 - DownloadBoosters LLC)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VeryPDF Flipbook Maker v2.0 (HKLM\...\VeryPDF Flipbook Maker v2.0_is1) (Version:  - VeryPDF.com Company)
VisiPics V1.31 (HKLM\...\VisiPics_is1) (Version:  - Ozone)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VKMusic 4 (HKLM\...\VKMusic 4_is1) (Version: 4.59 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VPNium  (HKLM\...\VPNium) (Version:  - )
VT Hash Check 1.42 (HKLM\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.42 - Boredom Software)
VueScan x32 (HKLM\...\VueScan x32) (Version:  - )
Watermark Factory 2 (HKLM\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version:  - WatermarkFactory.com)
Watermark Software (HKCU\...\WatermarkSoftware) (Version:  - Watermark Software. All Rights Reserved.)
Web Research Network Add-on (HKLM\...\{DD76AABA-7E4E-4EB6-ACD3-990347356B31}) (Version: 2.80.0336 - macropool GmbH)
WebResearch 3 (HKLM\...\{BD42A7E4-1104-411D-80A9-8E75DE5D9741}) (Version: 3.10.4912 - macropool GmbH)
Win8.1 SkinPack X86 (HKLM\...\Win8.1 SkinPack) (Version: X86 - SkinPack)
Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8023xp) Net  (07/23/2009 6.111.0723.2009) (HKLM\...\E8D765D6F2FD9EF4896D3FB22C0A204D56298D28) (Version: 07/23/2009 6.111.0723.2009 - Realtek Semiconductor Corp.)
WindowTabs (HKLM\...\{8FB716E9-A14D-4983-8DE0-818CFFF24658}) (Version: 0.0.60 - Bemo Software, Inc.)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WonderFox Photo Watermark (HKCU\...\WonderFoxPhotoWatermark) (Version:  - WonderFox Soft. All Rights Reserved.)
Wondershare MobileGo for Android ( Version 2.0.1 ) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 2.0.1 - Wondershare)
Word Artist 2.0 (HKLM\...\{8CB66CF8-F0FC-4EE1-BC98-9EC1EA6F0486}) (Version: 2.0 - Fotoview)
XFlip 2.0.1 (HKLM\...\XFlip Pro_is1) (Version: 2.0.1 - xflip.com)
XnView 2.22 (HKLM\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
XnViewMP 0.64 (HKLM\...\XnViewMP_is1) (Version: 0.64 - Gougelet Pierre-e)
xp-AntiSpy 3.98-2 (HKLM\...\xp-AntiSpy) (Version:  - Christian Taubenheim)
X-Proxy (HKCU\...\e9149030bbc2ac48) (Version: 5.2.0.3 - Sauces Software)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
YoWindow (HKLM\...\yowindow) (Version: 3 - RepkaSoft)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )
Zoom Player deutsche Sprachdateien (entfernen) (HKLM\...\ZoomPlayer_German) (Version:  - )
Zoom Player Russian language (remove only) (HKLM\...\ZoomPlayer_Russian) (Version:  - )
ЛовиВконтакте 3.2.0.0 (HKLM\...\{FD655D52-4E33-40CB-A4D9-21F99DA70712}}_is1) (Version:  - iTVA LLC.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-14 09:52 - 00002351 ____A C:\Windows\system32\Drivers\etc\hosts
	127.0.0.1 tonec.com
	127.0.0.1 www.tonec.com
	127.0.0.1 registeridm.com
	127.0.0.1 www.registeridm.com
	127.0.0.1 secure.registeridm.com
	127.0.0.1 internetdownloadmanager.com
	127.0.0.1 www.internetdownloadmanager.com
	127.0.0.1 secure.internetdownloadmanager.com
	127.0.0.1 www.secure.internetdownloadmanager.com
	127.0.0.1 mirror.internetdownloadmanager.com
	127.0.0.1 www.mirror.internetdownloadmanager.com
	127.0.0.1 mirror2.internetdownloadmanager.com
	127.0.0.1 www.mirror2.internetdownloadmanager.com
	127.0.0.1 mirror3.internetdownloadmanager.com
	127.0.0.1 www.mirror3.internetdownloadmanager.com
	127.0.0.1 validation.sls.microsoft.com
     127.0.0.1 174.133.70.101:443 
     127.0.0.1 174.133.70.101:80 
     127.0.0.1 174.133.70.98 
     127.0.0.1  *internetdownloadmanager.com/data/395012712/register.cgi 
      127.0.0.1  *registeridm.com*
	127.0.0.1 sublimetext.com
	127.0.0.1 www.sublimetext.com
      127.0.0.1 foryoursoft.com
      127.0.0.1 formessengers.com
      127.0.0.1 www.radiosure.com
      127.0.0.1 activation.acronis.com 
      127.0.0.1 support.wondershare.net
      127.0.0.1 www.wondershare.net
      127.0.0.1 support.wondershare.com
      127.0.0.1 www.wondershare.com
      127.0.0.1 www.hamrick.com
      127.0.0.1 stats.hamrick.com
      127.0.0.1 static.hamrick.com
      127.0.0.1 server-54-230-97-253.arn1.r.cloudfront.net

==================== Scheduled Tasks (whitelisted) =============

Task: {09570B1A-14BB-44AC-8CAB-7B68E93AC280} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)
Task: {0F608FDE-6036-49A1-A50E-8C002589EE09} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic Business\iologovernor.exe [2013-12-04] (iolo technologies, LLC)
Task: {128127EF-57FE-41D5-9AC1-CB53011BCA86} - \GoogleUpdateTaskUserS-1-5-21-3944665068-2704869593-2486753056-1000Core No Task File <==== ATTENTION
Task: {1CEEC936-3839-4AD7-9AF6-46509747BDDD} - System32\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: {4A589E1A-179E-4AA1-8BA4-B58F3358527B} - System32\Tasks\Baidu PC Faster Update => C:\Program Files\Baidu Security\PC Faster\4.0.0.0\Updater.exe [2014-06-06] (Baidu Inc.)
Task: {4D2FF0DB-9245-4A61-B080-88A7A737FA5F} - \{2CA3B5DE-7774-437B-A36A-C2712266C77A} No Task File <==== ATTENTION
Task: {52DCADF7-033E-48C9-AF6E-DA9012D0C018} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {59819765-5525-47C0-8EE3-72ED45C955BE} - System32\Tasks\Baidu PC Faster Service => C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [2014-06-06] (Baidu Inc.)
Task: {5D9317A8-208E-4A4E-AEE6-A207BBF62486} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C7251DC-4F76-4FBF-85F2-A10A2F5F8A44} - \GoogleUpdateTaskUserS-1-5-21-3944665068-2704869593-2486753056-1000UA No Task File <==== ATTENTION
Task: {70542A51-2B78-40F4-8820-374369D1D464} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {97E9E9E8-1185-4E51-86F4-ABB841136AD2} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {BA4D3980-A9B5-4200-B679-7725F045B808} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMPMNMJMLMKLJMLLMMCNOMHMKLMMCNJLHMPMMLCNNLOLKLNMCNLMNMMLKLLLLLKMMMNMMLHMOMJNJICMIMCNHMCNMMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMJMJMJMJNHICMEKMICNJJCKJNBJCMILKJAJNIIJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {CF2863FC-D335-4387-BB4E-AA2AA8E2D41E} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {F3DFFDE9-6F58-4D72-ADA5-D9263F4E1A9D} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2014-05-14] (Maxthon International ltd.)
Task: {F45CB7D8-7A07-4332-908A-323157C4477C} - System32\Tasks\Opera scheduled Autoupdate 1380044755 => C:\Program Files\Opera Developer\launcher.exe
Task: {FDA56282-9D40-4F98-B6F7-A9FBDF98A578} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-09-15 10:42 - 2012-09-15 10:42 - 00091648 _____ () C:\Program Files\MacType\EasyHK32.dll
2014-04-15 04:21 - 2014-06-06 11:47 - 00594112 _____ () C:\Program Files\Baidu Security\PC Faster\4.0.0.0\sqlite.dll
2013-03-12 14:37 - 2012-10-16 11:27 - 00522912 _____ () C:\Program Files\Letasoft Sound Booster\Filters\gain.dll
2013-10-16 15:42 - 2010-04-26 02:18 - 00053248 _____ () C:\Program Files\PS Tray Factory\HKDll.dll
2012-11-10 17:56 - 2009-01-12 08:15 - 00071096 _____ () C:\Windows\system32\NMSAccessU.exe
2014-04-15 15:59 - 2014-04-15 15:59 - 00568120 _____ () C:\Program Files\TuneUp Utilities 2014\avgreplibx.dll
2012-11-10 16:32 - 2010-11-28 10:43 - 00236544 _____ () C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe
2013-07-04 21:09 - 2013-07-04 21:09 - 00348672 _____ () C:\Program Files\POP Peeper\sqlite3.dll
2013-07-25 01:04 - 2013-07-25 01:04 - 00110080 _____ () C:\Program Files\POP Peeper\zip.dll
2014-03-04 19:32 - 2014-01-20 09:48 - 02611808 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2014-03-04 19:33 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
2014-03-04 19:33 - 2014-01-04 19:20 - 00249344 _____ () C:\Program Files\Rainlendar2\libical.dll
2014-03-04 19:32 - 2014-01-20 09:48 - 00060512 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-03-04 19:33 - 2014-01-04 19:00 - 00065024 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2014-03-04 19:33 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
2011-02-23 17:08 - 2011-02-23 17:08 - 00080384 _____ () C:\Program Files\FileBX\FbxRes.dll
2013-09-29 14:46 - 2002-08-13 06:09 - 00684032 _____ () C:\Program Files\Smart PC Solutions\Smart Mail Notifier\libeay32.dll
2013-09-29 14:46 - 2002-08-13 06:10 - 00155648 _____ () C:\Program Files\Smart PC Solutions\Smart Mail Notifier\ssleay32.dll
2014-04-01 07:41 - 2014-01-10 11:26 - 03014656 _____ () C:\Program Files\WindowTabs\WindowTabs.exe
2013-01-10 06:30 - 2014-06-07 03:23 - 01042432 _____ () C:\Program Files\Everything\Everything.exe
2013-07-31 12:40 - 2012-02-06 16:28 - 00053248 _____ () C:\Program Files\GiliSoft\Privacy Protector\FileLockPlugin.dll
2013-07-31 12:40 - 2012-02-08 14:23 - 00708608 _____ () C:\Program Files\GiliSoft\Privacy Protector\KernalUI.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Program Files\Sohodox Desktop:{36007700-3300-6800-3100-33004D004B00}
AlternateDataStreams: C:\Windows\MSI Package Builder 4 Enterprise.xml:MSI_Package_Builder
AlternateDataStreams: C:\Windows\win.ini:WINDOWS
AlternateDataStreams: C:\Windows\system32\desktop.ini:WIN64
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\Users\George\Documents\-----A P P S-----:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\-----A P P S-----:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\----Kostenlos Faxe verschicken----:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\----Kostenlos Faxe verschicken----:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\A N D R O I D +W I N  Tools+Stream:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\A N D R O I D +W I N  Tools+Stream:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Add-in Express:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Add-in Express:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:OECustomProperty
AlternateDataStreams: C:\Users\George\Documents\Anki:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Anki:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Atlantis:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Atlantis:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Calibre Bibliothek:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Calibre Bibliothek:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Calibre Portable:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Calibre Portable:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\CaptureSaver:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\CaptureSaver:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Englische Schimpfwörter:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Englische Schimpfwörter:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Google mit anderen Mail verbinden:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Google mit anderen Mail verbinden:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\IC3:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\IC3:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\INFO+Haushalt:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\INFO+Haushalt:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Micro-Sys:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\mobile:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\My Digital Editions:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\P E R S Ö H N L I C H:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Ratgeber Photovoltaik:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\SecretNotes:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\ShareX:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\SMA Off-Grid Configurator v.1.09 - Solarenergie:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Web Research:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Web-Recherchen:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\webkit:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Weihnachten+Christmas Tree 1.8 - Portable:doo_mRJtPQVz

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: Adjuster => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: FolderSize => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^百度云管家.lnk => C:\Windows\pss\百度云管家.lnk.Startup
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: RoboForm => 

==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-06-20 21:50:46.431
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-20 21:50:46.376
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-20 21:50:45.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-20 21:50:45.734
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 2047.55 MB
Available physical RAM: 921.78 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 2767.83 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.96 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:319.18 GB) (Free:94.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (BIE) (Fixed) (Total:146.48 GB) (Free:81.57 GB) NTFS
Drive g: (SATA) (Fixed) (Total:76.68 GB) (Free:44.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 77 GB) (Disk ID: 96BF04FF)
Partition 1: (Not Active) - (Size=77 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 1D79DA50)
Partition 1: (Active) - (Size=319 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus · 21.06.2014, 20:14

JRT bitte wiederholen. Neu runterladen und per Rechtsklick als Administrator ausführen

Bartos · 22.06.2014, 17:54

Im vierten Versuch (im abgesicherten Modus) hat es jetzt mit JRT geklappt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x86
Ran by George on 22.06.2014 at 13:17:17,12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\George\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\extensions\staged
Successfully deleted the following from C:\Users\George\AppData\Roaming\mozilla\firefox\profiles\nahd6ha2.default\prefs.js

user_pref("extensions.searchtermhighlighter.setail", "ebay+_nkw|google+q|bing+q|amazon+field-keywords|gigablast+q|lycos+q|search+p|yahoo+p|wikipedia+search|ask+q");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.06.2014 at 13:38:18,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner von heute:

Code:

ATTFilter

# AdwCleaner v3.212 - Bericht erstellt am 22/06/2014 um 16:43:47
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzername : George - GEORGE-PC
# Gestartet von : C:\Users\George\00  R E S U L T\adwcleaner_3.212.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

