Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: Webseiten werden auf Werbung umgeleitet. (https://www.trojaner-board.de/157062-windows-8-webseiten-werbung-umgeleitet.html)

Aaronator 31.07.2014 01:58
Windows 8: Webseiten werden auf Werbung umgeleitet.
 
Hallo,

ich habe mir vor einigen Tagen eine nicht vertrauenswürdige exe.-Datei runtergeladen, in der Annahme, dass es sich dabei um einen Photoshop-Crack handelt (Ich weiß, dass das nicht richtig ist aber ich denke, dass jedes Detail wichtig ist.). Nach der Ausführung der exe. wurden diverse, ominöse Programme installiert, von denen ich einige sofort wieder deinstallieren konnte. Eines Namens "Search Settings" ist aber nicht mehr runter zu bekommen. Zudem werde ich ständig auf Werbeseiten umgeleitet (Mit einem Popup unten in der rechten Ecke, welches "Ads By Clicup" anzeigt), die mein Kaspersky manchmal blockieren kann.

Vielen Dank, an alle, die mir helfen! :dankeschoen:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 02:17 on 31/07/2014 (Aaron)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014
Ran by Aaron (administrator) on AARONS-LAPTOP on 31-07-2014 02:18:59
Running from C:\Users\Aaron\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(TeamViewer GmbH) E:\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Smartbar) C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.exe
(Spotify Ltd) C:\Users\Aaron\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Aaron\AppData\Local\Smartbar\Application\Lrcnta.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Clichelper) C:\Users\Aaron\AppData\Local\Temp\clicup\clicup.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) E:\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-05-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890128 2013-04-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [40960 2013-03-14] ()
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-04-24] (cyberlink)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-03-20] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-13] ( (Atheros Communications))
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [Steam] => D:\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [Spotify Web Helper] => C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-19] (Spotify Ltd)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [Spotify] => C:\Users\Aaron\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-19] (Spotify Ltd)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [358000 2014-01-16] (CyberGhost S.R.L.)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [Browser Infrastructure Helper] => C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.exe [29728 2014-06-16] (Smartbar)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [clicup-Agent] => C:\Users\Aaron\AppData\Local\Temp\clicup\clicup.exe [445424 2014-07-10] (Clichelper) <===== ATTENTION
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{7F5DAC53-4097-4932-9CB0-8F9E8C1E95C9}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLA,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQz0,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLA,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLY,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLY,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7BD88A30-75A0-42C1-B211-7888CFEFABB8&SearchSource=58&CUI=&UM=6&UP=SP15BCF927-BBD1-4107-AB36-C0B6BC1EC0BF&q={searchTerms}&SSPV=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLA,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7BD88A30-75A0-42C1-B211-7888CFEFABB8&SearchSource=58&CUI=&UM=6&UP=SP15BCF927-BBD1-4107-AB36-C0B6BC1EC0BF&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - D:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\user.js
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-10]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-07-19]

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzs,
CHR StartupUrls: "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzs,"
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-15]
CHR Extension: (Safe Money) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-15]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-15]
CHR Extension: (Boost) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-07-28]
CHR Extension: (Virtual Keyboard) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-15]
CHR Extension: (Google Wallet) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Anti-Banner) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-15]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-07-19]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-07-19]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-26] (Adobe Systems) [File not signed]
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-13] (Windows (R) Win 7 DDK provider)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-04-24] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-20] (Qualcomm Atheros) [File not signed]
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4249088 2014-03-06] (A-Volute) [File not signed]
R2 TeamViewer8; E:\TeamViewer\TeamViewer_Service.exe [5093216 2014-02-07] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-13] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3942096 2013-09-04] (Qualcomm Atheros, Inc.)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-13] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-19] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-29] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-03-12] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-08-27] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [40696 2014-03-06] (Windows (R) Win 7 DDK provider)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [38112 2014-03-12] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 02:18 - 2014-07-31 02:19 - 00034377 _____ () C:\Users\Aaron\Desktop\FRST.txt
2014-07-31 02:18 - 2014-07-31 02:19 - 00000000 ____D () C:\FRST
2014-07-31 02:17 - 2014-07-31 02:17 - 00000472 _____ () C:\Users\Aaron\Desktop\defogger_disable.log
2014-07-31 02:17 - 2014-07-31 02:17 - 00000000 _____ () C:\Users\Aaron\defogger_reenable
2014-07-31 02:16 - 2014-07-31 02:16 - 02094080 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2014-07-31 02:16 - 2014-07-31 02:16 - 00380416 _____ () C:\Users\Aaron\Desktop\Gmer-19357.exe
2014-07-31 02:16 - 2014-07-31 02:16 - 00050477 _____ () C:\Users\Aaron\Desktop\Defogger.exe
2014-07-30 16:05 - 2014-07-30 17:20 - 00000000 ____D () C:\Users\Aaron\Desktop\Plattenriss
2014-07-30 13:43 - 2014-07-30 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 12:42 - 2014-07-30 12:42 - 00002111 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-07-30 12:41 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-07-30 12:40 - 2014-07-30 12:40 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-30 12:40 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-30 12:40 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00835032 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-07-30 12:37 - 2014-07-30 17:22 - 00001107 _____ () C:\WINDOWS\setupact.log
2014-07-30 12:37 - 2014-07-30 12:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-28 14:25 - 2014-07-28 14:25 - 12926996 _____ () C:\Users\Aaron\Desktop\Purple-weed-wallpaper_25.psd
2014-07-28 14:22 - 2014-07-28 14:22 - 04548696 _____ () C:\Users\Aaron\Desktop\blue-swirls-random-design.psd
2014-07-28 12:04 - 2014-07-28 12:04 - 10420378 _____ () C:\Users\Aaron\Desktop\weed_wallpaper_by_thedeviant426-d36wscb.psd
2014-07-28 01:39 - 2014-07-28 01:39 - 00001867 _____ () C:\Users\Aaron\Desktop\Configure VO Package.lnk
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\VOPackage
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-28 01:38 - 2014-07-28 01:38 - 00003512 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-aarondressl3r@hotmail.com
2014-07-28 01:38 - 2014-07-28 01:38 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\PDAppFlex
2014-07-28 01:38 - 2014-07-28 01:38 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-28 01:29 - 2014-07-28 01:32 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-28 01:29 - 2014-07-28 01:29 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-07-28 01:29 - 2014-07-28 01:29 - 00000000 ____D () C:\Program Files\Adobe
2014-07-28 00:52 - 2014-07-31 02:15 - 00311848 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-28 00:52 - 2014-07-28 00:52 - 00001291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-07-28 00:52 - 2014-07-28 00:52 - 00001279 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-07-28 00:51 - 2014-07-28 00:51 - 00001305 _____ () C:\Users\Aaron\Desktop\Continue Setup File.lnk
2014-07-28 00:49 - 2014-07-28 00:49 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\Aaron\Downloads\CreativeCloudSet-Up(1).exe
2014-07-28 00:47 - 2014-07-28 00:47 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\Aaron\Downloads\CreativeCloudSet-Up.exe
2014-07-28 00:43 - 2014-07-28 00:49 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Systweak
2014-07-28 00:43 - 2014-07-28 00:43 - 00002420 _____ () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-28 00:43 - 2014-07-28 00:43 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Smartbar
2014-07-28 00:43 - 2014-07-28 00:43 - 00000000 ____D () C:\Users\Aaron\AppData\Local\LPT
2014-07-28 00:43 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2014-07-28 00:42 - 2014-07-28 00:42 - 01938526 _____ () C:\Users\Aaron\Downloads\Photoshop CC Full version with Crack.rar
2014-07-27 20:46 - 2014-07-27 20:46 - 00063088 _____ () C:\Users\Aaron\Desktop\hanfblatt.bmp
2014-07-27 20:18 - 2014-07-28 14:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Photoshop
2014-07-27 13:43 - 2014-07-27 13:43 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Opera
2014-07-26 11:48 - 2014-07-26 11:48 - 00000000 ____D () C:\Users\Aaron\Documents\Updater
2014-07-26 11:47 - 2014-07-31 02:07 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe
2014-07-26 11:17 - 2014-07-26 11:17 - 00002063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00001567 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00001564 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-07-26 11:17 - 2014-07-26 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-26 11:14 - 2014-07-26 11:14 - 00000000 ____D () C:\PS_CS2_Gr_NonRet
2014-07-26 11:02 - 2014-07-26 11:13 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Aaron\Downloads\PS_CS2_Gr_NonRet.exe
2014-07-25 18:49 - 2014-07-25 18:49 - 00000933 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-07-25 18:48 - 2014-07-25 18:48 - 06272852 _____ () C:\Users\Aaron\Downloads\paint.net.4.0.3.install.zip
2014-07-25 18:44 - 2014-07-25 18:44 - 00000844 _____ () C:\Users\Aaron\AppData\Local\recently-used.xbel
2014-07-23 21:04 - 2014-07-23 21:07 - 74354694 _____ (BioWare) C:\Users\Aaron\Downloads\MassEffect_EFIGS_1.02.exe
2014-07-23 21:04 - 2014-07-23 21:06 - 36724208 _____ (BioWare) C:\Users\Aaron\Downloads\MassEffect_EFIGS_1.01a.exe
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcomp120.dll
2014-07-19 18:19 - 2014-07-19 18:19 - 00000609 _____ () C:\Users\Aaron\Desktop\Format Factory.lnk
2014-07-19 18:19 - 2014-07-19 18:19 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-19 18:19 - 2014-06-25 19:14 - 48888704 _____ (AVM Software Inc.) C:\Users\Aaron\Documents\pal_install_a4650_r131001_p127000.exe
2014-07-19 18:02 - 2014-07-19 18:12 - 53580025 _____ () C:\Users\Aaron\Downloads\FFSetup3.3.5.0.zip
2014-07-19 17:53 - 2014-07-19 17:53 - 00001414 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-07-19 17:53 - 2014-07-19 17:53 - 00001217 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\DVDVideoSoft
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-19 17:51 - 2014-07-19 17:52 - 27856912 _____ (DVDVideoSoft Ltd. ) C:\Users\Aaron\Downloads\FreeYouTubeDownload-3.2.42.716.exe
2014-07-10 17:03 - 2014-07-10 17:25 - 214117619 _____ () C:\Users\Aaron\Downloads\btas_krissy_lynn04_272p_650_mobile.mp4
2014-07-10 17:02 - 2014-07-10 17:25 - 253282764 _____ () C:\Users\Aaron\Downloads\mgb_phoenix_marie_bb042914_272p_650_mobile.mp4
2014-07-10 16:32 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 15:20 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 15:20 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 15:20 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 15:20 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 15:20 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 15:20 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 15:20 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 15:20 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 15:20 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 15:20 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 15:20 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 15:20 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 15:20 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 15:20 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 15:20 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 15:20 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 15:20 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 15:20 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 15:20 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 15:20 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 15:20 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 15:20 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 15:20 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 15:20 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 15:20 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 15:20 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 15:20 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 15:20 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 15:20 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 15:20 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 15:20 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 15:20 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 15:20 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 15:20 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 15:20 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 15:20 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 15:20 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 15:19 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 15:19 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 15:19 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 15:19 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 15:19 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 15:19 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 15:19 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 15:19 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 15:19 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 15:19 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 15:19 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 15:19 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 15:19 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 15:19 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 15:19 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 15:19 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 15:19 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 16:20 - 2014-07-09 16:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\wf-launcher
2014-07-09 16:20 - 2014-07-09 16:20 - 00000000 ____D () C:\ProgramData\GFACE

