Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Webseiten werden auf Werbung umgeleitet. (https://www.trojaner-board.de/162707-windows-7-webseiten-werbung-umgeleitet.html)

jaydee81 12.01.2015 23:14
Windows 7: Webseiten werden auf Werbung umgeleitet.
 
Hallo zusammen,

mein PC leitet mich seit gestern auf Seiten wie "de.efix.com" und "ww1.inetdownloadmanager.net" um.

Nach mehreren Scans mit Panda Antivirus und Malwarebytes SCHEINT das Problem eventuell behoben, aber vielleicht kann sich trotzdem mal jemand die Logs anschauen?

FRST.txt
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
Ran by JDR (administrator) on JDR-PC on 12-01-2015 22:34:14
Running from C:\Users\JDR\Desktop
Loaded Profile: JDR (Available profiles: JDR)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() D:\Program Files\Launchy\Launchy.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => D:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [GoogleChromeAutoLaunch_11543E6E594100321B2DB79E36ECE066] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [6160152 2014-05-20] (Piriform Ltd)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-09-19] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [Steam] => c:\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
Startup: C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> D:\Program Files\Launchy\Launchy.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2100642859-3274675363-52059511-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49772;https=127.0.0.1:49772
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2100642859-3274675363-52059511-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M803E9CBA-5FAE-4AC3-9E19-E242AB9FB316&SearchSource=55&CUI=&UM=8&UP=SP1D66BFA2-DFCF-49F7-93C6-B7062BCB9E2C&SSPV=", "hxxp://www.google.com/", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-10]
CHR Extension: (Google Docs) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
CHR Extension: (Google Drive) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-10]
CHR Extension: (Brushed) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2015-01-10]
CHR Extension: (WOT) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-10]
CHR Extension: (YouTube) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-01-10]
CHR Extension: (Google Search) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
CHR Extension: (Feedspot Notifier) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfmbmjlieikcpodcpemdlecckdhnhbj [2015-01-10]
CHR Extension: (Torrent Turbo Search App) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2015-01-11]
CHR Extension: (Video Downloader professional) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-10]
CHR Extension: (Google Sheets) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-10]
CHR Extension: (AdBlock) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-10]
CHR Extension: (Google Mail Checker) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-10]
CHR Extension: (Google Wallet) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR Extension: (Google Quick Scroll) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-01-10]
CHR Extension: (Gmail) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-10]
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - No Path
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-10] (globalUpdate) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-01-10] (globalUpdate) [File not signed]
R3 iPod Service; D:\Program Files\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
R2 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; D:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; D:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; D:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 22:34 - 2015-01-12 22:34 - 00017278 _____ () C:\Users\JDR\Desktop\FRST.txt
2015-01-12 22:34 - 2015-01-12 22:34 - 00000000 ____D () C:\FRST
2015-01-12 22:33 - 2015-01-12 22:33 - 02124288 _____ (Farbar) C:\Users\JDR\Desktop\FRST64.exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00050477 _____ () C:\Users\JDR\Desktop\Defogger.exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00000468 _____ () C:\Users\JDR\Desktop\defogger_disable.log
2015-01-12 20:22 - 2015-01-12 20:22 - 00000000 _____ () C:\Users\JDR\defogger_reenable
2015-01-12 19:29 - 2015-01-12 19:29 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-12 19:27 - 2015-01-12 22:24 - 00038426 _____ () C:\Windows\PFRO.log
2015-01-12 19:16 - 2015-01-12 22:27 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-12 19:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-12 19:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-12 19:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-12 00:20 - 2015-01-12 00:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-12 00:20 - 2015-01-12 00:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 00:20 - 2015-01-12 00:20 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-12 00:19 - 2015-01-12 00:19 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-12 00:13 - 2015-01-12 00:26 - 00000000 ____D () C:\Users\JDR\AppData\Local\Adobe
2015-01-11 23:47 - 2015-01-11 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2015-01-11 23:44 - 2015-01-11 23:46 - 00000000 ____D () D:\Program Files\Tracker Software
2015-01-11 23:44 - 2015-01-11 23:46 - 00000000 ____D () D:\Program Files\Tracker Software
2015-01-11 23:31 - 2015-01-11 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () D:\Program Files\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () D:\Program Files\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-11 23:20 - 2015-01-11 23:20 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Panda Security
2015-01-11 23:20 - 2015-01-11 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-11 23:20 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-11 23:19 - 2015-01-11 23:20 - 00000000 ____D () D:\Program Files\Panda Security
2015-01-11 23:19 - 2015-01-11 23:20 - 00000000 ____D () D:\Program Files\Panda Security
2015-01-11 23:18 - 2015-01-11 23:20 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 22:12 - 2015-01-11 22:12 - 00000199 _____ () C:\Users\JDR\Desktop\Dota 2.url
2015-01-11 21:57 - 2015-01-11 21:57 - 00000000 ____D () C:\Users\JDR\Documents\My Games
2015-01-11 21:38 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-11 21:38 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-11 21:38 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-11 21:38 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-11 21:38 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-11 21:38 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-11 21:38 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-11 21:38 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-11 21:38 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-11 21:38 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-11 21:38 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-11 21:38 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-11 21:38 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-11 21:38 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-11 21:38 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-11 21:38 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-11 21:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-11 21:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-11 21:38 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-11 21:38 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-11 21:38 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-11 21:38 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-11 21:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-11 21:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-11 21:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-11 21:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-11 21:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-11 21:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-11 21:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-11 21:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-11 21:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-11 21:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-11 21:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-11 21:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-11 21:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-11 21:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-11 21:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-11 21:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-11 21:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-11 21:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-11 21:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-11 21:37 - 2015-01-11 21:57 - 00156393 _____ () C:\Windows\DirectX.log
2015-01-11 21:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-11 21:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-11 21:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-11 21:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-11 21:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-11 21:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-11 21:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-11 21:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-11 21:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-11 21:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-11 21:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-11 21:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-11 21:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-11 21:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-11 21:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-11 21:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-11 21:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-11 21:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-11 21:32 - 2015-01-11 21:32 - 00000201 _____ () C:\Users\JDR\Desktop\Driver Parallel Lines.url
2015-01-11 21:31 - 2015-01-11 21:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-11 21:31 - 2015-01-11 21:31 - 00000710 _____ () C:\Users\Public\Desktop\The Secret World.lnk
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\Users\JDR\AppData\Local\Funcom
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
2015-01-11 21:30 - 2015-01-11 21:30 - 23483944 _____ (Funcom ) C:\Users\JDR\Desktop\setup.exe
2015-01-11 20:53 - 2015-01-11 20:56 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () D:\Program Files\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () D:\Program Files\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launchy
2015-01-11 20:40 - 2015-01-11 20:40 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\AMD
2015-01-11 20:38 - 2015-01-11 20:38 - 00000201 _____ () C:\Users\JDR\Desktop\RIFT.url
2015-01-11 20:29 - 2015-01-12 22:32 - 00000000 ____D () C:\Steam
2015-01-11 20:29 - 2015-01-11 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () D:\Program Files\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () D:\Program Files\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\Users\JDR\AppData\Local\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-11 20:19 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-01-11 20:05 - 2015-01-12 22:24 - 00000280 _____ () C:\Windows\setupact.log
2015-01-11 20:05 - 2015-01-11 20:05 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-11 18:50 - 2015-01-11 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-11 18:48 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-11 18:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-11 18:47 - 2015-01-11 18:47 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2015-01-11 18:47 - 2015-01-11 18:47 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2015-01-11 18:45 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-11 18:45 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-11 18:45 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-11 18:45 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-11 18:45 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-11 18:45 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-11 18:45 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-11 18:45 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-11 18:45 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-11 18:45 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-11 18:45 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-11 18:45 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-11 18:45 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-11 18:45 - 2014-11-22 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-11 18:45 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-11 18:45 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-11 18:45 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-11 18:45 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-11 18:45 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-11 18:45 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-11 18:45 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-11 18:45 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-11 18:45 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-11 18:45 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-11 18:45 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-11 18:45 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-11 18:45 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-11 18:45 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-11 18:45 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-11 18:45 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-11 18:45 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-11 18:45 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-11 18:45 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-11 18:45 - 2014-11-22 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-11 18:45 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-11 18:45 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-11 18:45 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-11 18:45 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-11 18:45 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-11 18:45 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-11 18:45 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-11 18:45 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-11 18:45 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-11 18:45 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-11 18:45 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-11 18:45 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-11 18:45 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-11 18:45 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-11 18:45 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-11 18:45 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-11 18:45 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-11 18:45 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-11 18:45 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-11 18:45 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-11 18:45 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-11 18:45 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-11 18:45 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-11 18:45 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-11 18:45 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-11 18:45 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-11 18:45 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-11 18:45 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-11 18:45 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-11 18:45 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-11 18:45 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-11 18:45 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-11 18:45 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-11 18:45 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-11 18:45 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-11 18:45 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-11 18:45 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-11 18:45 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-11 18:45 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-11 18:45 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-11 18:45 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-11 18:45 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-11 18:45 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-11 18:45 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-11 18:45 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-11 18:45 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-11 18:45 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-11 18:45 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-11 18:44 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-11 18:44 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-11 18:44 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-11 18:43 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-11 18:43 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-11 18:43 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-11 18:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-11 18:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-11 18:36 - 2015-01-12 22:27 - 00000000 ___RD () C:\Users\JDR\iCloudDrive
2015-01-11 18:36 - 2015-01-11 18:36 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple Inc
2015-01-11 18:29 - 2015-01-11 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-11 18:25 - 2015-01-11 18:36 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Apple Computer
2015-01-11 18:25 - 2015-01-11 18:34 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple Computer
2015-01-11 18:25 - 2015-01-11 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-11 18:25 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () D:\Program Files\iTunes
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () D:\Program Files\iTunes
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () D:\Program Files\iPod
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () D:\Program Files\iPod
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-11 18:23 - 2015-01-11 18:36 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple
2015-01-11 18:23 - 2015-01-11 18:23 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () D:\Program Files\Apple Software Update
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () D:\Program Files\Apple Software Update
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-11 18:22 - 2015-01-11 18:29 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-11 18:21 - 2015-01-11 18:21 - 00000000 ____D () D:\Program Files\Bonjour
2015-01-11 18:21 - 2015-01-11 18:21 - 00000000 ____D () D:\Program Files\Bonjour
2015-01-11 18:20 - 2015-01-11 18:23 - 00000000 ____D () C:\ProgramData\Apple
2015-01-11 17:39 - 2015-01-11 19:58 - 00000000 ____D () D:\Program Files\CCleaner
2015-01-11 17:39 - 2015-01-11 19:58 - 00000000 ____D () D:\Program Files\CCleaner
2015-01-11 17:39 - 2015-01-11 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-11 17:22 - 2015-01-11 17:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-11 17:21 - 2015-01-11 17:21 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Skype
2015-01-11 17:21 - 2015-01-11 17:21 - 00000000 ____D () C:\Users\JDR\AppData\Local\Skype
2015-01-11 17:20 - 2015-01-11 17:22 - 00000000 ____D () C:\ProgramData\Skype
2015-01-11 17:20 - 2015-01-11 17:20 - 00000827 _____ () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-11 17:20 - 2015-01-11 17:20 - 00000000 ____D () C:\ProgramData\APN
2015-01-11 17:19 - 2015-01-12 09:30 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\uTorrent
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () D:\Program Files\7-Zip
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () D:\Program Files\7-Zip
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-11 16:12 - 2015-01-11 23:17 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-11 11:37 - 2015-01-11 11:37 - 00184800 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2015-01-11 05:27 - 2015-01-11 05:27 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-01-11 05:27 - 2010-11-21 04:23 - 00383786 __RSH () C:\bootmgr
2015-01-10 23:07 - 2015-01-10 23:07 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-01-10 23:06 - 2015-01-10 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Opera Software
2015-01-10 23:06 - 2015-01-10 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Local\Opera Software
2015-01-10 23:06 - 2015-01-10 23:06 - 00000000 ____D () C:\Users\JDR\AppData\Local\CrashRpt
2015-01-10 22:16 - 2015-01-10 23:07 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\QuickScan
2015-01-10 21:40 - 2015-01-10 21:55 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\StormFall
2015-01-10 21:39 - 2015-01-10 21:39 - 00000000 ____D () C:\Users\JDR\AppData\Local\StormFall
2015-01-10 21:39 - 2015-01-10 21:39 - 00000000 ____D () C:\ProgramData\6adc0a0000005fd
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\ATI
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\Users\JDR\AppData\Local\ATI
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\ProgramData\ATI
2015-01-10 21:20 - 2015-01-10 21:20 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-10 21:04 - 2015-01-10 21:04 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-10 21:04 - 2015-01-10 21:04 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Macromedia
2015-01-10 21:03 - 2015-01-10 21:03 - 00000000 __SHD () C:\Users\JDR\AppData\Roaming\AnyProtectEx
2015-01-10 21:02 - 2015-01-10 21:38 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\systweak
2015-01-10 21:02 - 2014-12-08 17:01 - 00020216 _____ () C:\Windows\system32\roboot64.exe
2015-01-10 21:00 - 2015-01-10 22:22 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Raptr
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\library_dir
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\ProgramData\AMD
2015-01-10 20:59 - 2015-01-10 20:59 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-10 20:58 - 2015-01-10 20:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-10 20:49 - 2015-01-12 19:02 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-10 20:47 - 2015-01-10 20:47 - 00000000 ____D () C:\Users\JDR\AppData\Local\Google
2015-01-10 20:47 - 2015-01-10 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 20:46 - 2015-01-10 21:49 - 00002281 _____ () C:\Windows\patsearch.bin
2015-01-10 20:46 - 2015-01-10 20:46 - 00000000 ____D () C:\Users\JDR\AppData\Local\globalUpdate
2015-01-10 20:41 - 2015-01-10 20:41 - 00000000 __SHD () C:\Users\JDR\AppData\Local\EmieUserList
2015-01-10 20:41 - 2015-01-10 20:41 - 00000000 __SHD () C:\Users\JDR\AppData\Local\EmieSiteList
2015-01-10 20:40 - 2015-01-10 20:40 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Adobe
2015-01-10 20:39 - 2015-01-12 20:22 - 00000000 ____D () C:\Users\JDR
2015-01-10 20:39 - 2015-01-11 23:20 - 00058488 _____ () C:\Users\JDR\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-10 20:39 - 2015-01-10 20:39 - 00001648 _____ () C:\Windows\system32\WinToolkit_RunOnce_Log.log
2015-01-10 20:39 - 2015-01-10 20:39 - 00000020 ___SH () C:\Users\JDR\ntuser.ini
2015-01-10 20:39 - 2015-01-10 20:39 - 00000000 ____D () C:\Users\JDR\AppData\Local\VirtualStore
2015-01-10 20:39 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-10 20:39 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-10 20:38 - 2015-01-10 20:38 - 00371116 __RSH () C:\OGJCH
2015-01-10 20:35 - 2015-01-10 20:35 - 00000000 __SHD () C:\Recovery
2015-01-10 20:35 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 20:32 - 2015-01-12 22:29 - 00843521 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 20:31 - 2015-01-10 20:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-10 20:30 - 2015-01-10 20:30 - 00000000 ____D () C:\Windows\CSC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-12 22:31 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-12 22:31 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-12 22:31 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-12 22:24 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-12 19:49 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins
2015-01-12 19:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-12 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-12 18:59 - 2009-07-14 05:45 - 00314840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 20:33 - 2014-11-15 15:37 - 00000000 ____D () C:\Users\JDR\Desktop\Paleo - The Sacred Science
2015-01-11 20:33 - 2014-01-30 14:07 - 00000000 ____D () C:\Users\JDR\Desktop\Paleocon
2015-01-11 20:05 - 2014-09-19 16:37 - 00000000 ____D () C:\Windows\Panther
2015-01-11 20:04 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 20:04 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-11 15:41 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-11 05:27 - 2009-07-14 06:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-10 21:21 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-10 20:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-10 20:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-10 20:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-01-10 20:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\JDR\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
C:\Users\JDR\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\JDR\AppData\Local\Temp\bbbcabfcjja.exe
C:\Users\JDR\AppData\Local\Temp\BD832039-85D4-DA55-8955-89E4DB237898.dll
C:\Users\JDR\AppData\Local\Temp\BD832039-85D4-DA55-8955-89E4DB237898.exe
C:\Users\JDR\AppData\Local\Temp\crdli.dll
C:\Users\JDR\AppData\Local\Temp\insHv15.exe
C:\Users\JDR\AppData\Local\Temp\kbpxx09u.dll
C:\Users\JDR\AppData\Local\Temp\npp.6.7.4.Installer.exe
C:\Users\JDR\AppData\Local\Temp\raptrpatch.exe
C:\Users\JDR\AppData\Local\Temp\raptr_stub.exe
C:\Users\JDR\AppData\Local\Temp\SpOrder.dll
C:\Users\JDR\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\JDR\AppData\Local\Temp\System.Data.SQLitef17ad703-f2f9-4fe4-9e8e-f0e08be7f02d.dll
C:\Users\JDR\AppData\Local\Temp\uttFB1B.tmp.exe
C:\Users\JDR\AppData\Local\Temp\Validate.exe
C:\Users\JDR\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-11 00:07