[ Datei : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [25595 octets] - [20/10/2013 14:02:54]
AdwCleaner[R1].txt - [25715 octets] - [20/10/2013 15:09:13]
AdwCleaner[R2].txt - [25835 octets] - [20/10/2013 15:24:16]
AdwCleaner[R3].txt - [3562 octets] - [20/10/2013 15:28:41]
AdwCleaner[R4].txt - [2748 octets] - [20/10/2013 15:40:36]
AdwCleaner[R5].txt - [6818 octets] - [06/11/2013 17:15:50]
AdwCleaner[R6].txt - [13020 octets] - [20/06/2014 22:09:24]
AdwCleaner[R7].txt - [12413 octets] - [21/06/2014 10:16:46]
AdwCleaner[R8].txt - [1597 octets] - [22/06/2014 13:14:34]
AdwCleaner[S0].txt - [360 octets] - [20/10/2013 14:44:11]
AdwCleaner[S1].txt - [360 octets] - [20/10/2013 15:14:11]
AdwCleaner[S2].txt - [25946 octets] - [20/10/2013 15:26:15]
AdwCleaner[S3].txt - [3608 octets] - [20/10/2013 15:32:53]
AdwCleaner[S4].txt - [12487 octets] - [21/06/2014 10:26:11]
AdwCleaner[S5].txt - [1518 octets] - [22/06/2014 16:43:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1578 octets] ##########