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 02:19 - 2014-07-31 02:18 - 00034377 _____ () C:\Users\Aaron\Desktop\FRST.txt
2014-07-31 02:19 - 2014-07-31 02:18 - 00000000 ____D () C:\FRST
2014-07-31 02:17 - 2014-07-31 02:17 - 00000472 _____ () C:\Users\Aaron\Desktop\defogger_disable.log
2014-07-31 02:17 - 2014-07-31 02:17 - 00000000 _____ () C:\Users\Aaron\defogger_reenable
2014-07-31 02:17 - 2013-10-23 16:11 - 00000000 ____D () C:\Users\Aaron
2014-07-31 02:16 - 2014-07-31 02:16 - 02094080 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2014-07-31 02:16 - 2014-07-31 02:16 - 00380416 _____ () C:\Users\Aaron\Desktop\Gmer-19357.exe
2014-07-31 02:16 - 2014-07-31 02:16 - 00050477 _____ () C:\Users\Aaron\Desktop\Defogger.exe
2014-07-31 02:16 - 2013-09-26 16:45 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Spotify
2014-07-31 02:15 - 2014-07-28 00:52 - 00311848 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 02:12 - 2013-09-26 17:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-31 02:10 - 2013-09-26 16:37 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2925936204-143552802-712729491-1002
2014-07-31 02:07 - 2014-07-26 11:47 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe
2014-07-31 02:06 - 2013-10-15 03:31 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 02:06 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-31 02:06 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-31 02:06 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-31 02:05 - 2013-10-15 03:31 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 02:05 - 2013-09-28 00:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-31 02:05 - 2013-09-26 17:04 - 00000000 __RDO () C:\Users\Aaron\SkyDrive
2014-07-31 02:05 - 2013-09-26 16:30 - 00000074 _____ () C:\Users\Aaron\AppData\Roaming\sp_data.sys
2014-07-31 02:04 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-30 17:22 - 2014-07-30 12:37 - 00001107 _____ () C:\WINDOWS\setupact.log
2014-07-30 17:20 - 2014-07-30 16:05 - 00000000 ____D () C:\Users\Aaron\Desktop\Plattenriss
2014-07-30 15:57 - 2013-11-28 21:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 13:44 - 2014-07-30 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 12:42 - 2014-07-30 12:42 - 00002111 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-07-30 12:41 - 2013-10-23 16:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-30 12:41 - 2013-08-26 22:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 12:40 - 2014-07-30 12:40 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-30 12:40 - 2013-10-23 16:10 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-30 12:37 - 2014-07-30 12:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-30 12:37 - 2013-11-12 23:30 - 00000000 ____D () C:\Users\Aaron\AppData\Local\NVIDIA Corporation
2014-07-30 12:21 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-30 12:11 - 2013-09-26 16:46 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Spotify
2014-07-28 14:25 - 2014-07-28 14:25 - 12926996 _____ () C:\Users\Aaron\Desktop\Purple-weed-wallpaper_25.psd
2014-07-28 14:22 - 2014-07-28 14:22 - 04548696 _____ () C:\Users\Aaron\Desktop\blue-swirls-random-design.psd
2014-07-28 14:18 - 2014-07-27 20:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Photoshop
2014-07-28 12:04 - 2014-07-28 12:04 - 10420378 _____ () C:\Users\Aaron\Desktop\weed_wallpaper_by_thedeviant426-d36wscb.psd
2014-07-28 12:00 - 2013-08-26 22:26 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2014-07-28 12:00 - 2013-08-26 22:26 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2014-07-28 01:39 - 2014-07-28 01:39 - 00001867 _____ () C:\Users\Aaron\Desktop\Configure VO Package.lnk
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\VOPackage
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-28 01:38 - 2014-07-28 01:38 - 00003512 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-aarondressl3r@hotmail.com
2014-07-28 01:38 - 2014-07-28 01:38 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\PDAppFlex
2014-07-28 01:38 - 2014-07-28 01:38 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-28 01:38 - 2013-09-26 16:31 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Adobe
2014-07-28 01:32 - 2014-07-28 01:29 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-28 01:30 - 2013-04-26 01:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-28 01:29 - 2014-07-28 01:29 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-07-28 01:29 - 2014-07-28 01:29 - 00000000 ____D () C:\Program Files\Adobe
2014-07-28 01:29 - 2013-09-30 05:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-28 00:52 - 2014-07-28 00:52 - 00001291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-07-28 00:52 - 2014-07-28 00:52 - 00001279 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-07-28 00:52 - 2013-04-26 01:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-28 00:51 - 2014-07-28 00:51 - 00001305 _____ () C:\Users\Aaron\Desktop\Continue Setup File.lnk
2014-07-28 00:49 - 2014-07-28 00:49 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\Aaron\Downloads\CreativeCloudSet-Up(1).exe
2014-07-28 00:49 - 2014-07-28 00:43 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Systweak
2014-07-28 00:47 - 2014-07-28 00:47 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\Aaron\Downloads\CreativeCloudSet-Up.exe
2014-07-28 00:43 - 2014-07-28 00:43 - 00002420 _____ () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-28 00:43 - 2014-07-28 00:43 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Smartbar
2014-07-28 00:43 - 2014-07-28 00:43 - 00000000 ____D () C:\Users\Aaron\AppData\Local\LPT
2014-07-28 00:42 - 2014-07-28 00:42 - 01938526 _____ () C:\Users\Aaron\Downloads\Photoshop CC Full version with Crack.rar
2014-07-27 20:46 - 2014-07-27 20:46 - 00063088 _____ () C:\Users\Aaron\Desktop\hanfblatt.bmp
2014-07-27 13:43 - 2014-07-27 13:43 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Opera
2014-07-27 13:43 - 2012-07-26 07:26 - 00000124 _____ () C:\WINDOWS\win.ini
2014-07-26 11:48 - 2014-07-26 11:48 - 00000000 ____D () C:\Users\Aaron\Documents\Updater
2014-07-26 11:17 - 2014-07-26 11:17 - 00002063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00001567 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00001564 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-07-26 11:17 - 2014-07-26 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-26 11:14 - 2014-07-26 11:14 - 00000000 ____D () C:\PS_CS2_Gr_NonRet
2014-07-26 11:13 - 2014-07-26 11:02 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Aaron\Downloads\PS_CS2_Gr_NonRet.exe
2014-07-25 21:27 - 2013-10-24 00:59 - 00000000 ____D () C:\Users\Aaron\Documents\ManiaPlanet
2014-07-25 20:59 - 2013-10-24 00:57 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-07-25 20:56 - 2013-09-28 13:11 - 00000000 ____D () C:\Users\Aaron\.gimp-2.8
2014-07-25 18:50 - 2013-09-28 12:57 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Paint.NET
2014-07-25 18:49 - 2014-07-25 18:49 - 00000933 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-07-25 18:48 - 2014-07-25 18:48 - 06272852 _____ () C:\Users\Aaron\Downloads\paint.net.4.0.3.install.zip
2014-07-25 18:44 - 2014-07-25 18:44 - 00000844 _____ () C:\Users\Aaron\AppData\Local\recently-used.xbel
2014-07-25 18:44 - 2013-09-28 13:14 - 00000000 ____D () C:\Users\Aaron\AppData\Local\gtk-2.0
2014-07-25 15:50 - 2014-06-03 17:43 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-07-25 15:50 - 2014-06-03 17:43 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-07-25 15:50 - 2013-10-30 21:52 - 01283136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-07-25 15:50 - 2013-10-30 21:52 - 01126480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-07-24 23:10 - 2013-09-26 23:11 - 00000000 ____D () C:\ProgramData\Origin
2014-07-23 21:07 - 2014-07-23 21:04 - 74354694 _____ (BioWare) C:\Users\Aaron\Downloads\MassEffect_EFIGS_1.02.exe
2014-07-23 21:06 - 2014-07-23 21:04 - 36724208 _____ (BioWare) C:\Users\Aaron\Downloads\MassEffect_EFIGS_1.01a.exe
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcomp120.dll
2014-07-22 07:19 - 2013-09-27 12:21 - 00000000 ____D () C:\Users\Aaron\Documents\My Games
2014-07-21 11:03 - 2013-09-28 13:07 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\vlc
2014-07-20 13:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\System
2014-07-20 13:16 - 2014-03-05 17:03 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-07-19 18:19 - 2014-07-19 18:19 - 00000609 _____ () C:\Users\Aaron\Desktop\Format Factory.lnk
2014-07-19 18:19 - 2014-07-19 18:19 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-19 18:12 - 2014-07-19 18:02 - 53580025 _____ () C:\Users\Aaron\Downloads\FFSetup3.3.5.0.zip
2014-07-19 17:53 - 2014-07-19 17:53 - 00001414 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-07-19 17:53 - 2014-07-19 17:53 - 00001217 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\DVDVideoSoft
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-19 17:52 - 2014-07-19 17:51 - 27856912 _____ (DVDVideoSoft Ltd. ) C:\Users\Aaron\Downloads\FreeYouTubeDownload-3.2.42.716.exe
2014-07-11 18:37 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-11 18:37 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-10 17:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-10 17:25 - 2014-07-10 17:03 - 214117619 _____ () C:\Users\Aaron\Downloads\btas_krissy_lynn04_272p_650_mobile.mp4
2014-07-10 17:25 - 2014-07-10 17:02 - 253282764 _____ () C:\Users\Aaron\Downloads\mgb_phoenix_marie_bb042914_272p_650_mobile.mp4
2014-07-10 16:50 - 2013-08-22 16:44 - 00643288 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-10 16:49 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 16:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 16:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 16:38 - 2013-09-27 03:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 16:38 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 16:37 - 2013-09-27 03:09 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 16:37 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 20:39 - 2014-05-17 20:50 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Arma 3
2014-07-09 16:20 - 2014-07-09 16:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\wf-launcher
2014-07-09 16:20 - 2014-07-09 16:20 - 00000000 ____D () C:\ProgramData\GFACE
2014-07-09 14:12 - 2013-09-26 17:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-07 13:52 - 2014-03-08 13:39 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Battle.net
2014-07-07 13:42 - 2014-03-08 13:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-02 22:48 - 2014-07-30 12:40 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-02 22:48 - 2014-07-30 12:40 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00835032 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00502232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00418760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00391640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00348120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-07-02 22:48 - 2014-03-10 23:34 - 16122344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 18626304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 14498552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 03196816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 02814656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 00026353 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-07-02 22:48 - 2013-08-26 22:14 - 00075040 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-07-02 22:48 - 2013-08-26 22:14 - 00061912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 06783776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 03522392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 02559960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 00935368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-07-02 20:55 - 2013-10-23 16:10 - 00386520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 00062808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-07-02 19:44 - 2014-07-30 12:41 - 00609240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-07-02 12:14 - 2014-06-03 19:35 - 03826628 _____ () C:\WINDOWS\system32\nvcoproc.bin