==================== End Of Log ============================
Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
Ran by JDR at 2015-01-12 22:34:48
Running from C:\Users\JDR\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\uTorrent) (Version: 3.4.2.37951 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Driver: Parallel Lines (HKLM-x32\...\Steam App 21780) (Version:  - Ubisoft Reflections)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.3 (HKLM\...\{9F6EA3D4-B2FA-3120-8DF8-07396231AFB4}) (Version: 4.5.53315 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

26-12-2014 03:59:43 Windows Update
30-12-2014 01:47:19 Windows Update
30-12-2014 19:27:02 Installed iTunes
02-01-2015 20:41:48 Windows Update
02-01-2015 22:42:17 Installed iCloud
04-01-2015 14:27:04 Installed SSDlife Pro
04-01-2015 15:17:42 Installed MPTool
07-01-2015 16:41:59 Windows Update
10-01-2015 17:01:48 Windows Update
11-01-2015 21:37:24 Installed DirectX
11-01-2015 21:56:25 Installed DirectX
11-01-2015 23:16:38 Revo Uninstaller Pro's restore point - Microsoft Security Essentials

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D27F63D-65B6-4882-9D6B-3B3EAB618B29} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {31BBB98D-6B2F-4A07-AA52-D78BB353D7F2} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {335CF032-CD14-4751-8888-E54B1DC95703} - \{33CB2A0C-599B-4E94-9AA8-56CD0953778C} No Task File <==== ATTENTION
Task: {43C63C62-4F72-4694-9E84-330EA7DC34D7} - \upfs7235 No Task File <==== ATTENTION
Task: {99388F60-DCF1-46EF-B18D-1D12D4382D7F} - \YTDownloader No Task File <==== ATTENTION
Task: {FD8591D9-7C88-45DF-88E6-42333E3C28AA} - System32\Tasks\Apple\AppleSoftwareUpdate => D:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) =============

2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () D:\Program Files\Notepad++\NppShell_06.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00380928 _____ () D:\Program Files\Launchy\Launchy.exe
2014-04-14 20:41 - 2015-01-11 17:37 - 00039192 ____R () D:\Program Files\CCleaner\branding.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () D:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-11 20:53 - 2009-12-16 22:13 - 08314880 _____ () D:\Program Files\Launchy\QtGui4.dll
2015-01-11 20:53 - 2009-12-16 21:54 - 02236416 _____ () D:\Program Files\Launchy\QtCore4.dll
2015-01-11 20:53 - 2009-12-16 21:56 - 00712704 _____ () D:\Program Files\Launchy\QtNetwork4.dll
2015-01-11 20:53 - 2009-12-17 00:18 - 00233472 _____ () D:\Program Files\Launchy\imageformats\qmng4.dll
2015-01-11 20:53 - 2010-11-10 19:39 - 00081920 _____ () D:\Program Files\Launchy\plugins\calcy.dll
2015-01-11 20:53 - 2010-11-10 19:39 - 00090112 _____ () D:\Program Files\Launchy\plugins\controly.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00024064 _____ () D:\Program Files\Launchy\plugins\gcalc.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00094208 _____ () D:\Program Files\Launchy\plugins\runner.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00057344 _____ () D:\Program Files\Launchy\plugins\verby.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2100642859-3274675363-52059511-500 - Administrator - Disabled)
Guest (S-1-5-21-2100642859-3274675363-52059511-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2100642859-3274675363-52059511-1002 - Limited - Enabled)
JDR (S-1-5-21-2100642859-3274675363-52059511-1001 - Administrator - Enabled) => C:\Users\JDR

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2015 10:24:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 07:49:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 07:27:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 06:59:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:16:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (01/11/2015 11:16:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
  Gathering Writer Data

Context:
  Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  Writer Name: System Writer
  Writer Instance ID: {fa75f607-92b2-4cac-bc0f-a65d8d505abf}

Error: (01/11/2015 09:56:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (01/11/2015 09:37:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable).

Error: (01/11/2015 08:05:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 06:34:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/12/2015 10:26:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (01/12/2015 10:26:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%1053

Error: (01/12/2015 10:26:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the globalUpdate Update Service (globalUpdate) service to connect.

Error: (01/12/2015 10:24:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/12/2015 07:51:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (01/12/2015 07:51:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%1053

Error: (01/12/2015 07:51:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the globalUpdate Update Service (globalUpdate) service to connect.

Error: (01/12/2015 07:49:53 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/12/2015 07:29:55 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (01/12/2015 07:29:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The globalUpdate Update Service (globalUpdate) service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/12/2015 10:24:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 07:49:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 07:27:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 06:59:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 11:16:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (01/11/2015 11:16:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.