Addition.txt von heute:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-06-2014 01
Ran by George at 2014-06-22 18:45:08
Running from C:\Users\George\00  R E S U L T
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Privatefirewall (Disabled) {16337F50-A853-219F-6DEC-E7BDA0A7E8E7}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 2.0.4 - BitTorrent Inc.)
1-abc.net Settings Organizer (Remove only) (HKLM\...\1-abc.net Settings Organizer) (Version:  - )
3D Image Commander 2.20 (HKLM\...\3D Image Commander_is1) (Version:  - binerus)
3D Youtube Downloader (HKLM\...\3D Youtube Downloader) (Version: 1.0.16 - 3DYD Soft)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
8 Skin Pack RTM-X86 (HKLM\...\8 Skin Pack) (Version: RTM-X86 - Skin Pack)
AAA (HKLM\...\SmartDeblur_is1) (Version: 2.0b - )
Ace Stream Media 2.2.4-next (HKCU\...\AceStream) (Version: 2.2.4-next - Ace Stream Media)
AceText 3.1.3 (HKLM\...\AceText) (Version: 3.1.3 - Just Great Software)
Ad Muncher 4.93 Build 33707/4486 (HKLM\...\{0EB5F29D-6CC8-4C3A-B300-96154AB3BCBD}_is1) (Version:  - © Murray Hurps Corp Pty Ltd / Andron1975)
Ad Muncher v4.93.33707 (HKCU\...\Ad Muncher) (Version:  - )
ADinf32 v4.14 (HKLM\...\{D93B1C80-470D-484B-98EC-DC695D06E2BE}) (Version: 4.14.0006 - ADinf Development Team)
Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Align It! 2.12 (HKLM\...\Align It!_is1) (Version: 2.12 - Digital42, Sandra Erb)
AntispamSniper for TheBat! (HKLM\...\AntispamSniper for TheBat!) (Version:  - )
AOMEI Backupper Professional Edition 2.0 (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF55E6C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
A-PDF INFO Changer 2.0 (HKLM\...\A-PDF INFO Changer_is1) (Version:  - A-PDF.com)
A-PDF Restrictions Remover (HKLM\...\A-PDF Restrictions Remover_is1) (Version:  - A-PDF Solution)
Atlantis Word Processor (HKLM\...\Atlantis Word Processor) (Version:  - )
Audiogalaxy (HKCU\...\Audiogalaxy) (Version:  - )
AudioShell 2.0 beta 2 (HKLM\...\AudioShell_is1) (Version: 2.0 beta 2 - Softpointer Inc)
AVS Video Converter 8.5 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.1.4.150 (HKLM\...\AVS Video ReMaker_is1) (Version: 4.1.4.150 - Online Media Technologies Ltd.)
Bass Audio Decoder (remove only) (HKLM\...\Bass Audio Decoder) (Version:  - )
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Beyond Compare 3.3.10 (HKLM\...\BeyondCompare3_is1) (Version: 3.3.10.17762 - Scooter Software)
Brightness Guide 2.0.3 (HKLM\...\Brightness Guide_is1) (Version: 2.0.3 - Tint Guide)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
CaptureSaver V4.2.5 (HKLM\...\CaptureSaver_is1) (Version:  - www.CaptureSaver.com)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CD Audio Reader Filter (remove only) (HKLM\...\CD Audio Reader Filter) (Version:  - )
CFi ShellToys v7.4.0 (HKLM\...\CFi ShellToys XP_is1) (Version: 7.4.0 - Cool Focus International Ltd)
Check&Get 3.4 (HKLM\...\CheckAndGet_2xx_is1) (Version: 3.4 - ActiveURLs)
CHM Editor (HKLM\...\CHM Editor) (Version: 1.4 - )
Classic Shell (HKLM\...\{E0E49E80-19DE-43FE-BFF2-8C58DDF3C7F9}) (Version: 4.1.0 - IvoSoft)
ClipName (HKLM\...\ClipName) (Version:  - )
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CyberGhost 5 (HKLM\...\CyberGhost VPN 5_is1) (Version:  - CyberGhost S.R.L.)
DCoder Image Source (remove only) (HKLM\...\DCoder Image Source) (Version:  - )
Debugging Tools for Windows (x86) (HKLM\...\{D09605BE-5587-4B0C-86C8-69B5092CB80F}) (Version: 6.12.2.633 - Microsoft Corporation)
DeskTopAuthor (HKLM\...\{C27B94AA-60AB-4B50-9D63-0928CDC889C3}) (Version: 7.1.5 - dnaml Pty Ltd)
DiaShow von Helmut Rohrbeck (HKLM\...\DiaShow) (Version:  - Helmut Rohrbeck)
Disk Checker (HKLM\...\Disk Checker) (Version:  - )
Document Express DjVu Plug-in (HKLM\...\{09F72EA9-ECE7-459C-BA6D-BCA10C1B5F7C}) (Version: 6.1.31219 - Caminova, Inc.)
Dokan Library 0.6.0 (HKLM\...\DokanLibrary) (Version:  - )
DokuTool (Non Commercial Edition) (HKLM\...\DokuTool 1.0R6_is1) (Version: 1.0.6.3 - Castelware Software GmbH)
DScaler 5 Mpeg Decoders (HKLM\...\DScaler 5 Mpeg Decoders_is1) (Version:  - )
Encrypt My Folder (HKLM\...\Encrypt My Folder) (Version:  - )
Enterra Icon Keeper Deluxe 1.1 (HKLM\...\Enterra Icon Keeper Deluxe_is1) (Version:  - Enterra, Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Everything 1.3.4.662b (x86) (HKLM\...\Everything) (Version:  - )
Exif Tag Remover 5.0 (HKLM\...\Exif Tag Remover_is1) (Version:  - RL Vision)
FastImageResizer (remove only) (HKLM\...\FastImageResizer) (Version:  - )
FeedDemon (HKLM\...\FeedDemon_is1) (Version: 4.5.0.0 - NewsGator Technologies, Inc.)
FenrirFS 2.4.7 (HKLM\...\FenrirFS_is1) (Version:  - Fenrir Inc.)
FFMPEG Core Files (remove only) (HKLM\...\FFMPEG Core Files) (Version:  - )
File Property Edit Pro (HKCU\...\File Property Edit Pro) (Version: 3.80 - foryoursoft)
FILEminimizer Suite (HKLM\...\FILEminimizer Suite_is1) (Version:  - balesio AG)
FilerFrog (HKLM\...\{29294ED4-4606-4DAD-B49A-359D12337ED3}) (Version: 2.2.0 - FilerFrog)
FileSearchEX (HKLM\...\FileSearchEX) (Version: 1.0.8.9 - GOFF Concepts LLC)
Fireplace Screensaver (HKLM\...\Fireplace Screensaver) (Version:  - )
Flame Painter 2 Pro 2.5 (HKLM\...\Flame Painter 2 Pro_is1) (Version: 2.5 - Escape Motions, s.r.o)
Flash Player Pro V5.7 (HKLM\...\Flash Player Pro_is1) (Version:  - FlashPlayerPro.com)
Flip Image (HKLM\...\Flip Image_is1) (Version:  - Flipbuilder Solution)
Flip Writer (HKLM\...\Flip Writer_is1) (Version:  - Flipbuilder Solution)
FlipBook Maker Pro 3.6.8 (HKLM\...\FlipBook Maker Pro_is1) (Version: 3.6.8 - Kvisoft Co,. Ltd)
Flipbook Maker Pro 4.0.0 (HKLM\...\Kvisoft Flipbook Maker Pro_is1) (Version: 4.0.0 - kvisoft.com)
Flipbook Maker4.0.0 (HKLM\...\Kvisoft FlipBook Maker Enterprise_is1) (Version: 4.0.0 - kvisoft.com)
FlipCreator (version 4.6.2.5) (HKLM\...\FlipCreator_is1) (Version:  - Alive Software, Inc.)
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 6.0.0202 (HKLM\...\FLV to AVI MPEG WMV 3GP MP4 iPod Converter_is1) (Version:  - Aone Software)
FMS Empty File Remover 2.9.1 (HKLM\...\{1C363729-80C0-43D6-A975-6C2BC18A5708}_is1) (Version:  - FileManagerSoft Ltd.)
FMS Empty Folder Remover 1.9.1 (HKLM\...\{B8AA2821-ECF5-496C-BBC1-45B66B56B049}_is1) (Version:  - FileManagerSoft Ltd.)
Folder Actions 1.1 for Windows (HKLM\...\Folder Actions 1.1 for Windows_is1) (Version:  - Leonid Parshukov)
Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)
FolderHighlight 2.4 (HKLM\...\FolderHighlight_is1) (Version: 2.4 - eRiverSoft)
FotoBeschriften 4.2.2.425 (HKLM\...\FotoBeschriften_is1) (Version: 4.2.2.425 - SpeedySoft)
Fresh Flash Catalog 3.7 (HKLM\...\{686D28EC-CD2A-4033-A98D-A50CB2A49D8D}_is1) (Version:  - Gokhan Bulut)
Gabest MPEG Splitter (remove only) (HKLM\...\Gabest MPEG Splitter) (Version:  - )
GiliSoft Privacy Protector 4.1 (HKLM\...\{E282A694-F6F9-46DC-AFA4-023EEF08708F}}_is1) (Version: 4.1 - Gilisoft International LLC.)
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
GreedyTorrent v1.01 beta build 170 (HKLM\...\GreedyTorrent_is1) (Version:  - Alex N J (www.alexnj.com))
Gyazo 2.0.1 (HKLM\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc. & Toshiyuki Masui)
HashOnClick (HKLM\...\HashOnClick_is1) (Version:  - 2BrightSparks)
HashTab 5.1.0.23 (HKLM\...\HashTab) (Version: 5.1.0.23 - Implbits Software)
HideGuard VPN 2.2.0.0 (HKLM\...\{A7BD5DA5-85A2-4FA6-8270-DDEDDBE51379}}_is1) (Version:  - iTVA LLC)
Hot Virtual Keyboard 8.1.5.0 (HKLM\...\{0F896F26-E9C0-4331-BB90-28CDDA490C93}_is1) (Version: 8.1 - Comfort Software Group)
HyperSnap 7 (HKLM\...\HyperSnap 7) (Version: 7.26.01 - Hyperionics Technology LLC)
Icaros 2.2.5 (HKLM\...\Icaros_is1) (Version: 2.2.5.301 - Tabibito Technology)
IcoFX 2.3.1 (HKLM\...\IcoFX 2_is1) (Version:  - )
Image Comparer v3.8 (HKLM\...\{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1) (Version: 3.8 - Bolide Software)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - )
IncrediMail 2.5 (HKLM\...\IncrediMail) (Version: 6.6.0.5273 - IncrediMail Ltd.)
IncrediMail JunkFilter Plus (HKLM\...\JunkFilterPlus) (Version: 6001167 - IncrediMail Ltd.)
Inpaint 5.6 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version:  - Teorex)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Unlocker (HKLM\...\IObit Unlocker_is1) (Version: 1.1 - IObit)
iolo technologies' System Mechanic Business (HKLM\...\{ED8F147C-7306-416E-AE7D-86DBC731622A}_is1) (Version: 12.5.0 - iolo technologies, LLC)
iPixSoft Flash Slideshow Creator (4.3.0.0) (HKLM\...\iPixSoft Flash Slideshow Creator_is1) (Version: 4.3.0.0 - iPixSoft)
iPixSoft Video Slideshow Maker (3.3.0.0) (HKLM\...\iPixSoft Video Slideshow Maker_is1) (Version: 3.3.0.0 - iPixSoft)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.8.05.13 - Oracle, Inc.) Hidden
JSignPdf 1.5.1 (HKLM\...\JSignPdf_is1) (Version: 1.5.1 - Josef Cacek)
just another nasty editor (HKLM\...\just another nasty editor) (Version: 1.68.0.0 - TryAndError, Inc. / AreYouParanoid? :))
jv16 PowerTools 2014 (HKLM\...\jv16 PowerTools 2014) (Version:  - Macecraft Software)
K-Lite Mega Codec Pack 10.5.0 (HKLM\...\KLiteCodecPack_is1) (Version: 10.5.0 - )
Kompas (HKLM\...\Kompas) (Version: 0.1.2 - Humanity)
Kvisoft Flash Slideshow Designer 1.6.0 (HKLM\...\Kvisoft Flash Slideshow Designer_is1) (Version: 1.6.0 - Kvisoft Co.,Ltd.)
Lazesoft Recovery Suite version 3.3 Unlimited Edition (HKLM\...\LS-32CB12D5-CC47-4BC8-BC97-0613CDCB0406_is1) (Version: 3.3 - Lazesoft)
Letasoft Sound Booster Version 1.1 (HKLM\...\{6C6CF38B-11DD-45C6-A15E-A3A0C4CE60F8}_is1) (Version: 1.1 - Letasoft LLC)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
LucisArt 3.0.5 ED/SE (HKLM\...\{CB30938E-2BCE-4837-9FEB-EB5DAB000235}) (Version: 3.0.5.0 - Image Content Technology)
LuraTech PDF Compressor Desktop 6.1.2.5 (HKLM\...\{DDD86B37-FF0A-4FCC-A415-0B69714F9901}) (Version: 6.1.2005 - LuraTech Imaging GmbH)
Machete 4.0 (HKLM\...\{5E305628-4161-4234-B718-D13623DE66C1}) (Version: 4.0.22 - MacheteSoft)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.2.6427 - Paramount Software (UK) Ltd.) Hidden
Macrorit Disk Scanner 2013 (HKLM\...\Macrorit Disk Scanner) (Version: 2013 - Macrorit Inc.)
MadVR (remove only) (HKLM\...\MadVR) (Version:  - )
MagicYUV Lossless Video Codec version 0.9alpha (HKLM\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 0.9alpha - INNOMAGIC, Ltd.)
Mail.Ru Cloud (HKLM\...\{776AF05B-784A-416F-B14C-31A1FBAF8B19}_is1) (Version: 15.01.0015 - Mail.Ru Group) <==== ATTENTION
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MAXA Cookie Manager Pro 5.3 (HKLM\...\MAXA Cookie Manager_is1) (Version:  - MAXA)
Maxthon Cloud Browser (HKLM\...\Maxthon3) (Version: 4.4.0.4000 - Maxthon International Limited)
MediaDrug (HKLM\...\4C6927B3-61F1-4EBF-A5C7-68B60E4F40B0) (Version: 1.0 - MediaDrug)
MediaTab (HKLM\...\MediaTab) (Version: 1.2 - Juan Manuel Lozano Contreras)
MEGAsync 1.0.22 (HKLM\...\MEGAsync) (Version: 1.0.22 - Mega Limited)
MetaProducts Inquiry (HKLM\...\metaprodInq) (Version:  1.11.600 beta [build 0.18] - evgen_Ú)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Research Project Colletta (Version: 3.0.0.0 - Microsoft Research Ltd) Hidden
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{09298F26-A95C-31E2-9D95-2C60F586F075}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsys Launcher (HKLM\...\560CEE382FE04EEE8EE428712CD776BE_is1) (Version: 2.0.0 - Micro-Sys ApS)