Files to move or delete:
====================
C:\Users\Aaron\AppData\Local\Temp\clicup\clicup.exe
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Aaron\AppData\Local\Temp\BackupSetup.exe
C:\Users\Aaron\AppData\Local\Temp\ins.exe
C:\Users\Aaron\AppData\Local\Temp\nsgED4A.exe
C:\Users\Aaron\AppData\Local\Temp\nsiC131.exe
C:\Users\Aaron\AppData\Local\Temp\nsnE549.exe
C:\Users\Aaron\AppData\Local\Temp\nsoE941.exe
C:\Users\Aaron\AppData\Local\Temp\nspC4AD.exe
C:\Users\Aaron\AppData\Local\Temp\nss6AC.exe
C:\Users\Aaron\AppData\Local\Temp\nswBD48.exe
C:\Users\Aaron\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Aaron\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Aaron\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Aaron\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Aaron\AppData\Local\Temp\nvStInst.exe
C:\Users\Aaron\AppData\Local\Temp\SearchProtectINT.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-19 17:10

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014
Ran by Aaron at 2014-07-31 02:19:24
Running from C:\Users\Aaron\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.8) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
Assassin’s Creed IV Black Flag (HKLM-x32\...\Steam App 242050) (Version:  - Ubisoft Montreal)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.020 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5230.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5230.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0030 - ASUS)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Audio Tuner (remove only) (HKLM-x32\...\Audio Tuner) (Version:  - )
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.1.0.1 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Broforce (HKLM-x32\...\Steam App 274190) (Version:  - Free Lives)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
clicup (HKCU\...\clicup) (Version: 1.0 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.2720.57 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
devolo dLAN Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.1.3.0 - devolo AG)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ETDWare PS/2-X64 11.5.9.1_WHQL (HKLM\...\Elantech) (Version: 11.5.9.1 - ELAN Microelectronic Corp.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Flixster (HKLM-x32\...\com.wb.DC2) (Version: 0.1.22 - Warner Bros. Entertainment Inc.)
Flixster (x32 Version: 0.1.22 - Warner Bros. Entertainment Inc.) Hidden
FormatFactory 3.3.5.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.5.0 - Format Factory)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free YouTube Download version 3.2.42.716 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.42.716 - DVDVideoSoft Ltd.)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.3 - Genesys Logic)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google SketchUp 8 (HKLM-x32\...\{4BA6784F-3B10-473A-B9F5-33A36AC354D5}) (Version: 3.0.14358 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - BonanzaDeals) Hidden <==== ATTENTION
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes from Liberty City (HKLM-x32\...\Steam App 12220) (Version:  - Rockstar North / Toronto)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life Dedicated Server Update Tool (HKLM-x32\...\Half-Life Dedicated Server Update Tool) (Version:  - )
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Loadout (HKLM-x32\...\Steam App 208090) (Version:  - Edge of Reality)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{16884C3D-3512-486D-A2F9-39071551BFEF}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (HKLM-x32\...\MX.{EA62B22F-AB0A-406B-80A9-8036D3CE3446}) (Version: 13.0.2.8 - MAGIX AG)
MAGIX Video deluxe 2014 (Version: 13.0.2.8 - MAGIX AG) Hidden
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.6 - Black Tree Gaming)
Nur Entfernen der CopyTrans Suite möglich (HKCU\...\CopyTrans Suite) (Version: 2.37 - WindSolutions)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
NVIDIA Update 15.3.33 (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 15.3.33 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
ophcrack 3.6.0 (HKLM-x32\...\ophcrack) (Version: 3.6.0 - OS Objectif Sécurité SA)
Origin (HKLM-x32\...\Origin) (Version: 9.3.6.4643 - Electronic Arts, Inc.)
paint.net (HKLM\...\{F509C1F4-0029-49F9-B145-A4C4E8DF481A}) (Version: 4.0.3 - dotPDN LLC)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.35.1273 - Qualcomm Atheros) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.229 - Qualcomm Atheros Communications)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.17 - Qualcomm Atheros Inc.)
Qualcomm Atheros Killer Wireless-N Drivers (Version: 1.0.35.1273 - Qualcomm Atheros) Hidden
Qualcomm Atheros Network Manager (Version: 1.0.35.1273 - Qualcomm Atheros) Hidden
Qualcomm Atheros Performance Suite (HKLM-x32\...\{6AEA132E-D205-49E3-887B-359FE9BB6B49}) (Version: 1.0.35.1273 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.03 - Razer Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.17.22 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6899 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Shopping Helper Smartbar (HKLM-x32\...\{16F8A832-DD84-4271-8B76-ACADE6DB3968}) (Version: 11.82.63.17791 - ReSoft Ltd.) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Test Drive Unlimited 2 (HKLM-x32\...\Steam App 9930) (Version:  - Eden Studios)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.4.15 - Electronic Arts)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Uplay (HKLM-x32\...\Uplay) (Version: 3.2 - Ubisoft)
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Watch_Dogs (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wolfenstein: The New Order German Edition (HKLM-x32\...\Steam App 288570) (Version:  - MachineGames)
XIII (HKLM-x32\...\{42BC0474-6E50-464A-8183-5E3D32E41B1B}) (Version: 1.00.000 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2925936204-143552802-712729491-1002_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2925936204-143552802-712729491-1002_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2925936204-143552802-712729491-1002_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2925936204-143552802-712729491-1002_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2925936204-143552802-712729491-1002_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2925936204-143552802-712729491-1002_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)