Operation:
  Gathering Writer Data

Context:
  Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
  Writer Name: System Writer
  Writer Instance ID: {fa75f607-92b2-4cac-bc0f-a65d8d505abf}

Error: (01/11/2015 09:56:26 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (01/11/2015 09:37:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.

System Error:
0xC0000039 (unresolvable)

Error: (01/11/2015 08:05:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 06:34:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 61%
Total physical RAM: 4094.48 MB
Available physical RAM: 1591.38 MB
Total Pagefile: 8187.15 MB
Available Pagefile: 4737.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.62 GB) (Free:9.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:464.06 GB) NTFS
Drive e: () (Fixed) (Total:931.5 GB) (Free:90.42 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:233.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: A6DE872E)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CDA4A639)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8C9BA9B6)
Partition 2: (Active) - (Size=931.5 GB) - (Type=05)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 69852B7A)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================
GMER.log
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-12 22:44:44
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5 STT_FTM64GX25H rev.1819 59,63GB
Running: hotte2n7.exe; Driver: C:\Users\JDR\AppData\Local\Temp\uwldypow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                  fffff80002db9000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                  fffff80002db902f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                    0000000076881401 2 bytes JMP 7674b21b C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                      0000000076881419 2 bytes JMP 7674b346 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                    0000000076881431 2 bytes JMP 767c8ea9 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                    000000007688144a 2 bytes CALL 767248ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                  * 9
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                      00000000768814dd 2 bytes JMP 767c87a2 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                00000000768814f5 2 bytes JMP 767c8978 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                      000000007688150d 2 bytes JMP 767c8698 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                0000000076881525 2 bytes JMP 767c8a62 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                      000000007688153d 2 bytes JMP 7673fca8 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                          0000000076881555 2 bytes JMP 767468ef C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                    000000007688156d 2 bytes JMP 767c8f61 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                      0000000076881585 2 bytes JMP 767c8ac2 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                        000000007688159d 2 bytes JMP 767c865c C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                      00000000768815b5 2 bytes JMP 7673fd41 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                    00000000768815cd 2 bytes JMP 7674b2dc C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                00000000768816b2 2 bytes JMP 767c8e24 C:\Windows\syswow64\kernel32.dll
.text    D:\Program Files\Malwarebytes Anti-Malware\mbam.exe[2976] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                00000000768816bd 2 bytes JMP 767c85f1 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000076881401 2 bytes JMP 7674b21b C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000076881419 2 bytes JMP 7674b346 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000076881431 2 bytes JMP 767c8ea9 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      000000007688144a 2 bytes CALL 767248ad C:\Windows\syswow64\kernel32.dll
.text    ...                                                                                                                                                  * 9
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        00000000768814dd 2 bytes JMP 767c87a2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000768814f5 2 bytes JMP 767c8978 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        000000007688150d 2 bytes JMP 767c8698 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000076881525 2 bytes JMP 767c8a62 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007688153d 2 bytes JMP 7673fca8 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000076881555 2 bytes JMP 767468ef C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007688156d 2 bytes JMP 767c8f61 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000076881585 2 bytes JMP 767c8ac2 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          000000007688159d 2 bytes JMP 767c865c C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000768815b5 2 bytes JMP 7673fd41 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000768815cd 2 bytes JMP 7674b2dc C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000768816b2 2 bytes JMP 767c8e24 C:\Windows\syswow64\kernel32.dll
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3380] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  00000000768816bd 2 bytes JMP 767c85f1 C:\Windows\syswow64\kernel32.dll

---- EOF - GMER 2.1 ----
Hoffentlich hab ich Glück - Danke im Voraus!

cosinus 12.01.2015 23:29
Hi,

Logs von Malwarebytes? Bitte alle posten.