MirrorFolder 5.0.294.116 (Retail) (HKLM\...\ce876f80-8a31-11d4-b9d2-002018382069_is1) (Version: 5.0.294.116 - Techsoft)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0a1 - Mozilla)
MP3Cover (HKLM\...\MP3Cover) (Version:  - )
MP3-Info extension V3.4.25 (HKLM\...\MP3-Info extension_is1) (Version: 3.4.25 - Fabian Cenedese)
MP3jam 1.0.0.2 (HKLM\...\MP3jam_is1) (Version: 1.0.0.2 - MP3jam)
Mp3tag v2.58 (HKLM\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MRU-Blaster v1.5 (Database 3.28.04) (HKLM\...\MRU-Blaster_is1) (Version: 1.5 - BrightFort LLC)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
Nightly 28.0a1 (x86 en-US) (HKLM\...\Nightly 28.0a1 (x86 en-US)) (Version: 28.0a1 - Mozilla)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
OkayFreedom (HKLM\...\{3F3FB10C-7175-4D38-9335-3488B89C12AF}) (Version: 1.1 - Steganos Software GmbH)
OnTranslator (HKLM\...\OnTranslator) (Version: 1.0.140 - )
OpenSource AVI Splitter (remove only) (HKLM\...\OpenSource AVI Splitter) (Version:  - )
OpenSource DTS/AC3/DD+ Source Filter (remove only) (HKLM\...\OpenSource DTS/AC3/DD+ Source Filter) (Version:  - )
OpenSSL 1.0.1h Light (32-bit) (HKLM\...\OpenSSL Light (32-bit)_is1) (Version:  - OpenSSL Win32 Installer Team)
Opera 12.14 (HKLM\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 20.0.1387.91 (HKLM\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA)
Opera Stable 21.0.1432.57 (HKLM\...\Opera 21.0.1432.57) (Version: 21.0.1432.57 - Opera Software ASA)
Opus Pro 9 (HKLM\...\Opus Pro 9) (Version: 9 - Digital Workshop)
Pale Moon 24.5.0 (x86 en-US) (HKLM\...\Pale Moon 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
PDF Creator Pilot 4.3  (HKLM\...\{467D4F46-B75D-4E9F-B710-D933D687B9BD}) (Version: 4.3 - Two Pilots)
PDF Page Delete 1.1 (HKLM\...\PDF Page Delete_is1) (Version:  - PDF Page Delete)
PDF-Tools 4 (HKLM\...\{14EC807A-F88E-4FCF-8013-CB909F930E88}_is1) (Version: 4.0.214.2 - Tracker Software Products Ltd)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.1 - Tracker Software Products Ltd)
PDF-XChange 2012 Pro (HKLM\...\{F92F0AAB-2EF6-412C-8BF4-0B11EB535280}_is1) (Version: 5.0.273.2 - Tracker Software Products Ltd)
PDF-XChange Editor (HKLM\...\{2eef0fe2-cc4a-47d6-959c-de2d5c2cc40b}) (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.) Hidden
PerfectTUNES (HKLM\...\PerfectTUNES) (Version: Release 1 Unregistered - Cloud Audio)
PhotoFiltre Studio X (HKCU\...\PhotoFiltre Studio X) (Version:  - )
Photoupz 1.7.1 (HKLM\...\Photoupz) (Version: 1.7.1 - EvenPixel Ltd)
PicPick (HKLM\...\PicPick) (Version: 3.3.3 - NTeWORKS)
PicturesToExe 8.0 (HKLM\...\{A254D625} PicturesToExe 8.0_is1) (Version: 8.0.3 - WnSoft)
POP Peeper (HKLM\...\POP Peeper) (Version:  - Mortal Universe)
Postbox (3.0.11) (HKLM\...\Postbox (3.0.11)) (Version: 3.0.11 (en-US) - Postbox, Inc.)
Primg version 1.2.1.2 (HKLM\...\Primg_is1) (Version: 1.2.1.2 - Hiroshi Inagaki)
Privatefirewall 7.0 (HKLM\...\{E8EA933E-03A2-4E62-9F52-812C72BE2A6B}) (Version: 7.0.30.2 - PWI, Inc.)
PrivaZer (HKLM\...\PrivaZer) (Version: 2.21.1.0 - Goversoft LLC)
PrivitizeVPN (HKLM\...\PrivitizeVPN) (Version: 1.0.0 - OOO Industry) <==== ATTENTION
Project Colletta (HKLM\...\{d6074b06-1636-45dd-bf35-baf3e6d131d2}) (Version: 3.0.0.0 - Microsoft Research Ltd)
Project ROME (HKLM\...\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 0.9.0 (157403) - Adobe Systems Incorporated.)
PS Tray Factory 3.2 (HKLM\...\PS Tray Factory_is1) (Version:  - PS Soft Lab)
PSD Codec by Ardfry Imaging, LLC (32 bit) (Version: 1.0.15.0 - Ardfry Imaging, LLC) Hidden
PSD CODEC Version 1.6.1.0 (HKLM\...\Ardfry PSD CODEC_is1) (Version: 1.6.1.0 - Ardfry Imaging, LLC)
QTranslate 5.3.1 (HKLM\...\QTranslate) (Version: 5.3.1 - QuestSoft)
RadioSure (HKCU\...\RadioSure) (Version:  - )
Rainlendar2 (remove only) (HKLM\...\Rainlendar2) (Version:  - )
Registry Crawler (HKLM\...\Registry Crawler) (Version:  - )
Registry First Aid 9 (HKLM\...\RFA9_is1) (Version: 9.3.0 - RoseCitySoftware)
Registry Trash Keys Finder (Freeware) (HKLM\...\Registry Trash Keys Finder) (Version: 3.9.2.1 - SNC)
RegVac Registry Cleaner 5.02 (Registered Version) (HKLM\...\RegVac Registry Cleaner (Registered Version)_is1) (Version:  - Super Win Software, Inc.)
Resonic Alpha (HKLM\...\Resonic Alpha) (Version: 0.58.0.999 - Liqube)
RidNacs 2.0.3 (HKLM\...\RidNacs_is1) (Version:  - Stephan Plath)
Right Click Enhancer Professional 4.1.4 (HKLM\...\Right Click Enhancer Professional) (Version: 4.1.4 - RBSoft, Inc.)
Rio Internet Update (HKLM\...\{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}) (Version: 2.90 - Rio Audio)
Rio Music Manager (HKLM\...\{282EF7E3-AE54-48AE-A11D-27F512F23AB3}) (Version: 2.90 - Rio Audio)
RoboForm 7-9-7-5 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-7-5 - Siber Systems)
R-Wipe&Clean 10.3 (HKLM\...\R-Wipe&Clean_is1) (Version:  - R-tools Technology Inc.)
Sandboxie 4.06 (32-bit) (HKLM\...\Sandboxie) (Version: 4.06 - Sandboxie Holdings, LLC)
Screenpresso (HKCU\...\Screenpresso) (Version: 1.4.2.0 - LearnPulse)
Secret Notes version 1.2.1 (HKLM\...\{E5618ECE-CFCC-489B-BC91-3CC0AAC0B253}_is1) (Version: 1.2.1 - Softorino)
SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version:  - )
SendTo-Convert version 2.7.1.4 (HKLM\...\SendTo-Convert_is1) (Version: 2.7.1.4 - Hiroshi Inagaki)
Shadow Defender (HKLM\...\{93A07A0D-454E-43d1-86A9-5DE9C5F4411A}) (Version: 1.4.0.519 - ShadowDefender.com)
ShadowExplorer 0.9 (HKLM\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
ShadowProtect Desktop (Version: 4.15.9340 - StorageCraft) Hidden
ShareX 9.0.0 (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 9.0.0 - ShareX Developers)
Sigil 0.6.1 (HKLM\...\Sigil_is1) (Version:  - John Schember)
SkinPack 9-win7-ver1 (HKLM\...\SkinPack) (Version: 9-win7-ver1 - SkinPack)
Smart Mail Notifier v2.0 (HKLM\...\Smart Mail Notifier_is1) (Version: 2.0 - Smart PC Solutions)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 1.00.9376 - SoftEther Project)
Sohodox 8.3 (HKLM\...\Sohodox_is1) (Version: 8 - ITAZ)
Sound Normalizer 5.72 (HKLM\...\Sound Normalizer_is1) (Version: 5.72 - Kanz Software)
Stanza (HKLM\...\Stanza) (Version:  - )
Stickies 7.1e (HKLM\...\ZhornStickies) (Version:  - Zhorn Software)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBackPro (HKLM\...\SyncBackPro_is1) (Version: 6.5.38.0 - 2BrightSparks)
SysTrayX (HKLM\...\SysTrayX) (Version:  - )
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
The Bat! Professional v6.4.6 (HKLM\...\{F2A4C568-45FB-49DE-BEF3-304E870E3A2F}) (Version: 6.4.6 - Ritlabs)
Thumbnail me 3.0 (HKCU\...\Thumbnail me 3.0) (Version:  - )
Toolwiz FlipBook (HKLM\...\Toolwiz FlipBook_is1) (Version: 1.5.0.0 - Toolwiz)
TP-LINK Client Installation Program (Version: 7.0 - TP-LINK) Hidden
TreePad Business Edition 8.1 (HKLM\...\TreePadBiz) (Version:  - )
Trojan Killer (HKLM\...\GridinSoft Trojan Killer) (Version: 2.2.3.6 - GridinSoft LLC)
Trojan Remover 6.9.1.2929 (HKLM\...\Trojan Remover_is1) (Version: 6.9.1.2929 - Simply Super Software)
True Launch Bar (HKLM\...\{FC712CA0-A945-11d4-A594-956F6349FC18}) (Version: 6.6.3 beta - Tordex)
TuneUp Utilities 2014 (de-DE) (Version: 14.0.1000.296 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM\...\TuneUp Utilities) (Version: 14.0.1000.296 - TuneUp Software)
TuneUp Utilities 2014 (Version: 14.0.1000.296 - TuneUp Software) Hidden
TunnelBear (HKLM\...\{2871e92a-2f78-488c-89a4-cabdf26de1d3}) (Version: 2.2.17.0 - TunnelBear)
TunnelBear (Version: 2.2.17.0 - TunnelBear) Hidden
TVgenial 4.10 (HKLM\...\TVgenial) (Version:  - )
Tweak-7 (HKLM\...\Tweak-7) (Version: 1.0 build 1175 - Totalidea Software)
TweakNow PowerPack (HKLM\...\TweakNow PowerPack_is1) (Version: 4.3.0 - TweakNow.com)
UFS Explorer Professional Recovery, version 5.11.1 (HKLM\...\UFS Explorer Professional Recovery (version 5)_is1) (Version: 5.11.1 - LLC "SysDev Laboratories")
UltimateDefrag (HKLM\...\UltimateDefrag) (Version: 4.0.98.0 - DiskTrix, Inc.)
Ultra Video Converter 5.5.0401 (HKLM\...\Ultra Video Converter_is1) (Version:  - Aone Software)
UltraChm 1.0 (HKLM\...\UltraChm) (Version: 1.0 - UltraChm company, Inc.)
uMark 5 (HKLM\...\uMark) (Version: 5.0 - Uconomix)
Universal Document Converter Server Edition (HKLM\...\Universal Document Converter_is1) (Version: 6.3 - fCoder Group, Inc.)
Unknown Device Identifier 8.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.01 - Huntersoft)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
USB Safely Remove 5.2 (HKLM\...\USB Safely Remove_is1) (Version:  - SafelyRemove.com)
uTorrent Turbo Booster (HKLM\...\uTorrent Turbo Booster) (Version: 4.0.2.0 - DownloadBoosters LLC)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
VeryPDF Flipbook Maker v2.0 (HKLM\...\VeryPDF Flipbook Maker v2.0_is1) (Version:  - VeryPDF.com Company)
VisiPics V1.31 (HKLM\...\VisiPics_is1) (Version:  - Ozone)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VKMusic 4 (HKLM\...\VKMusic 4_is1) (Version: 4.59 - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VPNium  (HKLM\...\VPNium) (Version:  - )
VT Hash Check 1.42 (HKLM\...\{1E579B65-503B-4184-B481-5138124BEE1D}_is1) (Version: 1.42 - Boredom Software)
VueScan x32 (HKLM\...\VueScan x32) (Version:  - )
Watermark Factory 2 (HKLM\...\{208B53C3-FA83-40EF-BC07-ED61E78CC12A}}_is1) (Version:  - WatermarkFactory.com)
Watermark Software (HKCU\...\WatermarkSoftware) (Version:  - Watermark Software. All Rights Reserved.)
Web Research Network Add-on (HKLM\...\{DD76AABA-7E4E-4EB6-ACD3-990347356B31}) (Version: 2.80.0336 - macropool GmbH)
WebResearch 3 (HKLM\...\{BD42A7E4-1104-411D-80A9-8E75DE5D9741}) (Version: 3.10.4912 - macropool GmbH)
Win8.1 SkinPack X86 (HKLM\...\Win8.1 SkinPack) (Version: X86 - SkinPack)
Windows-Treiberpaket - Realtek Semiconductor Corp. (RTL8023xp) Net  (07/23/2009 6.111.0723.2009) (HKLM\...\E8D765D6F2FD9EF4896D3FB22C0A204D56298D28) (Version: 07/23/2009 6.111.0723.2009 - Realtek Semiconductor Corp.)
WindowTabs (HKLM\...\{8FB716E9-A14D-4983-8DE0-818CFFF24658}) (Version: 0.0.60 - Bemo Software, Inc.)
WinRAR 5.10 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
WonderFox Photo Watermark (HKCU\...\WonderFoxPhotoWatermark) (Version:  - WonderFox Soft. All Rights Reserved.)
Wondershare MobileGo for Android ( Version 2.0.1 ) (HKLM\...\{1E04C795-7359-4E05-8A0E-5644F777AA08}_is1) (Version: 2.0.1 - Wondershare)
Word Artist 2.0 (HKLM\...\{8CB66CF8-F0FC-4EE1-BC98-9EC1EA6F0486}) (Version: 2.0 - Fotoview)
XFlip 2.0.1 (HKLM\...\XFlip Pro_is1) (Version: 2.0.1 - xflip.com)
XnView 2.22 (HKLM\...\XnView_is1) (Version: 2.22 - Gougelet Pierre-e)
XnViewMP 0.64 (HKLM\...\XnViewMP_is1) (Version: 0.64 - Gougelet Pierre-e)
xp-AntiSpy 3.98-2 (HKLM\...\xp-AntiSpy) (Version:  - Christian Taubenheim)
X-Proxy (HKCU\...\e9149030bbc2ac48) (Version: 5.2.0.3 - Sauces Software)
Your Uninstaller! 7 (HKLM\...\YU2010_is1) (Version: 7.5.2014.3 - URSoft, Inc.)
YoWindow (HKLM\...\yowindow) (Version: 3 - RepkaSoft)
Zoom Player (remove only) (HKLM\...\ZoomPlayer) (Version:  - )
Zoom Player deutsche Sprachdateien (entfernen) (HKLM\...\ZoomPlayer_German) (Version:  - )
Zoom Player Russian language (remove only) (HKLM\...\ZoomPlayer_Russian) (Version:  - )
ЛовиВконтакте 3.2.0.0 (HKLM\...\{FD655D52-4E33-40CB-A4D9-21F99DA70712}}_is1) (Version:  - iTVA LLC.)