==================== Restore Points  =========================

19-07-2014 19:33:55 Geplanter Prüfpunkt
21-07-2014 21:15:30 Removed Path of Exile
25-07-2014 16:47:23 Paint.NET v3.5.11
27-07-2014 22:52:49 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
30-07-2014 10:37:41 DirectX wurde installiert

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04BF2546-3E18-40E1-8EFB-A0BC61665A32} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0558ACFE-299A-4BC6-A2F5-A1B6184EEBD5} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-18] (ASUSTek Computer Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {29974224-B871-48DB-AFA4-70E11E6A1AD8} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {34D51C12-DE2E-4F62-9D85-D500525C153F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3945A0C0-7E39-4B48-BFB3-F0E36640DE9F} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-04-29] (ASUS)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3BCF12F4-A8F0-4994-9F41-A2A51D60C743} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {4286C62C-9D55-4927-90D9-5D5491F3ADC2} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-aarondressl3r@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F92FAE5-3493-4FBC-B132-5C991450AECD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {5566D762-BD62-4450-8BC4-6871FDC000B9} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {5B1D5529-A38C-4AA8-9006-920F1840A52C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6116AE06-775E-4B7C-BDBE-EE5A981D2C94} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7FEF7D43-5E47-4921-BAC5-F8ED81B8DFE3} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8AB09F0D-F747-4F1F-9EA5-1CC3A41C89F4} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {BB69E65A-66E3-438B-980C-99FA5748E2A5} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {C6A5937B-95C4-4C91-B370-ECA9726D76E1} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-05-21] (ASUSTeK Computer Inc.)
Task: {CCB6195C-D570-423B-83AA-263FD67C70CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DBD85FF6-BB93-467B-ACE0-462D0EEE038D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F0B6040C-E1DC-4C5C-B42C-53BCFE0DF32B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {FC136BCF-E027-49D3-BA75-CF215891ED49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-15] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 08:10 - 2012-12-19 08:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2014-04-05 11:24 - 2014-06-13 15:48 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-10-23 16:10 - 2014-07-02 20:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-29 17:03 - 2013-04-29 17:03 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-07-16 11:06 - 2014-07-16 11:06 - 00672416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2013-06-13 13:44 - 2013-06-13 13:44 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-06-13 13:40 - 2013-06-13 13:40 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-06-13 13:47 - 2013-06-13 13:47 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-08-26 22:22 - 2013-03-14 11:46 - 00040960 _____ () C:\Windows\SysWOW64\UMonit64.exe
2014-06-16 14:18 - 2014-06-16 14:18 - 00025120 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Lrcnta.exe
2013-09-26 16:46 - 2014-07-19 19:45 - 00601144 _____ () C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-09-20 16:57 - 2013-09-20 16:57 - 00283648 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-26 22:16 - 2013-05-15 20:08 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00046624 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00071712 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\srau.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00167456 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 02337824 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00068640 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\spbl.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00157216 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00015904 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\siem.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00067616 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\sppsm.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00698400 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00016416 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00080416 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00028704 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-06-16 14:21 - 2014-06-16 14:21 - 00060960 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\srut.dll
2014-06-16 14:21 - 2014-06-16 14:21 - 00031264 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\srsbs.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00067104 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00151072 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\smti.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00032800 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\srom.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00032288 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\smtu.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00040992 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\smta.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00026144 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\sgml.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00047648 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\srbu.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00063520 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00026656 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\srpdm.dll
2014-06-16 14:18 - 2014-06-16 14:18 - 00045088 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-06-16 14:10 - 2014-06-16 14:10 - 00026656 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00036896 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00194592 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\sgmu.dll
2014-05-12 11:21 - 2014-05-12 11:21 - 00061440 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
2014-06-16 14:20 - 2014-06-16 14:20 - 00257056 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\srns.dll
2013-09-26 16:46 - 2014-07-19 19:45 - 36966968 _____ () C:\Users\Aaron\AppData\Roaming\Spotify\Data\libcef.dll
2014-06-16 14:18 - 2014-06-16 14:18 - 00034848 _____ () C:\Users\Aaron\AppData\Local\Smartbar\Application\lrcnt.dll
2014-07-19 19:45 - 2014-07-19 19:45 - 00867896 _____ () C:\Users\Aaron\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2013-09-26 16:46 - 2014-07-19 19:45 - 00886840 _____ () C:\Users\Aaron\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-26 16:46 - 2014-07-19 19:45 - 00108600 _____ () C:\Users\Aaron\AppData\Roaming\Spotify\Data\libegl.dll
2014-07-30 13:43 - 2014-07-30 13:44 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Aaron\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run: => "RtHDVBg"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "ASUSWebStorage"
HKLM\...\StartupApproved\Run32: => "ROGNB"
HKLM\...\StartupApproved\Run32: => "PowerDVD13Agent"
HKCU\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKCU\...\StartupApproved\Run: => "RGSC"
HKCU\...\StartupApproved\Run: => "Spotify"
HKCU\...\StartupApproved\Run: => "Spotify Web Helper"
HKCU\...\StartupApproved\Run: => "Steam"
HKCU\...\StartupApproved\Run: => "SkyDrive"
HKCU\...\StartupApproved\Run: => "CyberGhost"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2014 02:06:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi

Error: (07/31/2014 02:06:06 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (07/31/2014 02:06:06 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (07/30/2014 05:06:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi

Error: (07/30/2014 05:06:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (07/30/2014 05:06:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (07/30/2014 04:06:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi

Error: (07/30/2014 04:06:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (07/30/2014 04:06:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Nicht erwarteter oder fehlender Wert (Name: "PackageCode", Wert: "GUID") für Schlüssel "HKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219".

Error: (07/30/2014 02:06:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi


System errors:
=============
Error: (07/27/2014 05:40:22 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 13 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (07/26/2014 04:44:09 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 04:44:09 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 04:44:04 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 04:44:04 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 04:43:57 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 04:43:57 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 04:43:34 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 04:43:34 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (07/26/2014 04:43:27 PM) (Source: DCOM) (EventID: 10010) (User: AARONS-LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (07/31/2014 02:06:07 AM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/31/2014 02:06:06 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (07/31/2014 02:06:06 AM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (07/30/2014 05:06:00 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/30/2014 05:06:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (07/30/2014 05:06:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (07/30/2014 04:06:02 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/30/2014 04:06:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (07/30/2014 04:06:00 PM) (Source: MsiInstaller) (EventID: 1002) (User: NT-AUTORITÄT)
Description: PackageCodeGUIDHKLM\Software\Classes\Installer\Products\B476F94747628E7478C965620AB6A219(NULL)(NULL)(NULL)

Error: (07/30/2014 02:06:01 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT-AUTORITÄT)
Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files (x86)\Google\Update\1.3.24.15\BonanzaDealsLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL)


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 8141.55 MB
Available physical RAM: 5489.75 MB
Total Pagefile: 12340.07 MB
Available Pagefile: 9126.2 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:95.05 GB) (Free:10.86 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Spiele) (Fixed) (Total:465.75 GB) (Free:73.82 GB) NTFS
Drive e: (Dokumente) (Fixed) (Total:465.76 GB) (Free:171.29 GB) NTFS
Drive f: (SSD) (Fixed) (Total:121.97 GB) (Free:102.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 947D0594)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 238 GB) (Disk ID: 5B98F280)

Partition: GPT Partition Type.