jaydee81 12.01.2015 23:40
Malewarebytes Logs
 
Malwarebytes Log 1:
Code:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/12 19:17:00 +0100</date>
<logfile>mbam-log-2015-01-12 (19-16-59).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.12.07</malware-database>
<rootkit-database>v2015.01.07.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>JDR</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>312948</objects>
<time>514</time>
<processes>5</processes>
<modules>0</modules>
<keys>51</keys>
<values>12</values>
<datas>12</datas>
<folders>16</folders>
<files>111</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe</path><vendor>PUP.Optional.WindowsProtectManger.A</vendor><action>delete-on-reboot</action><pid>1584</pid><hash>830426d0286149ed628b497ac1401ae6</hash></process>
<process><path>C:\Program Files (x86)\LPT\srptsl.exe</path><vendor>PUP.Optional.VeriStaff</vendor><action>delete-on-reboot</action><pid>1372</pid><hash>fa8d44b2dfaa2511126a0b528779a45c</hash></process>
<process><path>D:\Program Files\WordProser_1.10.0.6\Service\wpsvc.exe</path><vendor>PUP.Optional.WordProser.A</vendor><action>delete-on-reboot</action><pid>2332</pid><hash>a6e1c531ff8aca6c6949eef2a06142be</hash></process>
<process><path>C:\Program Files (x86)\LPT\srpts.exe</path><vendor>PUP.Optional.Linkury.A</vendor><action>delete-on-reboot</action><pid>1928</pid><hash>fe898d6994f5b28440906148ee15a759</hash></process>
<process><path>C:\Windows\rcore.exe</path><vendor>PUP.Optional.Score.A</vendor><action>delete-on-reboot</action><pid>2196</pid><hash>8502fcfa5a2f3ff7d455d6165ba9b64a</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect</path><vendor>PUP.Optional.WindowsProtectManger.A</vendor><action>success</action><hash>830426d0286149ed628b497ac1401ae6</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpsvc_1.10.0.6</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a6e1c531ff8aca6c6949eef2a06142be</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>90f7d1256f1a72c4d1d773789d653bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}</path><vendor>PUP.Optional.DynConIE.A</vendor><action>success</action><hash>90f7d1256f1a72c4d1d773789d653bc5</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8dfad71fa4e5fb3b8f84edfe0bf78080</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8dfad71fa4e5fb3b8f84edfe0bf78080</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8dfad71fa4e5fb3b8f84edfe0bf78080</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8dfad71fa4e5fb3b8f84edfe0bf78080</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8dfad71fa4e5fb3b8f84edfe0bf78080</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8dfad71fa4e5fb3b8f84edfe0bf78080</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}</path><vendor>PUP.Optional.Snapdo.T</vendor><action>success</action><hash>afd80aecef9a9f978202d350b84b4db3</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}</path><vendor>PUP.Optional.Snapdo.T</vendor><action>success</action><hash>afd80aecef9a9f978202d350b84b4db3</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}</path><vendor>PUP.Optional.DefaultSearch.A</vendor><action>success</action><hash>a9de6f8746433cfade5f27c09e645ba5</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}</path><vendor>PUP.Optional.DefaultSearch.A</vendor><action>success</action><hash>a9de6f8746433cfade5f27c09e645ba5</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_6</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>f88fde18f09935011154b1c505fec63a</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{886f5d30-5b8b-42ab-98f8-31d062b96dc3}Gw64</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>d8af9b5b0d7cdd59fc572264a65dbf41</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a6994947-8316-401e-82e4-23da215413fb}Gw64</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>731411e5414841f52231e1a5bb4846ba</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}</path><vendor>PUP.Optional.Qone8</vendor><action>success</action><hash>5f287a7ccfbab77f53d1468b6a9acb35</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>61264da9cbbe1521643c816873912bd5</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>6e19c234ed9c3006c3dcd712808434cc</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\ClickCaption_1.10.0.5</path><vendor>PUP.Optional.ClickCaption.A</vendor><action>success</action><hash>3453f0069eeb9f974606dc97897aad53</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\Flowsurf</path><vendor>PUP.Optional.FlowSurf.A</vendor><action>success</action><hash>6d1a6d892069f244a91ab03e1fe5bb45</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\IHProtect</path><vendor>PUP.Optional.IHProtect.A</vendor><action>success</action><hash>3d4a787e6f1a171f7242d7937291c13f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware</path><vendor>PUP.Optional.ISearch.A</vendor><action>success</action><hash>5631e214e5a489ad95eca23bbe46e41c</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SmdmF</path><vendor>PUP.Optional.SettingsManager.A</vendor><action>success</action><hash>f7904ea802875cda29e4c8ba8a7935cb</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>e2a5f9fd44450135fe7b6d780004a957</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.6</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>d9ae985ee7a293a370f85125e91a14ec</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><hash>1e6904f2e0a9f3434a4b4e3aae552fd1</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}</path><vendor>PUP.Optional.Linkury.A</vendor><action>success</action><hash>266133c3b9d049edb5070d89a95ad62a</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>790e619567223bfb5322c4244cb852ae</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>47404da9662373c30f6730b830d412ee</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SUPTAB</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>4b3c09eddfaacd692633aad661a2a55b</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>097e3bbbd9b04fe7dbd31674b54e48b8</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ccnfd_1_10_0_5</path><vendor>PUP.Optional.ClickCaption.A</vendor><action>success</action><hash>07807b7b256487af301a87ecd62d768a</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect</path><vendor>PUP.Optional.WindowsMangerProtect.A</vendor><action>success</action><hash>f295cf2774154cea1a694134cb3808f8</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER</path><vendor>PUP.Optional.Linkury.A</vendor><action>success</action><hash>fe898d6994f5b28440906148ee15a759</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES</path><vendor>PUP.Optional.Score.A</vendor><action>success</action><hash>8502fcfa5a2f3ff7d455d6165ba9b64a</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force</path><vendor>PUP.Optional.GeForce.A</vendor><action>success</action><hash>c0c7f204395062d425525690fb0922de</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPro-Video 1.6V10.01</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>93f4ed0953362511969e314331d28e72</hash></key>
<key><path>HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Media+PlayerVidEd2.5</path><vendor>PUP.Optional.MediaPlayerVideo.A</vendor><action>success</action><hash>3156a353315863d39e3ed19d37ccd22e</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp</path><vendor>PUP.Optional.StormWatchApp.A</vendor><action>success</action><hash>06819561018869cd3597304654af23dd</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>563103f33b4ea88eb9efaf39dd27a45c</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>ee9952a492f796a0ad14fbde48bc19e7</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE</path><vendor>PUP.Optional.MultiIE.A</vendor><action>success</action><hash>6f188c6a1c6d42f42bb8fae8ea1a619f</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>bdcad125ed9c181e6c14cce3d42feb15</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><hash>850234c2d1b8ae884650863fd72d6a96</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR</path><vendor>PUP.Optional.SafeFinder.A</vendor><action>success</action><hash>f295c82ef396c96d027b6a1727dcc53b</hash></key>
<key><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd</path><vendor>PUP.Optional.SystemSpeedup</vendor><action>success</action><hash>acdb0cea286140f67d304f3b4fb49967</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WordProser_1.10.0.6</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></key>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename><vendor>PUP.Optional.SmartBar</vendor><action>success</action><valuedata>Smartbar</valuedata><hash>305718de5732de5859a5aad4ce358c74</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE</path><valuename>path</valuename><vendor>PUP.Optional.GlobalUpdate.T</vendor><action>success</action><valuedata>C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe</valuedata><hash>1e6904f2e0a9f3434a4b4e3aae552fd1</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{ae07101b-46d4-4a98-af68-0333ea26e113}</valuename><vendor>PUP.Optional.SmartBar</vendor><action>success</action><valuedata>Smartbar</valuedata><hash>f4935e98fc8dd46252aceb93da29e41c</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>gmsd_de_78</valuename><vendor>PUP.Optional.GamesDesktop.A</vendor><action>success</action><valuedata></valuedata><hash>13749c5a355401355be6bcb36f94c13f</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>gmsd_de_80</valuename><vendor>PUP.Optional.GamesDesktop.A</vendor><action>success</action><valuedata></valuedata><hash>97f09b5b117872c419288be428db2ed2</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>mbot_de_406</valuename><vendor>PUP.Optional.MBot.A</vendor><action>success</action><valuedata></valuedata><hash>2a5db145b7d29c9a06b997ea48bb57a9</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\SUPTAB</path><valuename>ptid</valuename><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><valuedata>tugs</valuedata><hash>4b3c09eddfaacd692633aad661a2a55b</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER</path><valuename>ImagePath</valuename><vendor>PUP.Optional.Linkury.A</vendor><action>success</action><valuedata>&quot;C:\Program Files (x86)\LPT\srpts.exe&quot;</valuedata><hash>fe898d6994f5b28440906148ee15a759</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES</path><valuename>ImagePath</valuename><vendor>PUP.Optional.Score.A</vendor><action>success</action><valuedata>C:\Windows\rcore.exe</valuedata><hash>8502fcfa5a2f3ff7d455d6165ba9b64a</hash></value>
<value><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>success</action><valuedata>0Q1O1R1R0D1G1J1S</valuedata><hash>850234c2d1b8ae884650863fd72d6a96</hash></value>
<value><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Snapdo.T</vendor><action>success</action><valuedata>{006ee092-9658-4fd6-bd8e-a21a348e59f5}</valuedata><hash>335412e41c6d8da9badc5a2ef0132ad6</hash></value>
<value><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR</path><valuename>publisher</valuename><vendor>PUP.Optional.SafeFinder.A</vendor><action>success</action><valuedata>IrsSF</valuedata><hash>f295c82ef396c96d027b6a1727dcc53b</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.OmigaPlus.A</vendor><action>replaced</action><valuedata>hxxp://isearch.omiga-plus.com/?type=hppp&amp;ts=1420919252&amp;from=tugs&amp;uid=STTXFTM64GX25H_P569318-btix-6269013</valuedata><baddata>hxxp://isearch.omiga-plus.com/?type=hppp&amp;ts=1420919252&amp;from=tugs&amp;uid=STTXFTM64GX25H_P569318-btix-6269013</baddata><gooddata>www.google.com</gooddata><hash>186fe90d276274c2878a0d861bea5da3</hash></data>
<data><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES</path><valuename>DefaultScope</valuename><vendor>PUP.Optional.Qone8</vendor><action>replaced</action><valuedata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</valuedata><baddata>{33BB0A4E-99AF-4226-BDF6-49120163DE86}</baddata><gooddata>{0633EE93-D776-472f-A0FF-E1416B8B2E3A}</gooddata><hash>3651a1554c3dc37389b6622f21e4ec14</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.OmigaPlus.A</vendor><action>replaced</action><valuedata>hxxp://isearch.omiga-plus.com/?type=hppp&amp;ts=1420919252&amp;from=tugs&amp;uid=STTXFTM64GX25H_P569318-btix-6269013</valuedata><baddata>hxxp://isearch.omiga-plus.com/?type=hppp&amp;ts=1420919252&amp;from=tugs&amp;uid=STTXFTM64GX25H_P569318-btix-6269013</baddata><gooddata>www.google.com</gooddata><hash>3651bc3abdcc4ceaa170543f57ae946c</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL</path><valuename>Default</valuename><vendor>PUP.Optional.SafeFinder.A</vendor><action>replaced</action><valuedata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyahHISZMPSu3Vv0UGtPsXvs&amp;q={searchTerms}</valuedata><baddata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyahHISZMPSu3Vv0UGtPsXvs&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>236427cf4445be784ce15630689d5fa1</hash></data>
<data><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Search Page</valuename><vendor>PUP.Optional.SafeFinder.A</vendor><action>replaced</action><valuedata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</valuedata><baddata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>90f7cd290386112531f5295d56afb54b</hash></data>
<data><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.SafeFinder.A</vendor><action>replaced</action><valuedata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCSH6gc8-7TDgQXhxYEloZ5bmvGguuDX11bYCBT6-B25m6HH_IaaV5Io90RgwFx3BGxOSudEc9ytaPWkOnpeyBlN</valuedata><baddata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCSH6gc8-7TDgQXhxYEloZ5bmvGguuDX11bYCBT6-B25m6HH_IaaV5Io90RgwFx3BGxOSudEc9ytaPWkOnpeyBlN</baddata><gooddata>www.google.com</gooddata><hash>0582a84eacddbb7bc55e582ebc4959a7</hash></data>
<data><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Page_URL</valuename><vendor>PUP.Optional.OmigaPlus.A</vendor><action>replaced</action><valuedata>hxxp://isearch.omiga-plus.com/?type=hppp&amp;ts=1420919252&amp;from=tugs&amp;uid=STTXFTM64GX25H_P569318-btix-6269013</valuedata><baddata>hxxp://isearch.omiga-plus.com/?type=hppp&amp;ts=1420919252&amp;from=tugs&amp;uid=STTXFTM64GX25H_P569318-btix-6269013</baddata><gooddata>www.google.com</gooddata><hash>f1964da98dfc4beb4ebb088bda2b26da</hash></data>
<data><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.OmigaPlus.A</vendor><action>replaced</action><valuedata>hxxp://isearch.omiga-plus.com/web/?type=dspp&amp;ts=1420919252&amp;from=tugs&amp;uid=STTXFTM64GX25H_P569318-btix-6269013&amp;q={searchTerms}</valuedata><baddata>hxxp://isearch.omiga-plus.com/web/?type=dspp&amp;ts=1420919252&amp;from=tugs&amp;uid=STTXFTM64GX25H_P569318-btix-6269013&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>3d4ab4427a0fea4c8e85dca937ced52b</hash></data>
<data><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Search Bar</valuename><vendor>PUP.Optional.SafeFinder.A</vendor><action>replaced</action><valuedata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</valuedata><baddata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>9becaf475d2c90a6fa2ed7af27de32ce</hash></data>
<data><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH</path><valuename>Default_Search_URL</valuename><vendor>PUP.Optional.SafeFinder.A</vendor><action>replaced</action><valuedata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</valuedata><baddata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>32552dc92e5bfc3a63c88afc8a7be21e</hash></data>
<data><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH</path><valuename>SearchAssistant</valuename><vendor>PUP.Optional.SafeFinder.A</vendor><action>replaced</action><valuedata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</valuedata><baddata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>5b2c70864d3c072f121aa9dd3ec7a858</hash></data>
<data><path>HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL</path><valuename>Default</valuename><vendor>PUP.Optional.SafeFinder.A</vendor><action>replaced</action><valuedata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</valuedata><baddata>hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&amp;q={searchTerms}</baddata><gooddata>www.google.com</gooddata><hash>9deab6401d6c4ceaa787dbab6d983cc4</hash></data>
<folder><path>C:\Users\JDR\AppData\Roaming\OpenCandy</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>8502c630791091a50ce16cc71ee5f60a</hash></folder>