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-14 09:52 - 00002351 ____A C:\Windows\system32\Drivers\etc\hosts
	127.0.0.1 tonec.com
	127.0.0.1 www.tonec.com
	127.0.0.1 registeridm.com
	127.0.0.1 www.registeridm.com
	127.0.0.1 secure.registeridm.com
	127.0.0.1 internetdownloadmanager.com
	127.0.0.1 www.internetdownloadmanager.com
	127.0.0.1 secure.internetdownloadmanager.com
	127.0.0.1 www.secure.internetdownloadmanager.com
	127.0.0.1 mirror.internetdownloadmanager.com
	127.0.0.1 www.mirror.internetdownloadmanager.com
	127.0.0.1 mirror2.internetdownloadmanager.com
	127.0.0.1 www.mirror2.internetdownloadmanager.com
	127.0.0.1 mirror3.internetdownloadmanager.com
	127.0.0.1 www.mirror3.internetdownloadmanager.com
	127.0.0.1 validation.sls.microsoft.com
     127.0.0.1 174.133.70.101:443 
     127.0.0.1 174.133.70.101:80 
     127.0.0.1 174.133.70.98 
     127.0.0.1  *internetdownloadmanager.com/data/395012712/register.cgi 
      127.0.0.1  *registeridm.com*
	127.0.0.1 sublimetext.com
	127.0.0.1 www.sublimetext.com
      127.0.0.1 foryoursoft.com
      127.0.0.1 formessengers.com
      127.0.0.1 www.radiosure.com
      127.0.0.1 activation.acronis.com 
      127.0.0.1 support.wondershare.net
      127.0.0.1 www.wondershare.net
      127.0.0.1 support.wondershare.com
      127.0.0.1 www.wondershare.com
      127.0.0.1 www.hamrick.com
      127.0.0.1 stats.hamrick.com
      127.0.0.1 static.hamrick.com
      127.0.0.1 server-54-230-97-253.arn1.r.cloudfront.net

==================== Scheduled Tasks (whitelisted) =============

Task: {09570B1A-14BB-44AC-8CAB-7B68E93AC280} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2014\OneClick.exe [2014-04-15] (TuneUp Software)
Task: {0F608FDE-6036-49A1-A50E-8C002589EE09} - System32\Tasks\iolo Process Governor => C:\Program Files\iolo\System Mechanic Business\iologovernor.exe [2013-12-04] (iolo technologies, LLC)
Task: {128127EF-57FE-41D5-9AC1-CB53011BCA86} - \GoogleUpdateTaskUserS-1-5-21-3944665068-2704869593-2486753056-1000Core No Task File <==== ATTENTION
Task: {1CEEC936-3839-4AD7-9AF6-46509747BDDD} - System32\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000 => C:\Program Files\Skillbrains\Updater\Updater.exe
Task: {4D2FF0DB-9245-4A61-B080-88A7A737FA5F} - \{2CA3B5DE-7774-437B-A36A-C2712266C77A} No Task File <==== ATTENTION
Task: {52DCADF7-033E-48C9-AF6E-DA9012D0C018} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-12] (Adobe Systems Incorporated)
Task: {5D9317A8-208E-4A4E-AEE6-A207BBF62486} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6C7251DC-4F76-4FBF-85F2-A10A2F5F8A44} - \GoogleUpdateTaskUserS-1-5-21-3944665068-2704869593-2486753056-1000UA No Task File <==== ATTENTION
Task: {70542A51-2B78-40F4-8820-374369D1D464} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {97E9E9E8-1185-4E51-86F4-ABB841136AD2} - \GoogleUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {BA4D3980-A9B5-4200-B679-7725F045B808} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMPMNMJMLMKLJMLLMMCNOMHMKLMMCNJLHMPMMLCNNLOLKLNMCNLMNMMLKLLLLLKMMMNMMLHMOMJNJICMIMCNHMCNMMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMJMJMJMJNHICMEKMICNJJCKJNBJCMILKJAJNIIJKJJNKJCMJNNICMJNDJCMLJKJ"
Task: {F3DFFDE9-6F58-4D72-ADA5-D9263F4E1A9D} - System32\Tasks\Maxthon Update => C:\Program Files\Maxthon\Bin\mxup.exe [2014-05-14] (Maxthon International ltd.)
Task: {F45CB7D8-7A07-4332-908A-323157C4477C} - System32\Tasks\Opera scheduled Autoupdate 1380044755 => C:\Program Files\Opera Developer\launcher.exe
Task: {FDA56282-9D40-4F98-B6F7-A9FBDF98A578} - \GoogleUpdateTaskMachineUA No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000.job => C:\Program Files\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (whitelisted) =============

2012-09-15 10:42 - 2012-09-15 10:42 - 00091648 _____ () C:\Program Files\MacType\EasyHK32.dll
2012-11-10 17:56 - 2009-01-12 08:15 - 00071096 _____ () C:\Windows\system32\NMSAccessU.exe
2013-03-12 14:37 - 2012-10-16 11:27 - 00522912 _____ () C:\Program Files\Letasoft Sound Booster\Filters\gain.dll
2013-10-16 15:42 - 2010-04-26 02:18 - 00053248 _____ () C:\Program Files\PS Tray Factory\HKDll.dll
2012-11-10 16:32 - 2010-11-28 10:43 - 00236544 _____ () C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe
2013-07-04 21:09 - 2013-07-04 21:09 - 00348672 _____ () C:\Program Files\POP Peeper\sqlite3.dll
2013-07-25 01:04 - 2013-07-25 01:04 - 00110080 _____ () C:\Program Files\POP Peeper\zip.dll
2014-03-04 19:32 - 2014-01-20 09:48 - 02611808 _____ () C:\Program Files\Rainlendar2\Rainlendar2.exe
2014-03-04 19:33 - 2012-05-16 21:01 - 00140800 _____ () C:\Program Files\Rainlendar2\lua52.dll
2014-03-04 19:33 - 2014-01-04 19:20 - 00249344 _____ () C:\Program Files\Rainlendar2\libical.dll
2014-03-04 19:32 - 2014-01-20 09:48 - 00060512 _____ () C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll
2014-03-04 19:33 - 2014-01-04 19:00 - 00065024 _____ () C:\Program Files\Rainlendar2\libicalss.dll
2014-03-04 19:33 - 2012-06-17 15:22 - 00012800 _____ () C:\Program Files\Rainlendar2\lfs.dll
2011-02-23 17:08 - 2011-02-23 17:08 - 00080384 _____ () C:\Program Files\FileBX\FbxRes.dll
2013-09-29 14:46 - 2002-08-13 06:09 - 00684032 _____ () C:\Program Files\Smart PC Solutions\Smart Mail Notifier\libeay32.dll
2013-09-29 14:46 - 2002-08-13 06:10 - 00155648 _____ () C:\Program Files\Smart PC Solutions\Smart Mail Notifier\ssleay32.dll
2014-04-01 07:41 - 2014-01-10 11:26 - 03014656 _____ () C:\Program Files\WindowTabs\WindowTabs.exe
2013-07-31 12:40 - 2012-02-06 16:28 - 00053248 _____ () C:\Program Files\GiliSoft\Privacy Protector\FileLockPlugin.dll
2013-07-31 12:40 - 2012-02-08 14:23 - 00708608 _____ () C:\Program Files\GiliSoft\Privacy Protector\KernalUI.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 01565256 _____ () C:\Program Files\EmEditor\emedres.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00372296 _____ () C:\Program Files\EmEditor\mui\1031\emedloc.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00190536 _____ () C:\Program Files\EmEditor\EMREGEXP.DLL
2014-05-15 01:05 - 2014-05-15 01:05 - 00111688 _____ () C:\Program Files\EmEditor\PlugIns\Explorer.dll
2014-05-15 01:05 - 2014-05-15 01:05 - 00269896 _____ () C:\Program Files\EmEditor\PlugIns\HTMLBar.dll
2014-05-15 01:05 - 2014-05-15 01:05 - 00086600 _____ () C:\Program Files\EmEditor\PlugIns\OpenDocuments.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00290376 _____ () C:\Program Files\EmEditor\PlugIns\Projects.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00079944 _____ () C:\Program Files\EmEditor\PlugIns\Search.dll
2014-05-15 01:05 - 2014-05-15 01:05 - 00198216 _____ () C:\Program Files\EmEditor\PlugIns\Snippets.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00094280 _____ () C:\Program Files\EmEditor\PlugIns\WebPreview.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00139848 _____ () C:\Program Files\EmEditor\PlugIns\WordComplete.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00109640 _____ () C:\Program Files\EmEditor\PlugIns\WordCount.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00014408 _____ () C:\Program Files\EmEditor\PlugIns\mui\1031\HTMLBar_loc.dll
2014-05-15 01:05 - 2014-05-15 01:05 - 00025672 _____ () C:\Program Files\EmEditor\PlugIns\mui\1031\Projects_loc.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00019016 _____ () C:\Program Files\EmEditor\PlugIns\mui\1031\Snippets_loc.dll
2014-05-15 01:05 - 2014-05-15 01:05 - 00014920 _____ () C:\Program Files\EmEditor\PlugIns\mui\1031\WordComplete_loc.dll
2014-05-15 01:06 - 2014-05-15 01:06 - 00011336 _____ () C:\Program Files\EmEditor\PlugIns\mui\1031\WordCount_loc.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Program Files\Sohodox Desktop:{36007700-3300-6800-3100-33004D004B00}
AlternateDataStreams: C:\Windows\MSI Package Builder 4 Enterprise.xml:MSI_Package_Builder
AlternateDataStreams: C:\Windows\win.ini:WINDOWS
AlternateDataStreams: C:\Windows\system32\desktop.ini:WIN64
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51
AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9
AlternateDataStreams: C:\Users\George\Documents\-----A P P S-----:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\-----A P P S-----:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\----Kostenlos Faxe verschicken----:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\----Kostenlos Faxe verschicken----:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\A N D R O I D +W I N  Tools+Stream:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\A N D R O I D +W I N  Tools+Stream:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Add-in Express:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Add-in Express:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Angebot Feuer&Flamme GmbH.eml:OECustomProperty
AlternateDataStreams: C:\Users\George\Documents\Anki:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Anki:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Atlantis:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Atlantis:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Calibre Bibliothek:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Calibre Bibliothek:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Calibre Portable:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Calibre Portable:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\CaptureSaver:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\CaptureSaver:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Englische Schimpfwörter:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Englische Schimpfwörter:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Google mit anderen Mail verbinden:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Google mit anderen Mail verbinden:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\IC3:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\IC3:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\INFO+Haushalt:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\INFO+Haushalt:doo_YlFqusxs
AlternateDataStreams: C:\Users\George\Documents\Micro-Sys:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\mobile:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\My Digital Editions:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\P E R S Ö H N L I C H:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Ratgeber Photovoltaik:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\SecretNotes:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\ShareX:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\SMA Off-Grid Configurator v.1.09 - Solarenergie:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Web Research:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Web-Recherchen:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\webkit:doo_mRJtPQVz
AlternateDataStreams: C:\Users\George\Documents\Weihnachten+Christmas Tree 1.8 - Portable:doo_mRJtPQVz

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UnsignedThemes => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UnsignedThemes => ""="Service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: Adjuster => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 2
MSCONFIG\Services: FolderSize => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 3
MSCONFIG\startupfolder: C:^Users^George^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^百度云管家.lnk => C:\Windows\pss\百度云管家.lnk.Startup
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: RoboForm => 

==================== Faulty Device Manager Devices =============

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2014 06:26:34 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5792. Meldungs-ID: [0x2509].