==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-31 02:38:56
Windows 6.3.9600  x64 \Device\Harddisk1\DR1 -> \Device\00000039 LITEONIT_LCS-256M6S rev.DC81605 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\Aaron\AppData\Local\Temp\uwdyrkoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960                            fffff8005675bd00 12 bytes [C0, 52, AC, FF, 02, AD, 4E, ...]
.text  C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 973                            fffff8005675bd0d 23 bytes [B2, A2, 02, 00, C4, FF, FF, ...]

---- User code sections - GMER 2.1 ----

.text  C:\WINDOWS\Explorer.EXE[636] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714    00007ffe4511154a 4 bytes [11, 45, FE, 7F]
.text  C:\WINDOWS\Explorer.EXE[636] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722    00007ffe45111552 4 bytes [11, 45, FE, 7F]
.text  C:\WINDOWS\Explorer.EXE[636] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98  00007ffe4511162a 4 bytes [11, 45, FE, 7F]
.text  C:\WINDOWS\Explorer.EXE[636] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122  00007ffe45111642 4 bytes [11, 45, FE, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [504:528]                                            fffff9600080cb90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk1\DR1                                                              unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 31.07.2014 06:41
hi,

Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Aaronator 31.07.2014 11:12
Vielen Dank für die Hilfe! Möglichkeit eins hat gleich funktioniert :)


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014
Ran by Aaron (administrator) on AARONS-LAPTOP on 31-07-2014 12:09:28
Running from C:\Users\Aaron\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(TeamViewer GmbH) E:\TeamViewer\TeamViewer_Service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Clichelper) C:\Users\Aaron\AppData\Local\Temp\clicup\clicup.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Apple Inc.) E:\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Helper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Spotify Ltd) C:\Users\Aaron\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13535304 2013-05-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890128 2013-04-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [UMonit64] => C:\Windows\SysWOW64\UMonit64.exe [40960 2013-03-14] ()
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-04-26] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [181208 2013-04-24] (cyberlink)
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [466944 2011-09-19] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [PowerDVD13Agent] => C:\Program Files (x86)\CyberLink\PowerDVD13\PowerDVD13Agent.exe [513048 2013-03-20] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [444760 2014-03-07] (Razer Inc.)
HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-06-13] ( (Atheros Communications))
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [Steam] => D:\Steam\steam.exe [1753280 2014-07-16] (Valve Corporation)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [Spotify Web Helper] => C:\Users\Aaron\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-19] (Spotify Ltd)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [Spotify] => C:\Users\Aaron\AppData\Roaming\Spotify\spotify.exe [6162488 2014-07-19] (Spotify Ltd)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [358000 2014-01-16] (CyberGhost S.R.L.)
HKU\S-1-5-21-2925936204-143552802-712729491-1002\...\Run: [clicup-Agent] => C:\Users\Aaron\AppData\Local\Temp\clicup\clicup.exe [445424 2014-07-10] (Clichelper) <===== ATTENTION
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{7F5DAC53-4097-4932-9CB0-8F9E8C1E95C9}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzw,
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLY,&q={searchTerms}
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLY,&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7BD88A30-75A0-42C1-B211-7888CFEFABB8&SearchSource=58&CUI=&UM=6&UP=SP15BCF927-BBD1-4107-AB36-C0B6BC1EC0BF&q={searchTerms}&SSPV=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=M7BD88A30-75A0-42C1-B211-7888CFEFABB8&SearchSource=58&CUI=&UM=6&UP=SP15BCF927-BBD1-4107-AB36-C0B6BC1EC0BF&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Java\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Java\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default
FF Homepage: https://www.google.com/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - E:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - D:\Java\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - D:\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - E:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\user.js
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-26]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-12-10]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-12-10]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-07-19]

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzs,
CHR StartupUrls: "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzs,"
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-15]
CHR Extension: (Safe Money) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-15]
CHR Extension: (Dangerous Websites Blocker) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-10-15]
CHR Extension: (Boost) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn [2014-07-28]
CHR Extension: (Virtual Keyboard) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-15]
CHR Extension: (Google Wallet) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
CHR Extension: (Anti-Banner) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-15]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-07-19]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-07-19]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-07-26] (Adobe Systems) [File not signed]
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-06-13] (Windows (R) Win 7 DDK provider)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [247768 2013-04-24] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-06-13] ()
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [340480 2013-09-20] (Qualcomm Atheros) [File not signed]
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4249088 2014-03-06] (A-Volute) [File not signed]
R2 TeamViewer8; E:\TeamViewer\TeamViewer_Service.exe [5093216 2014-02-07] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-06-13] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 akw8x64; C:\Windows\system32\DRIVERS\akw8x64.sys [3942096 2013-09-04] (Qualcomm Atheros, Inc.)
S1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-06-13] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [91368 2013-03-22] (GenesysLogic)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29792 2013-12-19] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [115296 2014-03-29] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625760 2014-03-29] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\system32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [65120 2014-03-29] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
R3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28768 2014-03-12] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2013-08-27] (CACE Technologies)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-07-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RZMAELSTROMVADService; C:\Windows\system32\drivers\RzMaelstromVAD.sys [40696 2014-03-06] (Windows (R) Win 7 DDK provider)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [38112 2014-03-12] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 12:05 - 2014-07-31 12:05 - 00001134 _____ () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-31 12:00 - 2014-07-31 12:00 - 00001242 _____ () C:\Users\Aaron\Desktop\Revo Uninstaller.lnk
2014-07-31 12:00 - 2014-07-31 12:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-31 11:59 - 2014-07-31 11:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Aaron\Desktop\revosetup95.exe
2014-07-31 11:56 - 2014-07-31 11:56 - 00002093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-07-31 11:56 - 2014-07-31 11:56 - 00002073 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-07-31 02:38 - 2014-07-31 02:38 - 00001512 _____ () C:\Users\Aaron\Desktop\Gmer.txt
2014-07-31 02:28 - 2014-07-31 02:28 - 00008806 _____ () C:\WINDOWS\PFRO.log
2014-07-31 02:19 - 2014-07-31 02:19 - 00043514 _____ () C:\Users\Aaron\Desktop\Addition.txt
2014-07-31 02:18 - 2014-07-31 12:09 - 00034717 _____ () C:\Users\Aaron\Desktop\FRST.txt
2014-07-31 02:18 - 2014-07-31 12:09 - 00000000 ____D () C:\FRST
2014-07-31 02:17 - 2014-07-31 02:17 - 00000472 _____ () C:\Users\Aaron\Desktop\defogger_disable.log
2014-07-31 02:17 - 2014-07-31 02:17 - 00000000 _____ () C:\Users\Aaron\defogger_reenable
2014-07-31 02:16 - 2014-07-31 02:16 - 02094080 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2014-07-31 02:16 - 2014-07-31 02:16 - 00380416 _____ () C:\Users\Aaron\Desktop\Gmer-19357.exe
2014-07-31 02:16 - 2014-07-31 02:16 - 00050477 _____ () C:\Users\Aaron\Desktop\Defogger.exe
2014-07-30 16:05 - 2014-07-30 17:20 - 00000000 ____D () C:\Users\Aaron\Desktop\Plattenriss