<folder><path>C:\Users\JDR\AppData\Roaming\OpenCandy\OpenCandy_F84DC9210CC144FDAC59644E772CE2C2</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>8502c630791091a50ce16cc71ee5f60a</hash></folder>
<folder><path>C:\Users\JDR\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>c8bf06f0aedb88aebbe861ea0cf7e31d</hash></folder>
<folder><path>C:\Users\JDR\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>d1b634c23f4a2115089c52f9986b43bd</hash></folder>
<folder><path>C:\ProgramData\WindowsMangerProtect</path><vendor>PUP.Optional.WPM.A</vendor><action>delete-on-reboot</action><hash>cdbab83e1a6f979f5063a1aace35a35d</hash></folder>
<folder><path>C:\ProgramData\WindowsMangerProtect\update</path><vendor>PUP.Optional.WPM.A</vendor><action>success</action><hash>cdbab83e1a6f979f5063a1aace35a35d</hash></folder>
<folder><path>C:\Users\JDR\AppData\Local\Temp\comh.127565</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></folder>
<folder><path>C:\Users\JDR\AppData\Local\Temp\comh.145177</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></folder>
<folder><path>C:\Users\JDR\AppData\Local\Temp\comh.158125</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></folder>
<folder><path>C:\Users\JDR\AppData\Local\Temp\comh.406763</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></folder>
<folder><path>C:\Users\JDR\AppData\Local\Temp\comh.459338</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></folder>
<folder><path>D:\Program Files\WordProser_1.10.0.6</path><vendor>PUP.Optional.WordProser.A</vendor><action>delete-on-reboot</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></folder>
<folder><path>D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></folder>
<folder><path>D:\Program Files\WordProser_1.10.0.6\Service</path><vendor>PUP.Optional.WordProser.A</vendor><action>delete-on-reboot</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></folder>
<folder><path>C:\ProgramData\IHProtectUpDate</path><vendor>PUP.Optional.IHProtectUpDate.A</vendor><action>success</action><hash>abdc8e68f495e84ee72f7cedd33035cb</hash></folder>
<folder><path>C:\ProgramData\IHProtectUpDate\update</path><vendor>PUP.Optional.IHProtectUpDate.A</vendor><action>success</action><hash>abdc8e68f495e84ee72f7cedd33035cb</hash></folder>
<file><path>C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe</path><vendor>PUP.Optional.WindowsProtectManger.A</vendor><action>delete-on-reboot</action><hash>830426d0286149ed628b497ac1401ae6</hash></file>
<file><path>C:\Program Files (x86)\LPT\srptsl.exe</path><vendor>PUP.Optional.VeriStaff</vendor><action>delete-on-reboot</action><hash>fa8d44b2dfaa2511126a0b528779a45c</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\Service\wpsvc.exe</path><vendor>PUP.Optional.WordProser.A</vendor><action>delete-on-reboot</action><hash>a6e1c531ff8aca6c6949eef2a06142be</hash></file>
<file><path>C:\Program Files (x86)\XTab\SupTab.dll</path><vendor>PUP.Optional.SupTab.A</vendor><action>success</action><hash>8dfad71fa4e5fb3b8f84edfe0bf78080</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\292195.exe.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>e4a3d323c0c9ba7c300d8b7c43bf5da3</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\312419.exe.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>9fe8c23495f457df61f8d33533cf41bf</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\350425.exe.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>12753fb75930f046e376b94fb15134cc</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\nsq73C9.tmp\utu.dll</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>7b0caf473d4cd660c37aaa5d07fbd030</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\81c83413-b1a5-42b2-9c78-cb8e7761d798\games desktop.exe</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>c0c773838108171fed7cdf1c50b1936d</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\is-3AVA1.tmp\package_speedup_installer_multilang.exe</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>147319dda3e6f73f39b50be6a160b24e</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\is-JI9OR.tmp\package_mybestofferstoday_installer_multilang.exe</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>7a0db73f91f85fd7b7376a87d62b847c</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\is-V0QH0.tmp\package_speedup_installer_multilang.exe</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>4047f9fd1a6f2412e20cea07946d22de</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\is-V6A5H.tmp\package_mybestofferstoday_installer_multilang.exe</path><vendor>PUP.Optional.Tuto4PC.A</vendor><action>success</action><hash>bec920d69bee67cf599523ce61a017e9</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\~dlFCF4\~dljyb\tmp\STab_v4.0.exe</path><vendor>PUP.Optional.XTab.A</vendor><action>success</action><hash>2f581fd797f2e4527b8631d4659d13ed</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\~dlFCF4\~dljyb\tmp\wpm_v20.0.0.1337.exe</path><vendor>PUP.Optional.WindowsProtectManger.A</vendor><action>success</action><hash>741355a191f8f046c12cf6cd8e7343bd</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\cd06f77b-2e4b-407a-9f5a-bf4099dbff09\3333-2081_speedcheck.exe</path><vendor>PUP.Optional.SpeedCheck.A</vendor><action>success</action><hash>b6d152a4becb4fe75c42baabb050eb15</hash></file>
<file><path>C:\Users\JDR\Downloads\ChromeSetup.exe</path><vendor>PUP.Optional.SoftPulse</vendor><action>success</action><hash>a1e61bdbd6b36ccabb4f0efa659db34d</hash></file>
<file><path>C:\Windows\AppPatch\AppPatch64\VCLdr64.dll</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>5a2d8b6be0a9c76ff16c04aa04fde11f</hash></file>
<file><path>C:\Windows\Installer\6702f.msi</path><vendor>PUP.Optional.VeriStaff</vendor><action>success</action><hash>ec9b37bf216854e2502f5d00f709827e</hash></file>
<file><path>C:\Windows\Installer\MSICC0B.tmp-\Smartbar.Installer.CustomActions.dll</path><vendor>PUP.Optional.SmartBar</vendor><action>success</action><hash>3c4bc72fb7d222141e6553db8080c937</hash></file>
<file><path>C:\Windows\Installer\MSIEB2.tmp-\Smartbar.Installer.CustomActions.dll</path><vendor>PUP.Optional.SmartBar</vendor><action>success</action><hash>8ef917dfaadf1521f88b49e5e11f33cd</hash></file>
<file><path>C:\Windows\Installer\MSI69A0.tmp-\Smartbar.Installer.CustomActions.dll</path><vendor>PUP.Optional.SmartBar</vendor><action>success</action><hash>325510e672176cca196ab07e0ff11be5</hash></file>
<file><path>C:\Windows\System32\drivers\Msft_Kernel_webinstrNHK_01009.Wdf</path><vendor>PUP.Optional.WebInstr.A</vendor><action>success</action><hash>54339a5c2d5cf046c73fea801fe4f709</hash></file>
<file><path>C:\Windows\System32\abengineOff.ini</path><vendor>PUP.Optional.Flowsurf.A</vendor><action>success</action><hash>60271dd9e3a61e18fed8d99237cce31d</hash></file>
<file><path>C:\Windows\SysWOW64\abengineOff.ini</path><vendor>PUP.Optional.Flowsurf.A</vendor><action>success</action><hash>9ceb29cd76139c9af0e6610aef1413ed</hash></file>
<file><path>C:\Windows\SysWOW64\abengine.ini</path><vendor>PUP.Optional.Flowsurf.A</vendor><action>success</action><hash>e99efbfb98f169cd9b3cdd8e6c97a060</hash></file>
<file><path>C:\Windows\Temp\abengine.log</path><vendor>PUP.Optional.Flowsurf.A</vendor><action>success</action><hash>83044aacfe8b999ddffd9ecdbc470af6</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage</path><vendor>PUP.Optional.BoostSaves.A</vendor><action>delete-on-reboot</action><hash>fb8c80763b4e3afc0622125c35ceaf51</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal</path><vendor>PUP.Optional.BoostSaves.A</vendor><action>delete-on-reboot</action><hash>ddaa7b7bf495ce68cc5c6509bf4413ed</hash></file>
<file><path>C:\Windows\System32\drivers\wpnfd_1_10_0_6.sys</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>f88fde18f09935011154b1c505fec63a</hash></file>
<file><path>C:\Windows\System32\drivers\{886f5d30-5b8b-42ab-98f8-31d062b96dc3}Gw64.sys</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>d8af9b5b0d7cdd59fc572264a65dbf41</hash></file>
<file><path>C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys</path><vendor>PUP.Optional.Sanbreel.A</vendor><action>success</action><hash>731411e5414841f52231e1a5bb4846ba</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage</path><vendor>PUP.Optional.Boost.A</vendor><action>delete-on-reboot</action><hash>4e3941b5fb8e3402cd9fa2e6a95a11ef</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal</path><vendor>PUP.Optional.Boost.A</vendor><action>success</action><hash>4047d5214c3d16204824097f07fcf10f</hash></file>
<file><path>C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>dbac20d601887bbba8fb44a592726997</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage</path><vendor>PUP.Optional.ReMarkable.A</vendor><action>delete-on-reboot</action><hash>8502b83ecabfe84ef6939555fc08916f</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal</path><vendor>PUP.Optional.ReMarkable.A</vendor><action>delete-on-reboot</action><hash>bfc85a9c45441c1a3f4a04e60202b64a</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>384fa74f860383b35f79c42a09fb12ee</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-install-v0003</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>6720ad49e5a4df5709cf549a71932ed2</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-processes-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>6720c1355c2d58de0fc9b03e0ff5d22e</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>830419dde2a72511a533eb0373917f81</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>a1e646b07910999d6474d11ddc28ef11</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-uninstall-v0002</path><vendor>PUP.Optional.Vitruvian.A</vendor><action>success</action><hash>e0a7787e2a5f4fe7597f3eb0eb19659b</hash></file>
<file><path>C:\Program Files (x86)\LPT\srpts.exe</path><vendor>PUP.Optional.Linkury.A</vendor><action>delete-on-reboot</action><hash>fe898d6994f5b28440906148ee15a759</hash></file>
<file><path>C:\Windows\rcore.exe</path><vendor>PUP.Optional.Score.A</vendor><action>delete-on-reboot</action><hash>8502fcfa5a2f3ff7d455d6165ba9b64a</hash></file>
<file><path>C:\Users\JDR\AppData\Roaming\OpenCandy\OpenCandy_F84DC9210CC144FDAC59644E772CE2C2\syesubc3_p2v3.exe</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>8502c630791091a50ce16cc71ee5f60a</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>c8bf06f0aedb88aebbe861ea0cf7e31d</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>c8bf06f0aedb88aebbe861ea0cf7e31d</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>c8bf06f0aedb88aebbe861ea0cf7e31d</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>d1b634c23f4a2115089c52f9986b43bd</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>d1b634c23f4a2115089c52f9986b43bd</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.127565\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>bdca85715c2d78bee9b8ff4ec63d7987</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.145177\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>4a3da84e88011c1a425f222bf50e7b85</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.158125\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>2e59995dc9c088aee6bb64e940c3d927</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.406763\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>6423876fa7e263d39e03f25bcc372cd4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleCrashHandler.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleUpdate.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleUpdateBroker.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleUpdateHelper.msi</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleUpdateOnDemand.exe</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\goopdate.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\goopdateres_en.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\npGoogleUpdate4.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\psmachine.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Temp\comh.459338\psuser.dll</path><vendor>PUP.Optional.GlobalUpdate.A</vendor><action>success</action><hash>ccbb7a7cc8c1ff379809fd50db288d73</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\terms-of-service.rtf</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\Uninstall.exe</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\buildcrx-license.txt</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\Info-ZIP-license.txt</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\JSON-simple-license.txt</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\nsJSON-license.txt</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\Nustache-license.txt</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\TaskScheduler-license.txt</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\UAC-license.txt</path><vendor>PUP.Optional.WordProser.A</vendor><action>success</action><hash>a2e5f402a2e7979f9bdded7216edac54</hash></file>
<file><path>C:\ProgramData\IHProtectUpDate\update\conf</path><vendor>PUP.Optional.IHProtectUpDate.A</vendor><action>success</action><hash>abdc8e68f495e84ee72f7cedd33035cb</hash></file>
</items>
</mbam-log>
Log 2:
Code:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/12 19:30:41 +0100</date>
<logfile>mbam-log-2015-01-12 (19-30-40).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.12.07</malware-database>
<rootkit-database>v2015.01.07.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>JDR</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>311797</objects>
<time>461</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>6</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage</path><vendor>PUP.Optional.BoostSaves.A</vendor><action>delete-on-reboot</action><hash>cdbaf00692f7e74f8f996d01c73c31cf</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal</path><vendor>PUP.Optional.BoostSaves.A</vendor><action>delete-on-reboot</action><hash>e1a651a593f63204fc2cdd91e51ec838</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage</path><vendor>PUP.Optional.Boost.A</vendor><action>delete-on-reboot</action><hash>5136ec0ad4b592a43b31e1a742c1639d</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal</path><vendor>PUP.Optional.Boost.A</vendor><action>delete-on-reboot</action><hash>563139bdb2d744f2610bb7d1e0235aa6</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage</path><vendor>PUP.Optional.ReMarkable.A</vendor><action>delete-on-reboot</action><hash>31561dd934552a0c1a6f6585dc28e818</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal</path><vendor>PUP.Optional.ReMarkable.A</vendor><action>delete-on-reboot</action><hash>295eb3432d5cca6c5633da105aaad62a</hash></file>
</items>
</mbam-log>
Log 3:
Code:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/01/12 19:39:28 +0100</date>
<logfile>mbam-log-2015-01-12 (19-39-25).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.01.12.07</malware-database>
<rootkit-database>v2015.01.07.01</rootkit-database>
<license>trial</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>JDR</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>312794</objects>
<time>530</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>6</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage</path><vendor>PUP.Optional.BoostSaves.A</vendor><action>delete-on-reboot</action><hash>b1e7e70d4d3c24125fc9066821e23dc3</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal</path><vendor>PUP.Optional.BoostSaves.A</vendor><action>delete-on-reboot</action><hash>2078e014eb9ea591eb3d2747cb3852ae</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage</path><vendor>PUP.Optional.Boost.A</vendor><action>delete-on-reboot</action><hash>adeb22d2177238feadbf751307fc1ce4</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal</path><vendor>PUP.Optional.Boost.A</vendor><action>delete-on-reboot</action><hash>2e6a579d7a0f999df67630587e85d32d</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage</path><vendor>PUP.Optional.ReMarkable.A</vendor><action>delete-on-reboot</action><hash>a0f81dd7abdeb086bacfe5059272cb35</hash></file>
<file><path>C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal</path><vendor>PUP.Optional.ReMarkable.A</vendor><action>delete-on-reboot</action><hash>dfb98272c2c766d0711809e1a0648977</hash></file>
</items>
</mbam-log>