Error: (06/22/2014 06:07:18 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5184. Meldungs-ID: [0x2509].

Error: (06/22/2014 06:04:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4996. Meldungs-ID: [0x2509].

Error: (06/22/2014 05:15:34 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5944. Meldungs-ID: [0x2509].

Error: (06/22/2014 04:54:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2014-06-29T14:53:19Z. Fehlercode: 0x80041321.


System errors:
=============
Error: (06/22/2014 04:54:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SPP-Benachrichtigungsdienst" wurde mit folgendem Fehler beendet: 
%%5

Error: (06/22/2014 04:45:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "LiveUpdate" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/22/2014 03:03:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (06/22/2014 06:26:34 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5792. Meldungs-ID: [0x2509].

Error: (06/22/2014 06:07:18 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5184. Meldungs-ID: [0x2509].

Error: (06/22/2014 06:04:20 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 4996. Meldungs-ID: [0x2509].

Error: (06/22/2014 05:15:34 PM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.18444 - Fehler beim Initialisieren der Profilerstellungs-API-Anfügeinfrastruktur. Dieser Prozess ermöglicht einem Profiler das Anfügen nicht. HRESULT: 0x80004005.  Prozess-ID (dezimal): 5944. Meldungs-ID: [0x2509].

Error: (06/22/2014 04:54:21 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800413212014-06-29T14:53:19Z


CodeIntegrity Errors:
===================================
  Date: 2014-06-20 21:50:46.431
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-20 21:50:46.376
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\KLELAMX86\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-20 21:50:45.916
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-20 21:50:45.734
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 64%
Total physical RAM: 2047.55 MB
Available physical RAM: 732.68 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 2586.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.28 MB

==================== Drives ================================

Drive c: (Win7) (Fixed) (Total:319.18 GB) (Free:93.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive f: (BIE) (Fixed) (Total:146.48 GB) (Free:81.57 GB) NTFS
Drive g: (SATA) (Fixed) (Total:76.68 GB) (Free:44.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 77 GB) (Disk ID: 96BF04FF)
Partition 1: (Not Active) - (Size=77 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 1D79DA50)
Partition 1: (Active) - (Size=319 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST.txt von heute:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by George (administrator) on GEORGE-PC on 22-06-2014 18:39:45
Running from C:\Users\George\00  R E S U L T
Platform: Microsoft Windows 7 Enterprise  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Crystal Rich Ltd) C:\Program Files\USB Safely Remove\USBSRService.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe
(FlyingSnow) C:\Program Files\MacType\MacTray.exe
(Techsoft) C:\Windows\System32\mfsyncsv.exe
() C:\Windows\System32\NMSAccessU.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Digital Networks North America, Inc.) C:\Windows\System32\RioMSC.exe
(www.shadowexplorer.com) C:\Program Files\ShadowExplorer\sesvc.exe
(Totalidea Software) C:\Windows\System32\Tweak7SystemService.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(StorageCraft Technology Corporation) C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe
(StorageCraft Technology Corporation) C:\Windows\System32\vsnapvss.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(SHADOWDEFENDER.COM) C:\Program Files\Shadow Defender\DefenderDaemon.exe
(Privacyware/PWI, Inc.) C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe
(PS Soft Lab) C:\Program Files\PS Tray Factory\PSTrayFactory.exe
() C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe
(Techsoft) C:\Program Files\MirrorFolder\mrfshl.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Anuko International Ltd.) C:\Program Files\Anuko\World Clock\world_clock.exe
(Mortal Universe) C:\Program Files\POP Peeper\POPPeeper.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Hyperionics Technology LLC) C:\Program Files\FileBX\FileBX.exe
(Just Great Software) C:\Program Files\Just Great Software\AceText\AceText.exe
(Murray Hurps Software Pty Ltd) C:\Program Files\Ad Muncher\AdMunch.exe
(NTeWORKS) C:\Program Files\PicPick\picpick.exe
(Smart PC Solutions) C:\Program Files\Smart PC Solutions\Smart Mail Notifier\SmartMailNotifier.exe
(Letasoft) C:\Program Files\Letasoft Sound Booster\SoundBooster.exe
(<appro@fy.chalmers.se>) C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe
() C:\Program Files\WindowTabs\WindowTabs.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Emurasoft, Inc.) C:\Program Files\EmEditor\EmEditor.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Enterra Icon Keeper] => C:\Program Files\Enterra\Icon Keeper\IcnKeepr.exe [57344 2006-06-06] (Enterra, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [3309568 2004-03-24] (NVIDIA Corporation)
HKLM\...\Run: [Shadow Defender Daemon] => C:\Program Files\Shadow Defender\DefenderDaemon.exe [388992 2014-04-24] (SHADOWDEFENDER.COM)
HKLM\...\Run: [Privatefirewall] => C:\Program Files\Privacyware\Privatefirewall 7.0\PFGUI.exe [3048480 2013-12-17] (Privacyware/PWI, Inc.)
HKLM\...\Run: [TrayFactory] => C:\Program Files\PS Tray Factory\PSTrayFactory.EXE [1304576 2010-05-25] (PS Soft Lab)
HKLM\...\Run: [Minipad] => C:\Users\George\Downloads\Programs\minipad2 3.2 beta3-Notiz+PIM----\minipad2.exe [236544 2010-11-28] ()
HKLM\...\Run: [MirrorFolderShell] => C:\Program Files\MirrorFolder\mrfshl.exe [228904 2012-12-08] (Techsoft)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [150208 2014-04-20] (IvoSoft)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
HKLM\...\Policies\Explorer: [RevertWebViewSecurity] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [TrayFactory] => C:\Program Files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [AnukoWorldClock] => C:\Program Files\Anuko\World Clock\world_clock.exe [571480 2013-12-05] (Anuko International Ltd.)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [POP Peeper] => C:\Program Files\POP Peeper\POPPeeper.exe [2221056 2013-12-20] (Mortal Universe)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [2611808 2014-01-20] ()
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3837520 2014-06-04] (Tonec Inc.)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\RunOnce: [PSTF] - C:\Program Files\PS Tray Factory\PSTrayFactory.exe [1304576 2010-05-25] (PS Soft Lab)
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoRecentDocsNetHood] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [NoDrives] 62914560
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-3944665068-2704869593-2486753056-1000\...\MountPoints2: D - D:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox eXtender.lnk
ShortcutTarget: FileBox eXtender.lnk -> C:\Program Files\FileBX\FileBX.exe (Hyperionics Technology LLC)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AceText.lnk
ShortcutTarget: AceText.lnk -> C:\Program Files\Just Great Software\AceText\AceText.exe (Just Great Software)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AdMunch.lnk
ShortcutTarget: AdMunch.lnk -> C:\Program Files\Ad Muncher\AdMunch.exe (Murray Hurps Software Pty Ltd)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PicPick.lnk
ShortcutTarget: PicPick.lnk -> C:\Program Files\PicPick\picpick.exe (NTeWORKS)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\smart mail.lnk
ShortcutTarget: smart mail.lnk -> C:\Program Files\Smart PC Solutions\Smart Mail Notifier\SmartMailNotifier.exe (Smart PC Solutions)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sound Booster.lnk
ShortcutTarget: Sound Booster.lnk -> C:\Program Files\Letasoft Sound Booster\SoundBooster.exe (Letasoft)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TXMouse.lnk
ShortcutTarget: TXMouse.lnk -> C:\Users\George\Downloads\Programs\TXMouse - Copy § Paste\TXMouse.exe (<appro@fy.chalmers.se>)
Startup: C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowTabs.lnk
ShortcutTarget: WindowTabs.lnk -> C:\Windows\Installer\{8FB716E9-A14D-4983-8DE0-818CFFF24658}\_11D700C05B80A7BE98D2B6.exe ()
ShellIconOverlayIdentifiers:   MailRuCloudIconOverlay0 -> {64A9418A-B6B1-4112-B75C-E61633C9A31F} =>  No File
ShellIconOverlayIdentifiers:   MailRuCloudIconOverlay1 -> {6A2E142B-EA63-433A-AC05-5223CBD26E65} =>  No File
ShellIconOverlayIdentifiers:   MailRuCloudIconOverlay2 -> {6AFCC535-2F12-4F50-9F0A-1CF856CFC95D} =>  No File
ShellIconOverlayIdentifiers:  0Cloudfogger -> {15EDBCBF-7231-4290-946E-5BB12C6AF342} =>  No File
ShellIconOverlayIdentifiers:  1Cloudfogger -> {14A3EC74-D852-416A-9691-AC3096EE1953} =>  No File
ShellIconOverlayIdentifiers:  2Cloudfogger -> {E9C2814C-12B8-4D74-9551-16DDEBFC8AE4} =>  No File
ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
BootExecute: 