2014-07-30 13:43 - 2014-07-30 13:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 12:42 - 2014-07-30 12:42 - 00002111 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-07-30 12:41 - 2014-07-02 19:44 - 00609240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-07-30 12:40 - 2014-07-30 12:40 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-30 12:40 - 2014-07-02 22:48 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-30 12:40 - 2014-07-02 22:48 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00835032 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00502232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00418760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00391640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-07-30 12:40 - 2014-07-02 22:48 - 00348120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-07-30 12:37 - 2014-07-30 17:22 - 00001107 _____ () C:\WINDOWS\setupact.log
2014-07-30 12:37 - 2014-07-30 12:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-28 14:25 - 2014-07-28 14:25 - 12926996 _____ () C:\Users\Aaron\Desktop\Purple-weed-wallpaper_25.psd
2014-07-28 14:22 - 2014-07-28 14:22 - 04548696 _____ () C:\Users\Aaron\Desktop\blue-swirls-random-design.psd
2014-07-28 12:04 - 2014-07-28 12:04 - 10420378 _____ () C:\Users\Aaron\Desktop\weed_wallpaper_by_thedeviant426-d36wscb.psd
2014-07-28 01:39 - 2014-07-28 01:39 - 00001867 _____ () C:\Users\Aaron\Desktop\Configure VO Package.lnk
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\VOPackage
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-28 01:38 - 2014-07-28 01:38 - 00003512 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-aarondressl3r@hotmail.com
2014-07-28 01:38 - 2014-07-28 01:38 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\PDAppFlex
2014-07-28 01:38 - 2014-07-28 01:38 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-28 01:29 - 2014-07-31 11:56 - 00000000 ____D () C:\Program Files\Adobe
2014-07-28 01:29 - 2014-07-31 11:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-28 01:29 - 2014-07-28 01:29 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-07-28 00:52 - 2014-07-31 02:33 - 00387484 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-28 00:52 - 2014-07-28 00:52 - 00001291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-07-28 00:52 - 2014-07-28 00:52 - 00001279 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-07-28 00:51 - 2014-07-28 00:51 - 00001305 _____ () C:\Users\Aaron\Desktop\Continue Setup File.lnk
2014-07-28 00:49 - 2014-07-28 00:49 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\Aaron\Downloads\CreativeCloudSet-Up(1).exe
2014-07-28 00:47 - 2014-07-28 00:47 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\Aaron\Downloads\CreativeCloudSet-Up.exe
2014-07-28 00:43 - 2014-07-28 00:49 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Systweak
2014-07-28 00:43 - 2014-07-28 00:43 - 00002420 _____ () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-28 00:43 - 2013-08-22 18:36 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\WINDOWS\system32\roboot64.exe
2014-07-28 00:42 - 2014-07-28 00:42 - 01938526 _____ () C:\Users\Aaron\Downloads\Photoshop CC Full version with Crack.rar
2014-07-27 20:46 - 2014-07-27 20:46 - 00063088 _____ () C:\Users\Aaron\Desktop\hanfblatt.bmp
2014-07-27 20:18 - 2014-07-28 14:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Photoshop
2014-07-27 13:43 - 2014-07-27 13:43 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Opera
2014-07-26 11:48 - 2014-07-26 11:48 - 00000000 ____D () C:\Users\Aaron\Documents\Updater
2014-07-26 11:47 - 2014-07-31 11:57 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe
2014-07-26 11:17 - 2014-07-26 11:17 - 00002063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00001567 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00001564 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-07-26 11:17 - 2014-07-26 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-26 11:14 - 2014-07-26 11:14 - 00000000 ____D () C:\PS_CS2_Gr_NonRet
2014-07-26 11:02 - 2014-07-26 11:13 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Aaron\Downloads\PS_CS2_Gr_NonRet.exe
2014-07-25 18:49 - 2014-07-25 18:49 - 00000933 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-07-25 18:48 - 2014-07-25 18:48 - 06272852 _____ () C:\Users\Aaron\Downloads\paint.net.4.0.3.install.zip
2014-07-25 18:44 - 2014-07-25 18:44 - 00000844 _____ () C:\Users\Aaron\AppData\Local\recently-used.xbel
2014-07-23 21:04 - 2014-07-23 21:07 - 74354694 _____ (BioWare) C:\Users\Aaron\Downloads\MassEffect_EFIGS_1.02.exe
2014-07-23 21:04 - 2014-07-23 21:06 - 36724208 _____ (BioWare) C:\Users\Aaron\Downloads\MassEffect_EFIGS_1.01a.exe
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcomp120.dll
2014-07-19 18:19 - 2014-07-19 18:19 - 00000609 _____ () C:\Users\Aaron\Desktop\Format Factory.lnk
2014-07-19 18:19 - 2014-07-19 18:19 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-19 18:19 - 2014-06-25 19:14 - 48888704 _____ (AVM Software Inc.) C:\Users\Aaron\Documents\pal_install_a4650_r131001_p127000.exe
2014-07-19 18:02 - 2014-07-19 18:12 - 53580025 _____ () C:\Users\Aaron\Downloads\FFSetup3.3.5.0.zip
2014-07-19 17:53 - 2014-07-19 17:53 - 00001414 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-07-19 17:53 - 2014-07-19 17:53 - 00001217 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\DVDVideoSoft
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-19 17:51 - 2014-07-19 17:52 - 27856912 _____ (DVDVideoSoft Ltd. ) C:\Users\Aaron\Downloads\FreeYouTubeDownload-3.2.42.716.exe
2014-07-10 17:03 - 2014-07-10 17:25 - 214117619 _____ () C:\Users\Aaron\Downloads\btas_krissy_lynn04_272p_650_mobile.mp4
2014-07-10 17:02 - 2014-07-10 17:25 - 253282764 _____ () C:\Users\Aaron\Downloads\mgb_phoenix_marie_bb042914_272p_650_mobile.mp4
2014-07-10 16:32 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-10 15:20 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-10 15:20 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-10 15:20 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-10 15:20 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-10 15:20 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-10 15:20 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-10 15:20 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-10 15:20 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-10 15:20 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-10 15:20 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-10 15:20 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-10 15:20 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-10 15:20 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-10 15:20 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-10 15:20 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-10 15:20 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-10 15:20 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-10 15:20 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-10 15:20 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-10 15:20 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-10 15:20 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-10 15:20 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-10 15:20 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-10 15:20 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-10 15:20 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-10 15:20 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-10 15:20 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-10 15:20 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-10 15:20 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-10 15:20 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-10 15:20 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-10 15:20 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-10 15:20 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-10 15:20 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-10 15:20 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-10 15:20 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-10 15:20 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-10 15:19 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-10 15:19 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-10 15:19 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-10 15:19 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-10 15:19 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-10 15:19 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-10 15:19 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 15:19 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-10 15:19 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-10 15:19 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 15:19 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-10 15:19 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-10 15:19 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-10 15:19 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-10 15:19 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-10 15:19 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-10 15:19 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 16:20 - 2014-07-09 16:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\wf-launcher
2014-07-09 16:20 - 2014-07-09 16:20 - 00000000 ____D () C:\ProgramData\GFACE