cosinus 13.01.2015 00:23
Logs bitte als TXT speichern und posten, kein XML

jaydee81 13.01.2015 07:49
Ok sorry, hier als TXT.

Log 1
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12.01.2015
Scan Time: 19:17:00
Logfile: Mal Log 1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.12.07
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JDR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312948
Time Elapsed: 8 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 5
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1584, Delete-on-Reboot, [830426d0286149ed628b497ac1401ae6]
PUP.Optional.VeriStaff, C:\Program Files (x86)\LPT\srptsl.exe, 1372, Delete-on-Reboot, [fa8d44b2dfaa2511126a0b528779a45c]
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\Service\wpsvc.exe, 2332, Delete-on-Reboot, [a6e1c531ff8aca6c6949eef2a06142be]
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe, 1928, Delete-on-Reboot, [fe898d6994f5b28440906148ee15a759]
PUP.Optional.Score.A, C:\Windows\rcore.exe, 2196, Delete-on-Reboot, [8502fcfa5a2f3ff7d455d6165ba9b64a]

Modules: 0
(No malicious items detected)

Registry Keys: 51
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarantined, [830426d0286149ed628b497ac1401ae6],
PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpsvc_1.10.0.6, Quarantined, [a6e1c531ff8aca6c6949eef2a06142be],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [90f7d1256f1a72c4d1d773789d653bc5],
PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarantined, [90f7d1256f1a72c4d1d773789d653bc5],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [8dfad71fa4e5fb3b8f84edfe0bf78080],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [8dfad71fa4e5fb3b8f84edfe0bf78080],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [8dfad71fa4e5fb3b8f84edfe0bf78080],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, Quarantined, [8dfad71fa4e5fb3b8f84edfe0bf78080],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, Quarantined, [8dfad71fa4e5fb3b8f84edfe0bf78080],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [8dfad71fa4e5fb3b8f84edfe0bf78080],
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [afd80aecef9a9f978202d350b84b4db3],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarantined, [afd80aecef9a9f978202d350b84b4db3],
PUP.Optional.DefaultSearch.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [a9de6f8746433cfade5f27c09e645ba5],
PUP.Optional.DefaultSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2498}, Quarantined, [a9de6f8746433cfade5f27c09e645ba5],
PUP.Optional.WordProser.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\wpnfd_1_10_0_6, Quarantined, [f88fde18f09935011154b1c505fec63a],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{886f5d30-5b8b-42ab-98f8-31d062b96dc3}Gw64, Quarantined, [d8af9b5b0d7cdd59fc572264a65dbf41],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{a6994947-8316-401e-82e4-23da215413fb}Gw64, Quarantined, [731411e5414841f52231e1a5bb4846ba],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [5f287a7ccfbab77f53d1468b6a9acb35],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [61264da9cbbe1521643c816873912bd5],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [6e19c234ed9c3006c3dcd712808434cc],
PUP.Optional.ClickCaption.A, HKLM\SOFTWARE\WOW6432NODE\ClickCaption_1.10.0.5, Quarantined, [3453f0069eeb9f974606dc97897aad53],
PUP.Optional.FlowSurf.A, HKLM\SOFTWARE\WOW6432NODE\Flowsurf, Quarantined, [6d1a6d892069f244a91ab03e1fe5bb45],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [3d4a787e6f1a171f7242d7937291c13f],
PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, Quarantined, [5631e214e5a489ad95eca23bbe46e41c],
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SmdmF, Quarantined, [f7904ea802875cda29e4c8ba8a7935cb],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarantined, [e2a5f9fd44450135fe7b6d780004a957],
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\WordProser_1.10.0.6, Quarantined, [d9ae985ee7a293a370f85125e91a14ec],
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE, Quarantined, [1e6904f2e0a9f3434a4b4e3aae552fd1],
PUP.Optional.Linkury.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{BC0BF363-63AB-4FF7-8EF1-AE0D7F711B24}, Quarantined, [266133c3b9d049edb5070d89a95ad62a],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=10, Quarantined, [790e619567223bfb5322c4244cb852ae],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLAPLUGINS\@staging.google.com/globalUpdate Update;version=4, Quarantined, [47404da9662373c30f6730b830d412ee],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarantined, [4b3c09eddfaacd692633aad661a2a55b],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, Quarantined, [097e3bbbd9b04fe7dbd31674b54e48b8],
PUP.Optional.ClickCaption.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ccnfd_1_10_0_5, Quarantined, [07807b7b256487af301a87ecd62d768a],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarantined, [f295cf2774154cea1a694134cb3808f8],
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER, Quarantined, [fe898d6994f5b28440906148ee15a759],
PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES, Quarantined, [8502fcfa5a2f3ff7d455d6165ba9b64a],
PUP.Optional.GeForce.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Ge-Force, Quarantined, [c0c7f204395062d425525690fb0922de],
PUP.Optional.CrossRider.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\HQPro-Video 1.6V10.01, Quarantined, [93f4ed0953362511969e314331d28e72],
PUP.Optional.MediaPlayerVideo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Media+PlayerVidEd2.5, Quarantined, [3156a353315863d39e3ed19d37ccd22e],
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, Quarantined, [06819561018869cd3597304654af23dd],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, Quarantined, [563103f33b4ea88eb9efaf39dd27a45c],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [ee9952a492f796a0ad14fbde48bc19e7],
PUP.Optional.MultiIE.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarantined, [6f188c6a1c6d42f42bb8fae8ea1a619f],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [bdcad125ed9c181e6c14cce3d42feb15],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [850234c2d1b8ae884650863fd72d6a96],
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [f295c82ef396c96d027b6a1727dcc53b],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [acdb0cea286140f67d304f3b4fb49967],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.WordProser.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WordProser_1.10.0.6, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],

Registry Values: 12
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [305718de5732de5859a5aad4ce358c74]
PUP.Optional.GlobalUpdate.T, HKLM\SOFTWARE\WOW6432NODE\GLOBALUPDATE\UPDATE|path, C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe, Quarantined, [1e6904f2e0a9f3434a4b4e3aae552fd1]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarantined, [f4935e98fc8dd46252aceb93da29e41c]
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_78, Quarantined, [13749c5a355401355be6bcb36f94c13f],
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_de_80, Quarantined, [97f09b5b117872c419288be428db2ed2],
PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_de_406, Quarantined, [2a5db145b7d29c9a06b997ea48bb57a9],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, tugs, Quarantined, [4b3c09eddfaacd692633aad661a2a55b]
PUP.Optional.Linkury.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LPTSYSTEMUPDATER|ImagePath, "C:\Program Files (x86)\LPT\srpts.exe", Quarantined, [fe898d6994f5b28440906148ee15a759]
PUP.Optional.Score.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\RCORES|ImagePath, C:\Windows\rcore.exe, Quarantined, [8502fcfa5a2f3ff7d455d6165ba9b64a]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Q1O1R1R0D1G1J1S, Quarantined, [850234c2d1b8ae884650863fd72d6a96]
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarantined, [335412e41c6d8da9badc5a2ef0132ad6]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, IrsSF, Quarantined, [f295c82ef396c96d027b6a1727dcc53b]

Registry Data: 12
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013),Replaced,[186fe90d276274c2878a0d861bea5da3]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[3651a1554c3dc37389b6622f21e4ec14]
PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013),Replaced,[3651bc3abdcc4ceaa170543f57ae946c]
PUP.Optional.SafeFinder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyahHISZMPSu3Vv0UGtPsXvs&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyahHISZMPSu3Vv0UGtPsXvs&q={searchTerms}),Replaced,[236427cf4445be784ce15630689d5fa1]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}),Replaced,[90f7cd290386112531f5295d56afb54b]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCSH6gc8-7TDgQXhxYEloZ5bmvGguuDX11bYCBT6-B25m6HH_IaaV5Io90RgwFx3BGxOSudEc9ytaPWkOnpeyBlN, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCSH6gc8-7TDgQXhxYEloZ5bmvGguuDX11bYCBT6-B25m6HH_IaaV5Io90RgwFx3BGxOSudEc9ytaPWkOnpeyBlN),Replaced,[0582a84eacddbb7bc55e582ebc4959a7]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013),Replaced,[f1964da98dfc4beb4ebb088bda2b26da]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013&q={searchTerms}),Replaced,[3d4ab4427a0fea4c8e85dca937ced52b]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}),Replaced,[9becaf475d2c90a6fa2ed7af27de32ce]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}),Replaced,[32552dc92e5bfc3a63c88afc8a7be21e]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}),Replaced,[5b2c70864d3c072f121aa9dd3ec7a858]
PUP.Optional.SafeFinder.A, HKU\S-1-5-21-2100642859-3274675363-52059511-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://feed.safefinder.com/?p=mKO_AwFzXIpYRak5VLd2-qQdkN5729vVFWxou9hoxUv82Ac0l78Z5A1nEmRSUhC4s2s4BBwiY8BHHkfnEAObOW8yk0Z3BJq_5cISz9jLZd-YXBu8_Tn_YCg3JRvQR20wDIpiZi0wzjVR6OtkBVIwpqQBlG4XljOFU9V-rEFsp9CYEPWgLWIeHyG_-nL33GG0VUvBdRaAVUiq&q={searchTerms}),Replaced,[9deab6401d6c4ceaa787dbab6d983cc4]

Folders: 16
PUP.Optional.OpenCandy, C:\Users\JDR\AppData\Roaming\OpenCandy, Quarantined, [8502c630791091a50ce16cc71ee5f60a],
PUP.Optional.OpenCandy, C:\Users\JDR\AppData\Roaming\OpenCandy\OpenCandy_F84DC9210CC144FDAC59644E772CE2C2, Quarantined, [8502c630791091a50ce16cc71ee5f60a],
PUP.Optional.Extutil.A, C:\Users\JDR\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [c8bf06f0aedb88aebbe861ea0cf7e31d],
PUP.Optional.Managera.A, C:\Users\JDR\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [d1b634c23f4a2115089c52f9986b43bd],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Delete-on-Reboot, [cdbab83e1a6f979f5063a1aace35a35d],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarantined, [cdbab83e1a6f979f5063a1aace35a35d],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6, Delete-on-Reboot, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\Service, Delete-on-Reboot, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarantined, [abdc8e68f495e84ee72f7cedd33035cb],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarantined, [abdc8e68f495e84ee72f7cedd33035cb],