==================== Internet (Whitelisted) ====================

ProxyServer: 60.222.224.135:8888
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2155FCF56F08CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ustart.org
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MetaProducts Inquiry Helper - {001165C1-A640-11D7-9FD9-0080481ADA61} - C:\Program Files\MetaProducts Inquiry\inquiry.dll (MetaProducts corp.)
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll No File
BHO: WebResearch Browser Helper Object - {255215E2-87DC-4819-8724-D0B4C94DBEF5} - C:\Program Files\WebResearch\WRShell.dll (macropool GmbH)
BHO: FLockObj Class - {26C3165B-FC58-4910-802D-250B2E68A04E} - C:\Program Files\GiliSoft\Privacy Protector\FileLockPlugin.dll ()
BHO: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
BHO: RoboForm Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft Research Project Colletta IE Add-in - {9da4fcb2-d7ca-4080-94b7-11e7b20d3f63} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - QTToolBar2 - {a84524f0-d48b-4cff-8012-5e67decaf1d5} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Command Bar - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Command Bar 2 - {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - QT Management toolbar - {d2bf470e-ed1c-487f-a300-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll (Tracker Software Products (Canada) Ltd.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks: QTTabBarLib.ExplorerProcessCaptor - {D2BF470E-ED1C-487F-AAAA-2BD8835EB6CE} - C:\Windows\System32\mscoree.dll [297808 2010-11-20] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{2E4A2520-01A7-4514-9E86-0193B5E2F54F}: [NameServer]8.8.8.8,8.8.4.4,192.168.1.1
Tcpip\..\Interfaces\{A4034B29-02E2-4202-9945-9C97B2001AC5}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B383CF35-CA4E-4E62-8DA4-A92724620976}: [NameServer]8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B9A18F8B-589A-45A9-A31A-9650FF81DACD}: [NameServer]8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
FF DefaultSearchEngine: uStart
FF SearchEngineOrder.1: uStart
FF Homepage: hxxp://startpage.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @digitalworkshop.com/Plexus - C:\ProgramData\\Digital Workshop\Plexus\npilm500.dll (Digital Workshop)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @metaproducts.com/MPIQ - C:\Program Files\MetaProducts Inquiry\mpsafariiq.dll (MetaProducts corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @siber.com/RoboForm - C:\Program Files\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll (Siber Systems Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\PROGRA~1\TRACKE~1\PDFVIE~1\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @acestream.net/acestreamplugin,version=2.2.4-next - C:\Users\George\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdbplug.dll (DNAML Pty Ltd)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPILM500.dll (Digital Workshop)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\digg.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-blogs.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-books.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-directory.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-finance.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-groups.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-news.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-products.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-scholar.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-trends.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\google-video.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\longman-english-dictionary.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\thesauruscom.xml
FF SearchPlugin: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\youtube.xml
FF Extension: pearltrees - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\collector@broceliand.fr [2013-04-28]
FF Extension: Custom Buttons - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\custombuttons@xsms.org [2013-11-19]
FF Extension: FavIconReloader - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\FavIconReloader@mozilla.org [2013-11-22]
FF Extension: HashColouredTabs+ - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\hashcolouredtabs@bristol.ac.uk [2013-05-01]
FF Extension: DNL Reader for Mozilla - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\support@dnaml.com [2014-04-27]
FF Extension: The Puzzle Piece - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thePuzzlePiece@quicksaver [2013-09-14]
FF Extension: ColorfulTabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2013-11-19]
FF Extension: FireShot - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013-10-14]
FF Extension: Flagfox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2013-11-22]
FF Extension: EPUBReader - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-04-28]
FF Extension: All-in-One Gestures - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2013-05-26]
FF Extension: YouTube™ Anywhere Player - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{c9d31470-81c6-4e3e-9a37-46eb9237ed3a} [2013-11-19]
FF Extension: Image Spider - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\Artem@Demchenkov.ImageSpider.xpi [2013-04-28]
FF Extension: Classic Bookmarks Button - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\ClassicBookmarksButton@ArisT2Noia4dev.xpi [2013-11-19]
FF Extension: Classic Theme Restorer - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2013-11-19]
FF Extension: FabTabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\fabtab@captaincaveman.nl.xpi [2013-05-01]
FF Extension: FireGestures - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\firegestures@xuldev.org.xpi [2013-04-28]
FF Extension: IdentFavIcon - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\identfavicon@david.hanak.hu.xpi [2013-04-28]
FF Extension: Side Tabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\jid0-AjzBVlpzVAaBqxcar9QDqMWWAVQ@jetpack.xpi [2013-05-01]
FF Extension: Scroll To Top - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\jid0-gRmSxW9ByuHwGjLhtXJg27YnZRs@jetpack.xpi [2013-05-01]
FF Extension: Multifox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\multifox@hultmann.xpi [2013-05-01]
FF Extension: Multi Links - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\multilinks@plugin.xpi [2013-04-28]
FF Extension: Easy DragToGo+ - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\pig1717@gmail.com.xpi [2013-04-29]
FF Extension: QuickDrag - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\quickdrag@mozilla.ktechcomputing.com.xpi [2013-04-28]
FF Extension: Scroll to Top/Bottom - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\scroll_to_top-bottom@developer.bobdawg.org.xpi [2013-05-01]
FF Extension: The Puzzle Piece - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thePuzzlePiece@quicksaver.xpi [2013-05-26]
FF Extension: Thumbnail Zoom Plus - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2013-04-28]
FF Extension: Tile Tabs - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\tiletabs@DW-dev.xpi [2013-05-01]
FF Extension: Google Translator for Firefox - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\translator@zoli.bod.xpi [2013-04-28]
FF Extension: Session Manager - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-04-28]
FF Extension: Capture &amp; Print - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{146f1820-2b0d-49ef-acbf-d85a6986e10c}.xpi [2013-04-28]
FF Extension: RunWith - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{2E3C8719-28D0-47fc-BD8E-9A2C02F4144E}.xpi [2013-04-28]
FF Extension: SearchWP - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{3e270ac3-8936-43fb-ad20-b4685172a83d}.xpi [2013-05-18]
FF Extension: Tab Clicking Options - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{43520B8F-4107-4351-AC64-9BCC5EEA24B9}.xpi [2013-05-01]
FF Extension: Searchtermhighlighter - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{458482f0-90fb-4257-855f-0ba2790584f9}.xpi [2013-05-18]
FF Extension: Stylish - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-04-28]
FF Extension: DragIt - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{575cbcb9-3b7e-493a-b001-886b3ae793b5}.xpi [2013-04-29]
FF Extension: Quick Translator - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2013-04-28]
FF Extension: Readability - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi [2013-04-28]
FF Extension: Speed Dial - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-05-09]
FF Extension: FfChrome - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{9bc51d13-3849-4541-a69c-da418934ca05}.xpi [2013-05-01]
FF Extension: eCleaner - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{c72c0c73-4eb0-4fb3-af0f-074e97326cfd}.xpi [2013-05-01]
FF Extension: RightToClick - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-04-28]
FF Extension: TextMarker Go - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{cd6c4ebf-366e-45a0-98b5-b8217288eed7}.xpi [2013-04-28]
FF Extension: CoolPreviews - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi [2013-04-28]
FF Extension: MetaProducts Integration - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.xpi [2013-04-28]
FF Extension: Tab Mix Plus - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-04-28]
FF Extension: DownThemAll! - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-28]
FF Extension: Greasemonkey - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-04-29]
FF Extension: Menu Editor - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}.xpi [2013-04-28]
FF Extension: FoxTab - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi [2013-05-09]
FF Extension: Open link in... - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}.xpi [2013-04-28]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-11-17]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2012-10-28]
FF HKCU\...\Firefox\Extensions: [maxacookie@maxatools.com] - C:\Program Files\MAXA Cookie Manager\extension
FF Extension: MAXA Cookie Manager - C:\Program Files\MAXA Cookie Manager\extension [2012-11-23]
FF HKCU\...\Firefox\Extensions: [CaptureSaver@goldgingko.com] - C:\Program Files\CaptureSaver\Firefox
FF Extension: No Name - C:\Program Files\CaptureSaver\Firefox [2013-03-22]
FF HKCU\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\George\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\George\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\George\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\George\AppData\Roaming\ACEStream\extensions\firefox\magicplayer@torrentstream.org [2014-04-12]
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\George\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\George\AppData\Roaming\IDM\idmmzcc5 [2014-06-06]

========================== Services (Whitelisted) =================

S4 Backupper Service; C:\Program Files\AOMEI Backupper Professional Edition 2.0\ABService.exe [29912 2014-04-04] (AOMEI Tech Co., Ltd.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-04-14] (CyberGhost S.R.L)
S4 Diskeeper; C:\Program Files\Condusiv Technologies\Diskeeper\DkService.exe [2164088 2012-06-29] (Condusiv Technologies)
S4 DokanMounter; C:\Program Files\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () [File not signed]
S4 Hddb_Service; C:\Program Files\xp-zed\hddb\Hddb_Srv.exe [150016 2014-05-02] (Xp-Zed.com) [File not signed]
S4 hgvpn; C:\Program Files\HideGuard VPN\hgvpn.exe [770096 2014-03-17] ()
S4 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
R2 MacType; C:\Program Files\MacType\MacTray.exe [605696 2012-10-22] (FlyingSnow) [File not signed]
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 mfsyncsv; C:\Windows\system32\mfsyncsv.exe [182312 2012-12-08] (Techsoft)
R2 NMSAccess; C:\Windows\system32\NMSAccessU.exe [71096 2009-01-12] ()
S4 OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\OkayFreedomService.exe [315632 2013-07-15] (Steganos Software GmbH)
R2 PFNet; C:\Program Files\Privacyware\Privatefirewall 7.0\pfsvc.exe [374600 2013-12-17] (Privacyware/PWI, Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [603760 2013-10-16] (Paramount Software UK Ltd)
R2 RioMSC; C:\Windows\system32\RioMSC.exe [303104 2005-07-25] (Digital Networks North America, Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [130248 2013-10-16] (Sandboxie Holdings, LLC)
S4 SdxEmailCaptureService; C:\Program Files\Sohodox Desktop\Modules\Email Capture\EmailCaptureSvr.exe [69632 2012-06-04] (ITAZ Technologies Pvt Ltd) [File not signed]
S4 SdxFolderMonitorService; C:\Program Files\Sohodox Desktop\Modules\Folder Monitor\FldMonSrv.exe [65536 2011-12-29] (ITAZ Technologies Pvt Ltd) [File not signed]
S4 SdxIndexingService; C:\Program Files\Sohodox Desktop\Modules\Indexing Service\Itaz.Dms.IndexingService.exe [61440 2013-06-04] (ITAZ Technologies Pvt Ltd) [File not signed]
R2 sesvc; C:\Program Files\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S4 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3506232 2013-08-03] (SoftEther Project at University of Tsukuba, Japan.)
R2 ShadowProtectSvc; C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [3561472 2012-10-28] (StorageCraft Technology Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [57344 2013-01-08] () [File not signed]
S2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe [1774904 2014-04-15] (TuneUp Software)
S3 TunnelBearMaintenance; C:\Program Files\TunnelBear\TBear.Maintenance.exe [25536 2014-04-08] ()
R2 Tweak7SystemService; C:\Windows\system32\Tweak7SystemService.exe [102904 2013-06-10] (Totalidea Software)
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [21096 2009-07-13] (The Within Network, LLC)
R2 USBSafelyRemoveService; C:\Program Files\USB Safely Remove\USBSRService.exe [1036088 2014-03-24] (Crystal Rich Ltd)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () [File not signed]
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25728 2012-06-05] (Google Inc)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [47456 2014-03-11] (Baidu, Inc.)
R3 cmuda3; C:\Windows\System32\Drivers\cmudax3.sys [1872192 2009-12-01] (C-Media Inc)
R0 diskpt; C:\Windows\System32\drivers\diskpt.sys [306536 2014-04-24] (SHADOWDEFENDER.COM)
R0 DKDFM; C:\Windows\System32\drivers\DKDFM.sys [35120 2012-04-05] (Condusiv Technologies)
S3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44496 2012-06-18] (Condusiv Technologies)
R0 DKTLFSMF; C:\Windows\System32\drivers\DKTLFSMF.sys [85328 2012-06-07] (Condusiv Technologies)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [95744 2011-01-10] (Windows (R) Win 7 DDK provider) [File not signed]
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
R0 FLGuard; C:\Windows\System32\drivers\FlGuard.sys [35328 2013-11-19] (SafePcTools Software) [File not signed]
R2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R2 HCWBT8xx; C:\Windows\System32\Drivers\HCWBT8XX.sys [280644 2002-03-01] (Hauppauge Computer Works)
R0 hpt3xx; C:\Windows\System32\Drivers\hpt3xx.sys [43539 2003-05-09] (HighPoint Technologies, Inc.)
R0 hptpro; C:\Windows\System32\Drivers\hptpro.sys [9809 2003-01-27] (HighPoint Technologies, Inc.)
R2 inpout32; C:\Windows\System32\Drivers\inpout32.sys [11936 2014-03-22] (Highresolution Enterprises [www.highrez.co.uk])
S4 IObitUnlocker; C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys [30216 2014-03-04] (IObit)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 MDA_NTDRV; C:\Windows\system32\MDA_NTDRV.sys [18136 2013-02-25] ()
R0 mrfoldr; C:\Windows\System32\drivers\mrfoldr.sys [77104 2012-12-08] (Techsoft)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [108544 2011-08-15] (Matrox Graphics Inc.) [File not signed]
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0055.sys [26208 2013-08-02] (SoftEther Project at University of Tsukuba, Japan.)
R2 PDFsFilter; C:\Windows\System32\DRIVERS\PDFsFilter.sys [68464 2013-12-03] (Raxco Software, Inc.)
S3 Point32; C:\Windows\System32\Drivers\point32k.sys [24064 2006-11-08] (Microsoft Corporation) [File not signed]
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [65144 2013-08-01] (Paramount Software UK Ltd)
R0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16504 2013-06-28] (Macrium Software)
S3 PSVolAcc; C:\Windows\system32\Drivers\PSVolAcc.sys [13432 2013-06-28] (Paramount Software UK Ltd)
R1 pwipf6; C:\Windows\System32\DRIVERS\pwipf6.sys [130568 2013-09-29] (Privacyware/PWI, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159840 2013-10-16] (Sandboxie Holdings, LLC)
S3 SEE; C:\Windows\System32\drivers\see.sys [42976 2013-08-03] (SoftEther Project at University of Tsukuba, Japan.)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39048 2013-10-31] (RapidSolution Software AG)
S3 TrojanKillerDriver; C:\Windows\System32\DRIVERS\gtkdrv.sys [16128 2014-06-02] (Windows (R) Win 7 DDK provider)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys [12320 2014-03-26] (TuneUp Software)
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [25448 2009-07-13] ()
S3 VASDeviceDrm; C:\Windows\System32\drivers\vasdDev.sys [1451312 2012-03-19] (ShiningMorning Inc.)
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
U3 IDMTDI; 
S3 PCFApiUtil; No ImagePath
S3 Spring; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
S4 utm0mzgw; \??\C:\Windows\system32\Drivers\utm0mzgw.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\Users\George\AppData\Roaming\ioloGovernor
2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-01-11 22:47 - 2014-04-07 21:28 - 00000000 ____D () C:\ProgramData\iolo
2014-06-22 16:49 - 2014-06-22 16:49 - 00001658 _____ () C:\Users\George\Desktop\AdwCleaner[S5].txt
2014-06-22 13:38 - 2014-06-22 13:38 - 00001061 _____ () C:\Users\George\Desktop\JRT.txt
2014-06-21 22:19 - 2014-06-21 22:19 - 00000000 ____D () C:\Users\George\AppData\Local\Avg2014
2014-06-21 21:00 - 2014-06-21 21:03 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-06-21 21:00 - 2014-06-21 21:00 - 00001065 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-06-21 21:00 - 2014-06-21 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-06-21 21:00 - 2014-06-21 21:00 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-06-21 20:59 - 2014-06-21 20:59 - 00000000 ____D () C:\Users\George\Documents\Simply Super Software
2014-06-21 09:07 - 2014-06-21 09:07 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-21 08:50 - 2014-06-22 16:45 - 00003810 _____ () C:\Windows\PFRO.log
2014-06-20 21:49 - 2014-06-21 09:57 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-20 20:09 - 2014-06-20 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-20 20:09 - 2014-06-20 20:09 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-20 19:00 - 2014-06-20 19:00 - 00000000 ____D () C:\Users\George\AppData\Roaming\ProductData
2014-06-19 22:41 - 2014-06-19 22:41 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-19 22:36 - 2014-06-19 22:36 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-19 19:40 - 2014-06-19 19:40 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 16:15 - 2014-06-22 18:41 - 00000000 ____D () C:\FRST
2014-06-19 15:48 - 2014-06-19 15:48 - 00059848 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:46 - 2014-06-22 16:45 - 00000560 _____ () C:\Windows\setupact.log
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 15:45 - 2014-06-19 15:46 - 00274664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-17 21:15 - 2014-06-17 21:15 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  AppData Roa
2014-06-17 21:14 - 2014-06-19 19:24 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  PR
2014-06-14 20:47 - 2014-06-22 17:05 - 00005619 _____ () C:\Windows\WindowsUpdate.log
2014-06-14 13:43 - 2011-08-15 22:34 - 00108544 _____ (Matrox Graphics Inc.) C:\Windows\system32\Drivers\MxEFUF32.sys
2014-06-14 13:29 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
2014-06-14 11:09 - 2014-06-14 11:09 - 00000000 ____D () C:\Users\George\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-06-14 11:08 - 2014-06-18 17:58 - 00000000 ____D () C:\Program Files\Garden Planner 3
2014-06-12 19:31 - 2014-06-19 19:24 - 00000000 ____D () C:\Program Files\VueScan
2014-06-12 19:31 - 2014-06-12 19:31 - 00000947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
2014-06-12 19:31 - 2014-06-12 19:31 - 00000941 _____ () C:\Users\Public\Desktop\VueScan x32.lnk
2014-06-12 19:15 - 2014-06-19 19:24 - 00000000 ____D () C:\Program Files\Common Files\Canon
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files\PC Drivers HeadQuarters
2014-06-12 18:58 - 2014-06-12 19:38 - 00000000 ____D () C:\Program Files\DriverTuner
2014-06-11 21:33 - 2014-06-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2014-06-11 21:33 - 2014-06-18 18:08 - 00000000 ____D () C:\Program Files\Canon
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Scribble Code
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\dumps
2014-06-09 12:17 - 2014-06-09 12:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crosstrainer
2014-06-07 20:23 - 2014-06-07 20:23 - 188416000 _____ () C:\Users\George\Desktop\ampe.iso
2014-06-07 20:08 - 2014-06-07 20:08 - 00001024 ____H () C:\SYSTAG.BIN
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-06-07 20:06 - 2014-06-07 20:08 - 00000082 _____ () C:\Windows\system32\winsevr.dat
2014-06-07 20:05 - 2014-06-07 20:23 - 00000000 ____D () C:\Program Files\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:05 - 2014-06-07 20:05 - 00001164 _____ () C:\Users\Public\Desktop\AOMEI Backupper Professional Edition 2.0.lnk
2014-06-07 20:05 - 2014-06-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:05 - 2013-05-07 14:27 - 00129720 _____ () C:\Windows\system32\ammntdrv.sys
2014-06-07 20:05 - 2013-05-07 14:27 - 00026424 _____ () C:\Windows\system32\ambakdrv.sys
2014-06-07 20:05 - 2013-02-06 15:52 - 00014392 _____ () C:\Windows\system32\amwrtdrv.sys
2014-06-07 14:32 - 2014-06-07 15:02 - 00000000 ____D () C:\Users\George\AppData\Roaming\Tweak-7
2014-06-07 14:32 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Local\Totalidea_Software
2014-06-07 14:30 - 2014-06-07 14:30 - 00001889 _____ () C:\Users\George\Desktop\Tweak-7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001770 _____ () C:\Users\George\Desktop\Shutdown Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Suspend Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Restart Windows 7.lnk
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Windows\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Program Files\Tweak-7
2014-06-07 14:14 - 2014-06-07 14:27 - 00000052 _____ () C:\Windows\system32\actt7.ini
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\OpenSSL-Win32
2014-06-07 14:10 - 2014-06-05 08:07 - 01177088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-06-07 14:10 - 2014-06-05 08:07 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-06-07 14:10 - 2014-06-05 08:07 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll
2014-06-06 23:39 - 2014-06-06 23:39 - 00000000 ____D () C:\Program Files\synedra
2014-06-06 23:38 - 2014-06-06 23:38 - 00000000 ____D () C:\Users\George\.imagej
2014-06-06 23:23 - 2014-06-18 18:15 - 00000000 ____D () C:\Program Files\ImageJ
2014-06-06 22:28 - 2014-06-06 22:28 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-06-06 22:22 - 2014-06-08 14:02 - 00001829 _____ () C:\Users\Public\Desktop\R-Wipe&Clean.lnk
2014-06-06 13:48 - 2014-06-06 13:48 - 00000000 ____D () C:\Users\George\AppData\Roaming\anyburn
2014-06-06 12:40 - 2014-06-06 12:48 - 00000041 ___SH () C:\ProgramData\.zreglib
2014-06-06 12:38 - 2014-06-06 12:38 - 00000000 ____D () C:\ProgramData\SlySoft
2014-06-06 12:37 - 2014-06-06 12:37 - 00000000 ____D () C:\Program Files\SlySoft
2014-06-06 12:00 - 2014-06-06 12:25 - 00000000 ____D () C:\Users\George\Desktop\Drewes
2014-06-05 13:55 - 2014-06-05 13:55 - 00000000 ____D () C:\ProgramData\Opus Professional
2014-06-05 13:54 - 2014-06-05 13:54 - 00001756 _____ () C:\Users\George\Desktop\Opus Pro 9.lnk
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Digital Workshop
2014-06-05 13:53 - 2014-02-02 15:51 - 00196608 _____ (Digital Workshop) C:\Windows\DWUninst.exe
2014-06-05 13:53 - 2010-06-23 09:53 - 01537536 _____ () C:\Windows\system32\erdmpg-hi.dll
2014-06-05 13:53 - 2010-06-23 09:53 - 00405504 _____ (Essien Research & Development) C:\Windows\system32\mpgfiltr.ax
2014-06-05 13:45 - 2014-06-05 13:54 - 00000000 ____D () C:\Program Files\Opus Pro 9
2014-06-05 07:16 - 2014-06-05 03:06 - 00113168 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-06-04 13:46 - 2014-06-18 18:23 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-04 13:45 - 2014-06-04 14:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-04 13:36 - 2014-06-04 13:36 - 00001779 _____ () C:\Users\Public\Desktop\Postbox.lnk
2014-06-04 12:53 - 2014-06-04 14:37 - 00000000 ____D () C:\Users\George\AppData\Roaming\SideSlide
2014-06-03 12:00 - 2014-06-03 12:00 - 00001259 _____ () C:\Users\Public\Desktop\FlipBook Maker Enterprise.lnk
2014-06-02 16:20 - 2014-06-02 16:20 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-06-02 09:57 - 2014-06-02 09:57 - 00859456 _____ (repkasoft) C:\Windows\yowindow.scr
2014-06-01 14:27 - 2014-06-01 14:27 - 00000913 _____ () C:\Users\Public\Desktop\Registry First Aid.lnk
2014-06-01 14:27 - 2014-06-01 14:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 9
2014-05-31 15:08 - 2014-05-31 15:08 - 00003560 ____N () C:\bootsqm.dat
2014-05-31 13:08 - 2014-05-31 13:08 - 00018372 _____ () C:\Users\George\Documents\cc_20140531_130821.reg
2014-05-30 20:37 - 2014-05-30 20:37 - 00000000 ____D () C:\Program Files\FlashDemo.NET
2014-05-30 20:34 - 2014-05-30 20:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\FourthRaySoftware
2014-05-30 20:28 - 2014-05-30 20:28 - 00000000 ____D () C:\FRS
2014-05-30 11:28 - 2014-05-30 11:28 - 00000942 _____ () C:\Users\George\Desktop\VKMusic 4.lnk
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\Program Files\VKMusic 4
2014-05-29 12:27 - 2014-04-16 15:15 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-05-29 12:26 - 2014-04-16 15:15 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-05-29 12:26 - 2014-04-16 15:15 - 00176040 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-05-29 12:25 - 2014-04-16 15:16 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll