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 12:09 - 2014-07-31 02:18 - 00034717 _____ () C:\Users\Aaron\Desktop\FRST.txt
2014-07-31 12:09 - 2014-07-31 02:18 - 00000000 ____D () C:\FRST
2014-07-31 12:08 - 2013-09-26 16:45 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Spotify
2014-07-31 12:06 - 2013-10-15 03:31 - 00001136 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 12:05 - 2014-07-31 12:05 - 00001134 _____ () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-31 12:05 - 2013-09-26 16:37 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2925936204-143552802-712729491-1002
2014-07-31 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 12:00 - 2014-07-31 12:00 - 00001242 _____ () C:\Users\Aaron\Desktop\Revo Uninstaller.lnk
2014-07-31 12:00 - 2014-07-31 12:00 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-31 12:00 - 2013-08-26 22:26 - 00003474 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update1
2014-07-31 12:00 - 2013-08-26 22:26 - 00003464 _____ () C:\WINDOWS\System32\Tasks\ASUS Live Update2
2014-07-31 11:59 - 2014-07-31 11:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Aaron\Desktop\revosetup95.exe
2014-07-31 11:57 - 2014-07-26 11:47 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Adobe
2014-07-31 11:57 - 2013-09-28 00:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-31 11:56 - 2014-07-31 11:56 - 00002093 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-07-31 11:56 - 2014-07-31 11:56 - 00002073 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-07-31 11:56 - 2014-07-28 01:29 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-31 11:56 - 2014-07-28 01:29 - 00000000 ____D () C:\Program Files\Adobe
2014-07-31 11:56 - 2013-09-26 16:31 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Adobe
2014-07-31 11:56 - 2013-04-26 01:15 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-31 11:50 - 2014-07-28 00:52 - 00387484 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 11:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-31 11:39 - 2013-10-15 03:31 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 11:39 - 2013-09-26 17:04 - 00000000 __RDO () C:\Users\Aaron\SkyDrive
2014-07-31 11:39 - 2013-09-26 16:30 - 00000074 _____ () C:\Users\Aaron\AppData\Roaming\sp_data.sys
2014-07-31 03:12 - 2013-09-26 17:52 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-31 02:45 - 2013-09-30 06:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-31 02:45 - 2013-09-30 05:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-31 02:45 - 2013-09-30 05:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-31 02:39 - 2013-10-23 16:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-31 02:39 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-31 02:38 - 2014-07-31 02:38 - 00001512 _____ () C:\Users\Aaron\Desktop\Gmer.txt
2014-07-31 02:31 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-31 02:28 - 2014-07-31 02:28 - 00008806 _____ () C:\WINDOWS\PFRO.log
2014-07-31 02:28 - 2013-08-22 16:44 - 00643312 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-31 02:19 - 2014-07-31 02:19 - 00043514 _____ () C:\Users\Aaron\Desktop\Addition.txt
2014-07-31 02:17 - 2014-07-31 02:17 - 00000472 _____ () C:\Users\Aaron\Desktop\defogger_disable.log
2014-07-31 02:17 - 2014-07-31 02:17 - 00000000 _____ () C:\Users\Aaron\defogger_reenable
2014-07-31 02:17 - 2013-10-23 16:11 - 00000000 ____D () C:\Users\Aaron
2014-07-31 02:16 - 2014-07-31 02:16 - 02094080 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2014-07-31 02:16 - 2014-07-31 02:16 - 00380416 _____ () C:\Users\Aaron\Desktop\Gmer-19357.exe
2014-07-31 02:16 - 2014-07-31 02:16 - 00050477 _____ () C:\Users\Aaron\Desktop\Defogger.exe
2014-07-30 17:22 - 2014-07-30 12:37 - 00001107 _____ () C:\WINDOWS\setupact.log
2014-07-30 17:20 - 2014-07-30 16:05 - 00000000 ____D () C:\Users\Aaron\Desktop\Plattenriss
2014-07-30 15:57 - 2013-11-28 21:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 13:44 - 2014-07-30 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 12:42 - 2014-07-30 12:42 - 00002111 _____ () C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2014-07-30 12:41 - 2013-08-26 22:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 12:40 - 2014-07-30 12:40 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-30 12:40 - 2013-10-23 16:10 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-30 12:37 - 2014-07-30 12:37 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-30 12:37 - 2013-11-12 23:30 - 00000000 ____D () C:\Users\Aaron\AppData\Local\NVIDIA Corporation
2014-07-30 12:11 - 2013-09-26 16:46 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Spotify
2014-07-28 14:25 - 2014-07-28 14:25 - 12926996 _____ () C:\Users\Aaron\Desktop\Purple-weed-wallpaper_25.psd
2014-07-28 14:22 - 2014-07-28 14:22 - 04548696 _____ () C:\Users\Aaron\Desktop\blue-swirls-random-design.psd
2014-07-28 14:18 - 2014-07-27 20:18 - 00000000 ____D () C:\Users\Aaron\Desktop\Photoshop
2014-07-28 12:04 - 2014-07-28 12:04 - 10420378 _____ () C:\Users\Aaron\Desktop\weed_wallpaper_by_thedeviant426-d36wscb.psd
2014-07-28 01:39 - 2014-07-28 01:39 - 00001867 _____ () C:\Users\Aaron\Desktop\Configure VO Package.lnk
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\VOPackage
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-28 01:39 - 2014-07-28 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-28 01:38 - 2014-07-28 01:38 - 00003512 _____ () C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-aarondressl3r@hotmail.com
2014-07-28 01:38 - 2014-07-28 01:38 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\PDAppFlex
2014-07-28 01:38 - 2014-07-28 01:38 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-28 01:29 - 2014-07-28 01:29 - 00001058 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2014-07-28 01:29 - 2013-09-30 05:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-28 00:52 - 2014-07-28 00:52 - 00001291 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2014-07-28 00:52 - 2014-07-28 00:52 - 00001279 _____ () C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2014-07-28 00:52 - 2013-04-26 01:15 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-28 00:51 - 2014-07-28 00:51 - 00001305 _____ () C:\Users\Aaron\Desktop\Continue Setup File.lnk
2014-07-28 00:49 - 2014-07-28 00:49 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\Aaron\Downloads\CreativeCloudSet-Up(1).exe
2014-07-28 00:49 - 2014-07-28 00:43 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Systweak
2014-07-28 00:47 - 2014-07-28 00:47 - 00615304 _____ (Adobe Systems Incorporated) C:\Users\Aaron\Downloads\CreativeCloudSet-Up.exe
2014-07-28 00:43 - 2014-07-28 00:43 - 00002420 _____ () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-28 00:42 - 2014-07-28 00:42 - 01938526 _____ () C:\Users\Aaron\Downloads\Photoshop CC Full version with Crack.rar
2014-07-27 20:46 - 2014-07-27 20:46 - 00063088 _____ () C:\Users\Aaron\Desktop\hanfblatt.bmp
2014-07-27 13:43 - 2014-07-27 13:43 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Opera
2014-07-27 13:43 - 2012-07-26 07:26 - 00000124 _____ () C:\WINDOWS\win.ini
2014-07-26 11:48 - 2014-07-26 11:48 - 00000000 ____D () C:\Users\Aaron\Documents\Updater
2014-07-26 11:17 - 2014-07-26 11:17 - 00002063 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00002045 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00001567 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00001564 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2014-07-26 11:17 - 2014-07-26 11:17 - 00000000 ____D () C:\Users\Public\Documents\Adobe PDF
2014-07-26 11:17 - 2014-07-26 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-26 11:14 - 2014-07-26 11:14 - 00000000 ____D () C:\PS_CS2_Gr_NonRet
2014-07-26 11:13 - 2014-07-26 11:02 - 375232764 _____ (Adobe Systems Inc. ) C:\Users\Aaron\Downloads\PS_CS2_Gr_NonRet.exe
2014-07-25 21:27 - 2013-10-24 00:59 - 00000000 ____D () C:\Users\Aaron\Documents\ManiaPlanet
2014-07-25 20:59 - 2013-10-24 00:57 - 00000000 ____D () C:\ProgramData\ManiaPlanet
2014-07-25 20:56 - 2013-09-28 13:11 - 00000000 ____D () C:\Users\Aaron\.gimp-2.8
2014-07-25 18:50 - 2013-09-28 12:57 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Paint.NET
2014-07-25 18:49 - 2014-07-25 18:49 - 00000933 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2014-07-25 18:48 - 2014-07-25 18:48 - 06272852 _____ () C:\Users\Aaron\Downloads\paint.net.4.0.3.install.zip
2014-07-25 18:44 - 2014-07-25 18:44 - 00000844 _____ () C:\Users\Aaron\AppData\Local\recently-used.xbel
2014-07-25 18:44 - 2013-09-28 13:14 - 00000000 ____D () C:\Users\Aaron\AppData\Local\gtk-2.0
2014-07-25 15:50 - 2014-06-03 17:43 - 01715224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2014-07-25 15:50 - 2014-06-03 17:43 - 01291280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2014-07-25 15:50 - 2013-10-30 21:52 - 01283136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2014-07-25 15:50 - 2013-10-30 21:52 - 01126480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2014-07-24 23:10 - 2013-09-26 23:11 - 00000000 ____D () C:\ProgramData\Origin
2014-07-23 21:07 - 2014-07-23 21:04 - 74354694 _____ (BioWare) C:\Users\Aaron\Downloads\MassEffect_EFIGS_1.02.exe
2014-07-23 21:06 - 2014-07-23 21:04 - 36724208 _____ (BioWare) C:\Users\Aaron\Downloads\MassEffect_EFIGS_1.01a.exe
2014-07-22 15:14 - 2014-07-22 15:14 - 00137376 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcomp120.dll
2014-07-22 07:19 - 2013-09-27 12:21 - 00000000 ____D () C:\Users\Aaron\Documents\My Games
2014-07-21 11:03 - 2013-09-28 13:07 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\vlc
2014-07-20 13:17 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\System
2014-07-20 13:16 - 2014-03-05 17:03 - 00000000 __SHD () C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-07-19 18:19 - 2014-07-19 18:19 - 00000609 _____ () C:\Users\Aaron\Desktop\Format Factory.lnk
2014-07-19 18:19 - 2014-07-19 18:19 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2014-07-19 18:12 - 2014-07-19 18:02 - 53580025 _____ () C:\Users\Aaron\Downloads\FFSetup3.3.5.0.zip
2014-07-19 17:53 - 2014-07-19 17:53 - 00001414 _____ () C:\Users\Public\Desktop\Free YouTube Download.lnk
2014-07-19 17:53 - 2014-07-19 17:53 - 00001217 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\Users\Aaron\AppData\Roaming\DVDVideoSoft
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-19 17:53 - 2014-07-19 17:53 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-19 17:52 - 2014-07-19 17:51 - 27856912 _____ (DVDVideoSoft Ltd. ) C:\Users\Aaron\Downloads\FreeYouTubeDownload-3.2.42.716.exe
2014-07-10 17:26 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-10 17:25 - 2014-07-10 17:03 - 214117619 _____ () C:\Users\Aaron\Downloads\btas_krissy_lynn04_272p_650_mobile.mp4
2014-07-10 17:25 - 2014-07-10 17:02 - 253282764 _____ () C:\Users\Aaron\Downloads\mgb_phoenix_marie_bb042914_272p_650_mobile.mp4
2014-07-10 16:49 - 2013-09-30 05:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 16:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-10 16:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 16:49 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 16:38 - 2013-09-27 03:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-10 16:38 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-10 16:37 - 2013-09-27 03:09 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-10 16:37 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 20:39 - 2014-05-17 20:50 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Arma 3
2014-07-09 16:20 - 2014-07-09 16:20 - 00000000 ____D () C:\Users\Aaron\AppData\Local\wf-launcher
2014-07-09 16:20 - 2014-07-09 16:20 - 00000000 ____D () C:\ProgramData\GFACE
2014-07-09 14:12 - 2013-09-26 17:52 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-07 13:52 - 2014-03-08 13:39 - 00000000 ____D () C:\Users\Aaron\AppData\Local\Battle.net
2014-07-07 13:42 - 2014-03-08 13:39 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-02 22:48 - 2014-07-30 12:40 - 31512520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 24196896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 22994208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 17555104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 15294296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 13922752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 13835208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 12866008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2014-07-02 22:48 - 2014-07-30 12:40 - 11283344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 11222048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 04247000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 03989960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 01890080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434052.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 01539928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434052.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00944928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00907096 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00903624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00869152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00835032 _____ () C:\WINDOWS\system32\nvmcumd.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00502232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00418760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00391640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2014-07-02 22:48 - 2014-07-30 12:40 - 00348120 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2014-07-02 22:48 - 2014-03-10 23:34 - 16122344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 18626304 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 14498552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 03196816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 02814656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2014-07-02 22:48 - 2013-10-21 22:01 - 00026353 _____ () C:\WINDOWS\system32\nvinfo.pb
2014-07-02 22:48 - 2013-08-26 22:14 - 00075040 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2014-07-02 22:48 - 2013-08-26 22:14 - 00061912 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 06783776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 03522392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 02559960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 00935368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2014-07-02 20:55 - 2013-10-23 16:10 - 00386520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2014-07-02 20:55 - 2013-10-23 16:10 - 00062808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2014-07-02 19:44 - 2014-07-30 12:41 - 00609240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2014-07-02 12:14 - 2014-06-03 19:35 - 03826628 _____ () C:\WINDOWS\system32\nvcoproc.bin