Files: 111
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Delete-on-Reboot, [830426d0286149ed628b497ac1401ae6],
PUP.Optional.VeriStaff, C:\Program Files (x86)\LPT\srptsl.exe, Delete-on-Reboot, [fa8d44b2dfaa2511126a0b528779a45c],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\Service\wpsvc.exe, Delete-on-Reboot, [a6e1c531ff8aca6c6949eef2a06142be],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, Quarantined, [8dfad71fa4e5fb3b8f84edfe0bf78080],
PUP.Optional.OutBrowse, C:\Users\JDR\AppData\Local\Temp\292195.exe.exe, Quarantined, [e4a3d323c0c9ba7c300d8b7c43bf5da3],
PUP.Optional.OutBrowse, C:\Users\JDR\AppData\Local\Temp\312419.exe.exe, Quarantined, [9fe8c23495f457df61f8d33533cf41bf],
PUP.Optional.OutBrowse, C:\Users\JDR\AppData\Local\Temp\350425.exe.exe, Quarantined, [12753fb75930f046e376b94fb15134cc],
PUP.Optional.OutBrowse, C:\Users\JDR\AppData\Local\Temp\nsq73C9.tmp\utu.dll, Quarantined, [7b0caf473d4cd660c37aaa5d07fbd030],
PUP.Optional.Tuto4PC.A, C:\Users\JDR\AppData\Local\Temp\81c83413-b1a5-42b2-9c78-cb8e7761d798\games desktop.exe, Quarantined, [c0c773838108171fed7cdf1c50b1936d],
PUP.Optional.Tuto4PC.A, C:\Users\JDR\AppData\Local\Temp\is-3AVA1.tmp\package_speedup_installer_multilang.exe, Quarantined, [147319dda3e6f73f39b50be6a160b24e],
PUP.Optional.Tuto4PC.A, C:\Users\JDR\AppData\Local\Temp\is-JI9OR.tmp\package_mybestofferstoday_installer_multilang.exe, Quarantined, [7a0db73f91f85fd7b7376a87d62b847c],
PUP.Optional.Tuto4PC.A, C:\Users\JDR\AppData\Local\Temp\is-V0QH0.tmp\package_speedup_installer_multilang.exe, Quarantined, [4047f9fd1a6f2412e20cea07946d22de],
PUP.Optional.Tuto4PC.A, C:\Users\JDR\AppData\Local\Temp\is-V6A5H.tmp\package_mybestofferstoday_installer_multilang.exe, Quarantined, [bec920d69bee67cf599523ce61a017e9],
PUP.Optional.XTab.A, C:\Users\JDR\AppData\Local\Temp\~dlFCF4\~dljyb\tmp\STab_v4.0.exe, Quarantined, [2f581fd797f2e4527b8631d4659d13ed],
PUP.Optional.WindowsProtectManger.A, C:\Users\JDR\AppData\Local\Temp\~dlFCF4\~dljyb\tmp\wpm_v20.0.0.1337.exe, Quarantined, [741355a191f8f046c12cf6cd8e7343bd],
PUP.Optional.SpeedCheck.A, C:\Users\JDR\AppData\Local\Temp\cd06f77b-2e4b-407a-9f5a-bf4099dbff09\3333-2081_speedcheck.exe, Quarantined, [b6d152a4becb4fe75c42baabb050eb15],
PUP.Optional.SoftPulse, C:\Users\JDR\Downloads\ChromeSetup.exe, Quarantined, [a1e61bdbd6b36ccabb4f0efa659db34d],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\VCLdr64.dll, Quarantined, [5a2d8b6be0a9c76ff16c04aa04fde11f],
PUP.Optional.VeriStaff, C:\Windows\Installer\6702f.msi, Quarantined, [ec9b37bf216854e2502f5d00f709827e],
PUP.Optional.SmartBar, C:\Windows\Installer\MSICC0B.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [3c4bc72fb7d222141e6553db8080c937],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIEB2.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [8ef917dfaadf1521f88b49e5e11f33cd],
PUP.Optional.SmartBar, C:\Windows\Installer\MSI69A0.tmp-\Smartbar.Installer.CustomActions.dll, Quarantined, [325510e672176cca196ab07e0ff11be5],
PUP.Optional.WebInstr.A, C:\Windows\System32\drivers\Msft_Kernel_webinstrNHK_01009.Wdf, Quarantined, [54339a5c2d5cf046c73fea801fe4f709],
PUP.Optional.Flowsurf.A, C:\Windows\System32\abengineOff.ini, Quarantined, [60271dd9e3a61e18fed8d99237cce31d],
PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengineOff.ini, Quarantined, [9ceb29cd76139c9af0e6610aef1413ed],
PUP.Optional.Flowsurf.A, C:\Windows\SysWOW64\abengine.ini, Quarantined, [e99efbfb98f169cd9b3cdd8e6c97a060],
PUP.Optional.Flowsurf.A, C:\Windows\Temp\abengine.log, Quarantined, [83044aacfe8b999ddffd9ecdbc470af6],
PUP.Optional.BoostSaves.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [fb8c80763b4e3afc0622125c35ceaf51],
PUP.Optional.BoostSaves.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [ddaa7b7bf495ce68cc5c6509bf4413ed],
PUP.Optional.WordProser.A, C:\Windows\System32\drivers\wpnfd_1_10_0_6.sys, Quarantined, [f88fde18f09935011154b1c505fec63a],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{886f5d30-5b8b-42ab-98f8-31d062b96dc3}Gw64.sys, Quarantined, [d8af9b5b0d7cdd59fc572264a65dbf41],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{a6994947-8316-401e-82e4-23da215413fb}Gw64.sys, Quarantined, [731411e5414841f52231e1a5bb4846ba],
PUP.Optional.Boost.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [4e3941b5fb8e3402cd9fa2e6a95a11ef],
PUP.Optional.Boost.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Quarantined, [4047d5214c3d16204824097f07fcf10f],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [dbac20d601887bbba8fb44a592726997],
PUP.Optional.ReMarkable.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Delete-on-Reboot, [8502b83ecabfe84ef6939555fc08916f],
PUP.Optional.ReMarkable.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Delete-on-Reboot, [bfc85a9c45441c1a3f4a04e60202b64a],
PUP.Optional.Vitruvian.A, C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-hardwareprofile-v0001, Quarantined, [384fa74f860383b35f79c42a09fb12ee],
PUP.Optional.Vitruvian.A, C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-install-v0003, Quarantined, [6720ad49e5a4df5709cf549a71932ed2],
PUP.Optional.Vitruvian.A, C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-processes-v0002, Quarantined, [6720c1355c2d58de0fc9b03e0ff5d22e],
PUP.Optional.Vitruvian.A, C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-scheduledtasks-v0001, Quarantined, [830419dde2a72511a533eb0373917f81],
PUP.Optional.Vitruvian.A, C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-softwareregkeys-v0002, Quarantined, [a1e646b07910999d6474d11ddc28ef11],
PUP.Optional.Vitruvian.A, C:\Users\JDR\AppData\Local\Temp\vitruvian-installer-uninstall-v0002, Quarantined, [e0a7787e2a5f4fe7597f3eb0eb19659b],
PUP.Optional.Linkury.A, C:\Program Files (x86)\LPT\srpts.exe, Delete-on-Reboot, [fe898d6994f5b28440906148ee15a759],
PUP.Optional.Score.A, C:\Windows\rcore.exe, Delete-on-Reboot, [8502fcfa5a2f3ff7d455d6165ba9b64a],
PUP.Optional.OpenCandy, C:\Users\JDR\AppData\Roaming\OpenCandy\OpenCandy_F84DC9210CC144FDAC59644E772CE2C2\syesubc3_p2v3.exe, Quarantined, [8502c630791091a50ce16cc71ee5f60a],
PUP.Optional.Extutil.A, C:\Users\JDR\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [c8bf06f0aedb88aebbe861ea0cf7e31d],
PUP.Optional.Extutil.A, C:\Users\JDR\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [c8bf06f0aedb88aebbe861ea0cf7e31d],
PUP.Optional.Extutil.A, C:\Users\JDR\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [c8bf06f0aedb88aebbe861ea0cf7e31d],
PUP.Optional.Managera.A, C:\Users\JDR\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [d1b634c23f4a2115089c52f9986b43bd],
PUP.Optional.Managera.A, C:\Users\JDR\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [d1b634c23f4a2115089c52f9986b43bd],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleCrashHandler.exe, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleUpdate.exe, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleUpdateBroker.exe, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleUpdateHelper.msi, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\GoogleUpdateOnDemand.exe, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\goopdate.dll, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\goopdateres_en.dll, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\npGoogleUpdate4.dll, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\psmachine.dll, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.127565\psuser.dll, Quarantined, [bdca85715c2d78bee9b8ff4ec63d7987],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleCrashHandler.exe, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleUpdate.exe, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleUpdateBroker.exe, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleUpdateHelper.msi, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\GoogleUpdateOnDemand.exe, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\goopdate.dll, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\goopdateres_en.dll, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\npGoogleUpdate4.dll, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\psmachine.dll, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.145177\psuser.dll, Quarantined, [4a3da84e88011c1a425f222bf50e7b85],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleCrashHandler.exe, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleUpdate.exe, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleUpdateBroker.exe, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleUpdateHelper.msi, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\GoogleUpdateOnDemand.exe, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\goopdate.dll, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\goopdateres_en.dll, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\npGoogleUpdate4.dll, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\psmachine.dll, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.158125\psuser.dll, Quarantined, [2e59995dc9c088aee6bb64e940c3d927],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleCrashHandler.exe, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleUpdate.exe, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleUpdateBroker.exe, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleUpdateHelper.msi, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\GoogleUpdateOnDemand.exe, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\goopdate.dll, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\goopdateres_en.dll, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\npGoogleUpdate4.dll, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\psmachine.dll, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.406763\psuser.dll, Quarantined, [6423876fa7e263d39e03f25bcc372cd4],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleCrashHandler.exe, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleUpdate.exe, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleUpdateBroker.exe, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleUpdateHelper.msi, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\GoogleUpdateOnDemand.exe, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\goopdate.dll, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\goopdateres_en.dll, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\npGoogleUpdate4.dll, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\psmachine.dll, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.GlobalUpdate.A, C:\Users\JDR\AppData\Local\Temp\comh.459338\psuser.dll, Quarantined, [ccbb7a7cc8c1ff379809fd50db288d73],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\terms-of-service.rtf, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\Uninstall.exe, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\buildcrx-license.txt, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\Info-ZIP-license.txt, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\JSON-simple-license.txt, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\nsJSON-license.txt, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\Nustache-license.txt, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\TaskScheduler-license.txt, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.WordProser.A, D:\Program Files\WordProser_1.10.0.6\3rd Party Licenses\UAC-license.txt, Quarantined, [a2e5f402a2e7979f9bdded7216edac54],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarantined, [abdc8e68f495e84ee72f7cedd33035cb],