==================== One Month Modified Files and Folders =======

2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\Users\George\AppData\Roaming\ioloGovernor
2015-01-11 22:51 - 2015-01-11 22:51 - 00000000 ____D () C:\ProgramData\ioloGovernor
2014-06-22 18:41 - 2014-06-19 16:15 - 00000000 ____D () C:\FRST
2014-06-22 18:40 - 2014-04-02 17:22 - 00000000 ____D () C:\Users\George\00  R E S U L T
2014-06-22 18:38 - 2012-11-10 16:33 - 00457684 _____ () C:\Users\George\Documents\AceText ClipHistory.atc
2014-06-22 18:33 - 2012-12-13 16:47 - 00013222 _____ () C:\Windows\mrfldr.dat
2014-06-22 17:05 - 2014-06-14 20:47 - 00005619 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 17:02 - 2014-01-30 12:19 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-06-22 17:00 - 2012-12-13 16:47 - 00013222 _____ () C:\Windows\mrfldr.da0
2014-06-22 16:49 - 2014-06-22 16:49 - 00001658 _____ () C:\Users\George\Desktop\AdwCleaner[S5].txt
2014-06-22 16:47 - 2014-03-04 19:27 - 00000000 ____D () C:\Users\George\.rainlendar2
2014-06-22 16:46 - 2012-10-30 14:02 - 00003725 _____ () C:\Windows\system32\nvapps.xml
2014-06-22 16:45 - 2014-06-21 08:50 - 00003810 _____ () C:\Windows\PFRO.log
2014-06-22 16:45 - 2014-06-19 15:46 - 00000560 _____ () C:\Windows\setupact.log
2014-06-22 16:45 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-22 16:43 - 2013-10-20 14:02 - 00000000 ____D () C:\AdwCleaner
2014-06-22 13:38 - 2014-06-22 13:38 - 00001061 _____ () C:\Users\George\Desktop\JRT.txt
2014-06-22 01:07 - 2009-07-14 06:34 - 00023920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 01:07 - 2009-07-14 06:34 - 00023920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 01:03 - 2013-07-22 15:13 - 00000000 ____D () C:\Users\George\AppData\Roaming\ClassicShell
2014-06-21 22:30 - 2013-06-26 13:24 - 00000000 ____D () C:\PPFScan
2014-06-21 22:20 - 2013-03-16 16:31 - 00000000 ____D () C:\Users\George\AppData\Local\CrashDumps
2014-06-21 22:19 - 2014-06-21 22:19 - 00000000 ____D () C:\Users\George\AppData\Local\Avg2014
2014-06-21 22:15 - 2013-06-24 10:49 - 00000000 ____D () C:\Users\George\AppData\Roaming\Everything
2014-06-21 22:05 - 2013-04-30 12:55 - 00000000 ____D () C:\Windows\ERUNT
2014-06-21 21:59 - 2013-07-31 12:40 - 00015385 _____ () C:\Windows\FileGuard.bin
2014-06-21 21:58 - 2014-05-12 18:44 - 00000000 ____D () C:\Users\George\AppData\Roaming\LuraTech
2014-06-21 21:03 - 2014-06-21 21:00 - 00000000 ____D () C:\Program Files\GridinSoft Trojan Killer
2014-06-21 21:00 - 2014-06-21 21:00 - 00001065 _____ () C:\Users\Public\Desktop\Trojan Killer.lnk
2014-06-21 21:00 - 2014-06-21 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
2014-06-21 21:00 - 2014-06-21 21:00 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-06-21 20:59 - 2014-06-21 20:59 - 00000000 ____D () C:\Users\George\Documents\Simply Super Software
2014-06-21 20:59 - 2014-03-14 18:01 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-21 11:00 - 2012-10-27 23:09 - 00000000 ____D () C:\Users\George
2014-06-21 10:53 - 2012-10-28 10:40 - 00000000 ____D () C:\Users\George\AppData\Roaming\DMCache
2014-06-21 10:11 - 2012-12-07 11:47 - 00007613 _____ () C:\Users\George\AppData\Local\Resmon.ResmonCfg
2014-06-21 10:06 - 2012-11-10 17:30 - 00000000 ___SD () C:\Program Files\Ad Muncher
2014-06-21 09:57 - 2014-06-20 21:49 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-06-21 09:32 - 2012-12-31 13:34 - 00000000 ____D () C:\ProgramData\IObit
2014-06-21 09:31 - 2012-12-31 13:33 - 00000000 ____D () C:\Program Files\IObit
2014-06-21 09:07 - 2014-06-21 09:07 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-06-20 21:37 - 2012-10-28 10:40 - 00000000 ____D () C:\Users\George\AppData\Roaming\IDM
2014-06-20 20:09 - 2014-06-20 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-20 20:09 - 2014-06-20 20:09 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-20 19:00 - 2014-06-20 19:00 - 00000000 ____D () C:\Users\George\AppData\Roaming\ProductData
2014-06-19 22:41 - 2014-06-19 22:41 - 00000000 ____D () C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2014-06-19 22:40 - 2013-03-21 12:26 - 00000000 ____D () C:\Users\George\AppData\Roaming\IObit
2014-06-19 22:36 - 2014-06-19 22:36 - 00000000 ____D () C:\ProgramData\ProductData
2014-06-19 20:44 - 2013-07-31 11:29 - 00000000 ___RD () C:\Program Files\TreePadBIZ_8
2014-06-19 19:40 - 2014-06-19 19:40 - 00001028 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-19 19:40 - 2014-01-30 12:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-19 19:40 - 2014-01-30 12:15 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-06-19 19:24 - 2014-06-17 21:14 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  PR
2014-06-19 19:24 - 2014-06-14 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Bat! E-Mail
2014-06-19 19:24 - 2014-06-12 19:31 - 00000000 ____D () C:\Program Files\VueScan
2014-06-19 19:24 - 2014-06-12 19:15 - 00000000 ____D () C:\Program Files\Common Files\Canon
2014-06-19 19:24 - 2014-06-11 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2014-06-19 19:24 - 2014-05-10 13:13 - 00000000 ____D () C:\Program Files\PrivaZer
2014-06-19 19:24 - 2014-04-03 10:46 - 00000000 ____D () C:\Users\George\AppData\Roaming\POP Peeper
2014-06-19 19:24 - 2014-03-30 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R-Wipe&Clean
2014-06-19 19:24 - 2014-03-30 13:07 - 00000000 ____D () C:\Program Files\R-Wipe&Clean
2014-06-19 19:24 - 2013-12-15 22:12 - 00000000 ____D () C:\Users\George\AppData\Roaming\Anuko
2014-06-19 19:24 - 2013-11-30 20:32 - 00000000 ____D () C:\Program Files\QTTabBar
2014-06-19 19:24 - 2013-11-04 19:45 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-06-19 19:24 - 2013-10-01 15:25 - 00000000 ____D () C:\Program Files\The Bat!
2014-06-19 19:24 - 2013-09-24 17:57 - 00000000 ____D () C:\Users\George\AppData\Roaming\AntispamSniper
2014-06-19 19:24 - 2013-04-29 14:36 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 19:24 - 2013-04-29 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-06-19 19:24 - 2013-03-24 16:35 - 00000000 ____D () C:\Users\George\AppData\Roaming\jane
2014-06-19 19:24 - 2013-01-02 18:06 - 00000000 ____D () C:\Users\George\AppData\Roaming\XnViewMP
2014-06-19 19:24 - 2012-11-22 15:20 - 00000000 ____D () C:\Users\George\AppData\Roaming\The Bat!
2014-06-19 19:24 - 2012-11-10 18:01 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2014-06-19 19:24 - 2012-11-10 18:01 - 00000000 ____D () C:\Users\George\AppData\Local\privazer
2014-06-19 19:24 - 2012-10-30 15:23 - 00000000 ____D () C:\Users\George\AppData\Roaming\XnView
2014-06-19 19:24 - 2012-10-28 14:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\picpick
2014-06-19 19:24 - 2012-10-28 10:25 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-19 19:24 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Branding
2014-06-19 19:23 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-06-19 15:48 - 2014-06-19 15:48 - 00059848 _____ () C:\Users\George\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-19 15:46 - 2014-06-19 15:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 15:46 - 2014-06-19 15:45 - 00274664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-19 15:45 - 2013-11-18 18:37 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-18 18:23 - 2014-06-04 13:46 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-18 18:15 - 2014-06-06 23:23 - 00000000 ____D () C:\Program Files\ImageJ
2014-06-18 18:08 - 2014-06-11 21:33 - 00000000 ____D () C:\Program Files\Canon
2014-06-18 17:58 - 2014-06-14 11:08 - 00000000 ____D () C:\Program Files\Garden Planner 3
2014-06-18 16:57 - 2009-07-14 06:53 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-17 21:15 - 2014-06-17 21:15 - 00000000 ____D () C:\Users\George\Desktop\QTTabBar  AppData Roa
2014-06-17 19:21 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-14 20:46 - 2012-12-07 18:38 - 00000000 ____D () C:\Users\George\AppData\Roaming\uTorrent
2014-06-14 20:45 - 2012-10-28 14:04 - 00000000 ____D () C:\Windows\Minidump
2014-06-14 11:09 - 2014-06-14 11:09 - 00000000 ____D () C:\Users\George\AppData\Roaming\com.smallblueprinter.gardenPlanner3
2014-06-14 09:33 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\twain_32
2014-06-14 08:35 - 2013-10-08 13:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 19:38 - 2014-06-12 18:58 - 00000000 ____D () C:\Program Files\DriverTuner
2014-06-12 19:31 - 2014-06-12 19:31 - 00000947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x32.lnk
2014-06-12 19:31 - 2014-06-12 19:31 - 00000941 _____ () C:\Users\Public\Desktop\VueScan x32.lnk
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files\PC Drivers HeadQuarters
2014-06-12 16:08 - 2012-10-28 14:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-06-12 16:08 - 2012-10-28 14:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-11 15:55 - 2014-04-12 23:54 - 00000000 ____D () C:\ProgramData\Zoom Player
2014-06-11 15:40 - 2012-11-22 17:11 - 00000000 ____D () C:\Program Files\Align It
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\Users\George\AppData\Local\Scribble Code
2014-06-11 15:32 - 2014-06-11 15:32 - 00000000 ____D () C:\dumps
2014-06-09 14:30 - 2013-11-01 15:42 - 00000000 ____D () C:\Users\George\Desktop\Azureus
2014-06-09 12:42 - 2014-03-30 13:07 - 00000000 ____D () C:\Users\George\AppData\Roaming\R-Wipe&Clean
2014-06-09 12:29 - 2014-06-09 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crosstrainer
2014-06-09 09:33 - 2012-11-11 20:12 - 00634958 _____ () C:\Users\George\Documents\AceText Recycle Bin.atc
2014-06-08 14:02 - 2014-06-06 22:22 - 00001829 _____ () C:\Users\Public\Desktop\R-Wipe&Clean.lnk
2014-06-08 13:25 - 2013-08-18 09:26 - 00001811 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
2014-06-08 09:35 - 2014-03-26 14:45 - 00000378 _____ () C:\Windows\Tasks\update-S-1-5-21-3944665068-2704869593-2486753056-1000.job
2014-06-07 20:23 - 2014-06-07 20:23 - 188416000 _____ () C:\Users\George\Desktop\ampe.iso
2014-06-07 20:23 - 2014-06-07 20:05 - 00000000 ____D () C:\Program Files\AOMEI Backupper Professional Edition 2.0
2014-06-07 20:08 - 2014-06-07 20:08 - 00001024 ____H () C:\SYSTAG.BIN
2014-06-07 20:08 - 2014-06-07 20:08 - 00000000 ____D () C:\ProgramData\AomeiBR
2014-06-07 20:08 - 2014-06-07 20:06 - 00000082 _____ () C:\Windows\system32\winsevr.dat
2014-06-07 20:05 - 2014-06-07 20:05 - 00001164 _____ () C:\Users\Public\Desktop\AOMEI Backupper Professional Edition 2.0.lnk
2014-06-07 20:05 - 2014-06-07 20:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper Professional Edition 2.0
2014-06-07 15:20 - 2013-10-25 19:41 - 00000957 _____ () C:\Users\George\Desktop\Suche Everything.lnk
2014-06-07 15:20 - 2012-10-28 13:13 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2014-06-07 15:19 - 2012-10-28 11:02 - 00000000 ____D () C:\Program Files\Everything
2014-06-07 15:02 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Roaming\Tweak-7
2014-06-07 14:32 - 2014-06-07 14:32 - 00000000 ____D () C:\Users\George\AppData\Local\Totalidea_Software
2014-06-07 14:30 - 2014-06-07 14:30 - 00001889 _____ () C:\Users\George\Desktop\Tweak-7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001770 _____ () C:\Users\George\Desktop\Shutdown Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Suspend Windows 7.lnk
2014-06-07 14:30 - 2014-06-07 14:30 - 00001766 _____ () C:\Users\George\Desktop\Restart Windows 7.lnk
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Windows\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweak-7
2014-06-07 14:29 - 2014-06-07 14:29 - 00000000 ____D () C:\Program Files\Tweak-7
2014-06-07 14:27 - 2014-06-07 14:14 - 00000052 _____ () C:\Windows\system32\actt7.ini
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2014-06-07 14:10 - 2014-06-07 14:10 - 00000000 ____D () C:\OpenSSL-Win32
2014-06-07 13:10 - 2012-10-28 10:40 - 00000000 ____D () C:\Program Files\Internet Download Manager
2014-06-06 23:39 - 2014-06-06 23:39 - 00000000 ____D () C:\Program Files\synedra
2014-06-06 23:38 - 2014-06-06 23:38 - 00000000 ____D () C:\Users\George\.imagej
2014-06-06 22:31 - 2012-11-24 21:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioShell
2014-06-06 22:31 - 2012-11-24 21:44 - 00000000 ____D () C:\Program Files\AudioShell
2014-06-06 22:28 - 2014-06-06 22:28 - 00000000 ____D () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lightshot
2014-06-06 22:28 - 2014-03-26 14:45 - 00000438 _____ () C:\Users\George\AppData\Local\UserProducts.xml
2014-06-06 13:48 - 2014-06-06 13:48 - 00000000 ____D () C:\Users\George\AppData\Roaming\anyburn
2014-06-06 12:48 - 2014-06-06 12:40 - 00000041 ___SH () C:\ProgramData\.zreglib
2014-06-06 12:38 - 2014-06-06 12:38 - 00000000 ____D () C:\ProgramData\SlySoft
2014-06-06 12:37 - 2014-06-06 12:37 - 00000000 ____D () C:\Program Files\SlySoft
2014-06-06 12:25 - 2014-06-06 12:00 - 00000000 ____D () C:\Users\George\Desktop\Drewes
2014-06-05 13:55 - 2014-06-05 13:55 - 00000000 ____D () C:\ProgramData\Opus Professional
2014-06-05 13:54 - 2014-06-05 13:54 - 00001756 _____ () C:\Users\George\Desktop\Opus Pro 9.lnk
2014-06-05 13:54 - 2014-06-05 13:45 - 00000000 ____D () C:\Program Files\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opus Pro 9
2014-06-05 13:53 - 2014-06-05 13:53 - 00000000 ____D () C:\ProgramData\Digital Workshop
2014-06-05 08:07 - 2014-06-07 14:10 - 01177088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2014-06-05 08:07 - 2014-06-07 14:10 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2014-06-05 08:07 - 2014-06-07 14:10 - 00271360 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libssl32.dll
2014-06-05 03:06 - 2014-06-05 07:16 - 00113168 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys
2014-06-04 14:37 - 2014-06-04 12:53 - 00000000 ____D () C:\Users\George\AppData\Roaming\SideSlide
2014-06-04 14:01 - 2014-06-04 13:45 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-04 13:54 - 2012-12-05 13:22 - 00000000 ____D () C:\Users\George\Documents\P E R S Ö H N L I C H
2014-06-04 13:42 - 2012-12-23 13:04 - 00000000 ____D () C:\Users\George\AppData\Local\Postbox
2014-06-04 13:39 - 2012-12-23 13:03 - 00000000 ____D () C:\Program Files\Postbox
2014-06-04 13:36 - 2014-06-04 13:36 - 00001779 _____ () C:\Users\Public\Desktop\Postbox.lnk
2014-06-04 13:36 - 2012-12-23 13:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postbox
2014-06-03 21:43 - 2013-02-06 14:09 - 00000000 ____D () C:\Program Files\Opera
2014-06-03 17:29 - 2013-10-25 19:41 - 00000000 ____D () C:\Users\George\Desktop\bookmarks
2014-06-03 16:37 - 2014-05-03 15:29 - 00000000 ____D () C:\Users\George\AppData\Local\MEGAsync
2014-06-03 12:00 - 2014-06-03 12:00 - 00001259 _____ () C:\Users\Public\Desktop\FlipBook Maker Enterprise.lnk
2014-06-03 12:00 - 2014-04-01 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kvisoft
2014-06-03 11:58 - 2014-04-01 18:51 - 00000000 ____D () C:\Program Files\kvisoft
2014-06-02 17:56 - 2014-05-15 22:51 - 00001064 _____ () C:\Users\George\Desktop\MEGAsync.lnk
2014-06-02 16:20 - 2014-06-02 16:20 - 00016128 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\gtkdrv.sys
2014-06-02 15:08 - 2013-08-02 11:19 - 00000000 ____D () C:\Program Files\SoftEther VPN Client
2014-06-02 09:57 - 2014-06-02 09:57 - 00859456 _____ (repkasoft) C:\Windows\yowindow.scr
2014-06-01 19:11 - 2013-04-01 14:51 - 00000000 ____D () C:\ProgramData\RFA_Backups
2014-06-01 17:14 - 2013-06-07 19:25 - 00000000 ____D () C:\ProgramData\FILEminimizer
2014-06-01 14:28 - 2013-04-01 14:48 - 00000000 ____D () C:\Program Files\RFA 9
2014-06-01 14:27 - 2014-06-01 14:27 - 00000913 _____ () C:\Users\Public\Desktop\Registry First Aid.lnk
2014-06-01 14:27 - 2014-06-01 14:27 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 9
2014-05-31 15:08 - 2014-05-31 15:08 - 00003560 ____N () C:\bootsqm.dat
2014-05-31 13:26 - 2014-04-04 13:35 - 00000000 ____D () C:\Users\George\AppData\Roaming\iolo
2014-05-31 13:26 - 2013-11-03 16:10 - 00000000 ____D () C:\Windows\system32\config\SM Registry Backup
2014-05-31 13:08 - 2014-05-31 13:08 - 00018372 _____ () C:\Users\George\Documents\cc_20140531_130821.reg
2014-05-30 20:37 - 2014-05-30 20:37 - 00000000 ____D () C:\Program Files\FlashDemo.NET
2014-05-30 20:34 - 2014-05-30 20:34 - 00000000 ____D () C:\Users\George\AppData\Roaming\FourthRaySoftware
2014-05-30 20:28 - 2014-05-30 20:28 - 00000000 ____D () C:\FRS
2014-05-30 11:40 - 2013-07-30 22:11 - 00000000 ____D () C:\Users\George\AppData\Local\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000942 _____ () C:\Users\George\Desktop\VKMusic 4.lnk
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VKMusic 4
2014-05-30 11:28 - 2014-05-30 11:28 - 00000000 ____D () C:\Program Files\VKMusic 4
2014-05-29 20:07 - 2012-12-01 00:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icaros
2014-05-29 20:07 - 2012-12-01 00:34 - 00000000 ____D () C:\Program Files\Icaros
2014-05-29 12:28 - 2013-11-23 14:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-29 12:26 - 2012-12-11 12:42 - 00000000 ____D () C:\Program Files\Java

Files to move or delete:
====================
C:\ProgramData\whlpusp32.dll
C:\ProgramData\wvG1VtaE.dat


Some content of TEMP:
====================
C:\Users\George\AppData\Local\Temp\HitmanPro.exe
C:\Users\George\AppData\Local\Temp\QTTabBar.exe
C:\Users\George\AppData\Local\Temp\Quarantine.exe
C:\Users\George\AppData\Local\Temp\TBIstRes.dll
C:\Users\George\AppData\Local\Temp\Uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!


LastRegBack: 2014-03-02 19:17

==================== End Of Log ============================

--- --- ---

--- --- ---

cosinus · 22.06.2014, 19:51

Zitat:

127.0.0.1 validation.sls.microsoft.com

Sry, aber du hast da ein gecracktes Windows offensichtlich installiert!

20.06.2014, 20:10	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Explorer belastet extrem CPU Wo haste denn jetzt das Enterprise Win7 her? Ist das ein gewerblich genutztes System? Eine Lizenz für Win7 Enterprise bekommt man nicht mal eben so im nächsten Laden um die Ecke! __________________ Logfiles bitte immer in CODE-Tags posten

21.06.2014, 20:14	#13
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows Explorer belastet extrem CPU JRT bitte wiederholen. Neu runterladen und per Rechtsklick als Administrator ausführen __________________ Logfiles bitte immer in CODE-Tags posten

Windows Explorer belastet extrem CPU

Log-Analyse und Auswertung: Windows Explorer belastet extrem CPU