Files to move or delete:
====================
C:\Users\Aaron\AppData\Local\Temp\clicup\clicup.exe
C:\ProgramData\SetStretch.exe
C:\ProgramData\SetStretch.VBS


Some content of TEMP:
====================
C:\Users\Aaron\AppData\Local\Temp\6_Offer_16.exe
C:\Users\Aaron\AppData\Local\Temp\BackupSetup.exe
C:\Users\Aaron\AppData\Local\Temp\ins.exe
C:\Users\Aaron\AppData\Local\Temp\nsgED4A.exe
C:\Users\Aaron\AppData\Local\Temp\nsiC131.exe
C:\Users\Aaron\AppData\Local\Temp\nsnE549.exe
C:\Users\Aaron\AppData\Local\Temp\nsoE941.exe
C:\Users\Aaron\AppData\Local\Temp\nspC4AD.exe
C:\Users\Aaron\AppData\Local\Temp\nss6AC.exe
C:\Users\Aaron\AppData\Local\Temp\nswBD48.exe
C:\Users\Aaron\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Aaron\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Aaron\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Aaron\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Aaron\AppData\Local\Temp\nvStInst.exe
C:\Users\Aaron\AppData\Local\Temp\SearchProtectINT.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-31 11:51

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 01.08.2014 11:39
Trotzdem die 3 Tools bitte :)

Aaronator 01.08.2014 15:12
Also hab jetzt alles gemacht. Eine Frage noch: Kann ich die Programme jetzt wieder deinstallieren? Ich bekomme nämlich von Malwarebytes beim aufrufen einer neuen Seite immer wieder die Meldung, dass eine seite blockiert wurde. Vielen Dank nochmal!
:dankeschoen:

Code:
# AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 15:59:24
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : Aaron - AARONS-LAPTOP
# Gestartet von : C:\Users\Aaron\Desktop\adwcleaner_3.302.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\BonanzaDeals
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Users\Aaron\AppData\Local\Temp\focusbase
Ordner Gelöscht : C:\Users\Aaron\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\Aaron\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Aaron\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Aaron\Documents\Updater
Ordner Gelöscht : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\igckfjdcbkimejmjmpmebffdjjjgncfn
Datei Gelöscht : C:\Users\Aaron\Desktop\Configure VO Package.lnk
Datei Gelöscht : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Aaron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{03771AEF-400D-4A13-B712-25878EC4A3F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DE6FC60-E023-4AD7-A3B7-591E1460E7F7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\nuevos-programas.com
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\2z1jwkm8.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "141645872811fde6e51aa409914159f1");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 28);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1406328206042");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "135676");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "ry_5335_ch");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\".search.yahoo.com\\\\\\/yhs\\\\\\/search?hspart=lkry\\\",\\\"www.only-apart[...]
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "bdcc8537-4523-054a-fbef-e81cbf66150c");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "27/07/2014");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1406501006");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1406501011018");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "shoppinghelper");

-\\ Google Chrome v36.0.1985.125

[ Datei : C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzs,
Gelöscht [Homepage] : hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzs,
Gelöscht [Extension] : igckfjdcbkimejmjmpmebffdjjjgncfn

*************************

AdwCleaner[R0].txt - [9332 octets] - [01/08/2014 15:58:14]
AdwCleaner[S0].txt - [7729 octets] - [01/08/2014 15:59:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7789 octets] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.08.2014
Suchlauf-Zeit: 15:19:34
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.03.04.09
Rootkit Datenbank: v2014.07.17.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Aaron

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 263909
Verstrichene Zeit: 4 Min, 58 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 10
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [3217df20cdad48eead30bbb92ad89868],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, In Quarantäne, [3217df20cdad48eead30bbb92ad89868],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, In Quarantäne, [62e797684d2d74c283e654ed9171956b],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [32176e91bbbf9b9b4e580da98281ef11],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, In Quarantäne, [66e3c03fe397f145897f1c97867dc13f],
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\BonanzaDealsLive.exe, In Quarantäne, [ea5fac533e3cc2744abe8b28e91aef11],
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BonanzaDealsLive, In Quarantäne, [193053acd9a1e254d035724134cf27d9],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [ca7ffb041b5f55e1274f407f40c309f7],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [54f509f653274aecd0a8791b19e940c0],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [1c2d8877b6c4e74fd8f66644b54e58a8],

Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1N1J, In Quarantäne, [1c2d8877b6c4e74fd8f66644b54e58a8]

Registrierungsdaten: 6
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[93b6ab54bac065d1142fb07f29db09f7]
PUP.Optional.Snapdo, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}),Ersetzt,[51f813ec9edcb87e8a2948e6ef155aa6]
PUP.Optional.Snapdo, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzw,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRgS9P8f1BHzDG6tI9D-HnvicaSRjsHcg0wOrSh0GApEvmcxQ0uR2xOyeN4Z-aQzw,),Ersetzt,[cb7e1be42951b284a014c5694eb6b050]
PUP.Optional.Snapdo, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}),Ersetzt,[3b0e25da90eabe789b17b37bc4404db3]
PUP.Optional.Snapdo, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}),Ersetzt,[0d3c30cf99e16cca5c592509ec18c739]
PUP.Optional.Snapdo, HKU\S-1-5-21-2925936204-143552802-712729491-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnw_AiWV-gAnzkx-OfHjkagWrm1bFxQPk0Oe3yBwaqa9J4kFi8rQbn8BTHi_6f077ZPryu23_lGW85vl03RYg9E44vYYRjSubc0a-hKmi309wpPSpVSOUUQII_vUI_TOE7kRojypLqjkuUVmZAr6Hb1y7QLE,&q={searchTerms}),Ersetzt,[aa9f827dfc7e12246a4cd65854b03ac6]

Ordner: 7
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, In Quarantäne, [63e6cf3038427fb7b8ccd9aee121ac54],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, In Quarantäne, [63e6cf3038427fb7b8ccd9aee121ac54],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, In Quarantäne, [63e6cf3038427fb7b8ccd9aee121ac54],
PUP.Optional.BonanzaDeals.A, C:\Users\Aaron\AppData\Local\BonanzaDealsLive, In Quarantäne, [4603e619adcd2d09b4d1d4b317eb6c94],
PUP.Optional.BonanzaDeals.A, C:\Users\Aaron\AppData\Local\BonanzaDealsLive\CrashReports, In Quarantäne, [4603e619adcd2d09b4d1d4b317eb6c94],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, In Quarantäne, [61e8a45b5a200036592e99eefd05c33d],
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, In Quarantäne, [61e8a45b5a200036592e99eefd05c33d],

Dateien: 5
PUP.Optional.Conduit.A, C:\Users\Aaron\AppData\Local\Temp\SearchProtectINT.exe, In Quarantäne, [6adf916e5f1b04324a323d216899c739],
PUP.Optional.OpenCandy, C:\Users\Aaron\Downloads\FreeYouTubeDownload-3.2.42.716.exe, In Quarantäne, [6cdde8170b6f270f749c58f7649dd42c],
PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [2326c53a5b1f2b0b5eb82767ac5603fd],
PUP.Optional.qvo6.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qvo6.xml, In Quarantäne, [51f85ea1651544f280a5ebc2c142c63a],
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, In Quarantäne, [63e6cf3038427fb7b8ccd9aee121ac54],

Physische Sektoren: 0
(No malicious items detected)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Aaron on 01.08.2014 at 16:02:50,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Aaron\AppData\Roaming\mozilla\firefox\profiles\2z1jwkm8.default\prefs.js

user_pref("browser.newtabpage.pinned", "[{\"url\":\"Trojaner-Board - Viren und Trojaner entfernen - kostenlos - Viren und Trojaner entfernen - kostenlos\",\"frecency\":850,\"
Emptied folder: C:\Users\Aaron\AppData\Roaming\mozilla\firefox\profiles\2z1jwkm8.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.08.2014 at 16:07:06,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 01.08.2014 21:07

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19