Physical Sectors: 0
(No malicious items detected)


(end)
Log 2
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12.01.2015
Scan Time: 19:30:41
Logfile: Mal Log 2.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.12.07
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JDR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 311797
Time Elapsed: 7 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.BoostSaves.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [cdbaf00692f7e74f8f996d01c73c31cf],
PUP.Optional.BoostSaves.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [e1a651a593f63204fc2cdd91e51ec838],
PUP.Optional.Boost.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [5136ec0ad4b592a43b31e1a742c1639d],
PUP.Optional.Boost.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [563139bdb2d744f2610bb7d1e0235aa6],
PUP.Optional.ReMarkable.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Delete-on-Reboot, [31561dd934552a0c1a6f6585dc28e818],
PUP.Optional.ReMarkable.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Delete-on-Reboot, [295eb3432d5cca6c5633da105aaad62a],

Physical Sectors: 0
(No malicious items detected)


(end)
Log 3
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12.01.2015
Scan Time: 19:39:28
Logfile: Mal Log 3.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.12.07
Rootkit Database: v2015.01.07.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: JDR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312794
Time Elapsed: 8 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 6
PUP.Optional.BoostSaves.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [b1e7e70d4d3c24125fc9066821e23dc3],
PUP.Optional.BoostSaves.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [2078e014eb9ea591eb3d2747cb3852ae],
PUP.Optional.Boost.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage, Delete-on-Reboot, [adeb22d2177238feadbf751307fc1ce4],
PUP.Optional.Boost.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.boostsaves.com_0.localstorage-journal, Delete-on-Reboot, [2e6a579d7a0f999df67630587e85d32d],
PUP.Optional.ReMarkable.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Delete-on-Reboot, [a0f81dd7abdeb086bacfe5059272cb35],
PUP.Optional.ReMarkable.A, C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Delete-on-Reboot, [dfb98272c2c766d0711809e1a0648977],

Physical Sectors: 0
(No malicious items detected)


(end)

cosinus 16.01.2015 09:24
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


jaydee81 16.01.2015 19:08
Code:
# AdwCleaner v4.107 - Report created 16/01/2015 at 18:52:52
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : JDR - JDR-PC
# Running from : C:\Users\JDR\Desktop\AdwCleaner_4.107.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\JDR\AppData\Local\globalUpdate
Folder Deleted : C:\Users\JDR\AppData\Local\CrashRpt
Folder Deleted : C:\Users\JDR\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\JDR\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Public\Documents\ShopperPro
File Deleted : C:\Windows\System32\roboot64.exe

***** [ Scheduled Tasks ] *****

Task Deleted : YTDownloader

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2299856A-6506-42E3-A34F-CD35A47C1B19}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\Boost
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InetStat
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Boost
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : [x64] HKLM\SOFTWARE\ShopperPro
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [8278 octets] - [16/01/2015 18:48:26]
AdwCleaner[S0].txt - [7925 octets] - [16/01/2015 18:52:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7985 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by JDR on 16.01.2015 at 18:56:29,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611171162}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611791113}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611971195}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171162}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611791113}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611971195}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.01.2015 at 18:58:46,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by JDR (administrator) on JDR-PC on 16-01-2015 19:05:24
Running from C:\Users\JDR\Desktop
Loaded Profiles: JDR (Available profiles: JDR)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() D:\Program Files\Launchy\Launchy.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Elaborate Bytes AG) D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => D:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [GoogleChromeAutoLaunch_11543E6E594100321B2DB79E36ECE066] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [6160152 2014-05-20] (Piriform Ltd)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-09-19] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [Steam] => c:\Steam\steam.exe [1940160 2014-11-18] (Valve Corporation)
Startup: C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> D:\Program Files\Launchy\Launchy.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2100642859-3274675363-52059511-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49772;https=127.0.0.1:49772
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2100642859-3274675363-52059511-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M803E9CBA-5FAE-4AC3-9E19-E242AB9FB316&SearchSource=55&CUI=&UM=8&UP=SP1D66BFA2-DFCF-49F7-93C6-B7062BCB9E2C&SSPV=", "hxxp://www.google.com/", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-10]
CHR Extension: (Google Docs) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
CHR Extension: (Google Drive) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-10]
CHR Extension: (Brushed) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2015-01-10]
CHR Extension: (WOT) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-10]
CHR Extension: (YouTube) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-01-10]
CHR Extension: (Google Search) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
CHR Extension: (Feedspot Notifier) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfmbmjlieikcpodcpemdlecckdhnhbj [2015-01-10]
CHR Extension: (Torrent Turbo Search App) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2015-01-11]
CHR Extension: (Video Downloader professional) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-10]
CHR Extension: (Google Sheets) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-10]
CHR Extension: (AdBlock) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-10]
CHR Extension: (Google Mail Checker) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-10]
CHR Extension: (Google Wallet) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR Extension: (Google Quick Scroll) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-01-10]
CHR Extension: (Gmail) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-10]
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - No Path
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R3 iPod Service; D:\Program Files\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
R2 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; D:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; D:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; D:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 ALSysIO; \??\C:\Users\JDR\AppData\Local\Temp\ALSysIO64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:58 - 2015-01-16 18:58 - 00001646 _____ () C:\Users\JDR\Desktop\JRT.txt
2015-01-16 18:56 - 2015-01-16 18:56 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 18:55 - 2015-01-16 18:55 - 01707939 _____ (Thisisu) C:\Users\JDR\Desktop\JRT.exe
2015-01-16 18:54 - 2015-01-16 18:54 - 00008093 _____ () C:\Users\JDR\Desktop\AdwCleaner[S0].txt
2015-01-16 18:54 - 2015-01-16 18:54 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-16 18:47 - 2015-01-16 18:52 - 00000000 ____D () C:\AdwCleaner
2015-01-16 18:47 - 2015-01-16 18:47 - 02191360 _____ () C:\Users\JDR\Desktop\AdwCleaner_4.107.exe
2015-01-16 09:27 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-16 09:25 - 2015-01-16 18:54 - 00000168 _____ () C:\Windows\setupact.log
2015-01-16 09:25 - 2015-01-16 09:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 19:52 - 2015-01-14 19:52 - 00000000 ____D () C:\Users\JDR\Documents\Diablo III
2015-01-14 08:36 - 2015-01-14 08:36 - 00000763 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-01-14 08:36 - 2015-01-14 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-13 23:24 - 2015-01-13 23:24 - 00000778 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2015-01-13 23:23 - 2015-01-13 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-01-13 23:20 - 2015-01-16 09:22 - 00000000 ____D () C:\Users\JDR\AppData\Local\Battle.net
2015-01-13 23:20 - 2015-01-13 23:20 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Battle.net
2015-01-13 23:20 - 2015-01-13 23:20 - 00000000 ____D () C:\Users\JDR\AppData\Local\Blizzard Entertainment
2015-01-13 23:14 - 2015-01-13 23:14 - 00000930 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-01-13 23:14 - 2015-01-13 23:14 - 00000000 ____D () D:\Program Files\Battle.net
2015-01-13 23:14 - 2015-01-13 23:14 - 00000000 ____D () D:\Program Files\Battle.net
2015-01-13 23:14 - 2015-01-13 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-13 23:14 - 2015-01-13 23:14 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-13 23:05 - 2015-01-15 07:51 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 23:00 - 2015-01-13 23:00 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-13 22:40 - 2015-01-14 01:19 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\vlc
2015-01-13 22:39 - 2015-01-13 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-13 22:38 - 2015-01-13 22:38 - 00000000 ____D () D:\Program Files\VideoLAN
2015-01-13 22:38 - 2015-01-13 22:38 - 00000000 ____D () D:\Program Files\VideoLAN
2015-01-13 22:33 - 2015-01-13 22:33 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-01-13 22:32 - 2015-01-13 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
2015-01-13 22:24 - 2015-01-13 22:24 - 00002978 _____ () C:\Windows\System32\Tasks\elbyExecuteWithUAC
2015-01-13 22:24 - 2015-01-13 22:24 - 00001038 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2015-01-13 22:23 - 2015-01-13 22:23 - 00000000 ____D () D:\Program Files\Elaborate Bytes
2015-01-13 22:23 - 2015-01-13 22:23 - 00000000 ____D () D:\Program Files\Elaborate Bytes
2015-01-13 22:23 - 2015-01-13 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-01-13 21:54 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 21:54 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 21:54 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 21:54 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 21:54 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 21:54 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 21:54 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:54 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:54 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:54 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 21:54 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 21:54 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 21:54 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:42 - 2015-01-13 20:42 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\EMCO
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ___HD () D:\Program Files\InstallShield Installation Information
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ___HD () D:\Program Files\InstallShield Installation Information
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ____D () D:\Program Files\Realtek
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ____D () D:\Program Files\Realtek
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-13 19:57 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-13 19:57 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-13 19:57 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-13 19:57 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-13 19:57 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-13 19:57 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-13 19:57 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-13 19:57 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-01-13 19:57 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-13 19:57 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-13 19:57 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-13 19:57 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-13 19:57 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-13 19:57 - 2014-01-08 15:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-01-13 19:57 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-13 19:57 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-13 19:57 - 2012-06-08 16:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2015-01-13 19:57 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2015-01-13 19:57 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-13 19:57 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-13 19:57 - 2011-12-16 14:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2015-01-13 19:57 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-13 19:57 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-13 19:57 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-13 19:57 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-13 19:57 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-13 19:57 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-13 19:57 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-13 19:57 - 2009-11-18 07:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2015-01-13 19:52 - 2015-01-13 19:58 - 00000000 ___HD () D:\Program Files\Temp
2015-01-13 19:52 - 2015-01-13 19:58 - 00000000 ___HD () D:\Program Files\Temp
2015-01-13 19:52 - 2014-02-26 15:16 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-13 03:16 - 2015-01-13 03:16 - 00000000 ____D () D:\Program Files\Windows Sidebar
2015-01-13 03:16 - 2015-01-13 03:16 - 00000000 ____D () D:\Program Files\Windows Sidebar
2015-01-13 03:16 - 2015-01-13 03:16 - 00000000 ____D () D:\Program Files\DVD Maker
2015-01-13 03:16 - 2015-01-13 03:16 - 00000000 ____D () D:\Program Files\DVD Maker
2015-01-12 22:44 - 2015-01-12 22:44 - 00009019 _____ () C:\Users\JDR\Desktop\Gmer.log
2015-01-12 22:40 - 2015-01-12 22:40 - 00380416 _____ () C:\Users\JDR\Desktop\hotte2n7.exe
2015-01-12 22:34 - 2015-01-16 19:05 - 00017452 _____ () C:\Users\JDR\Desktop\FRST.txt
2015-01-12 22:34 - 2015-01-16 19:05 - 00000000 ____D () C:\FRST
2015-01-12 22:33 - 2015-01-16 18:59 - 02125312 _____ (Farbar) C:\Users\JDR\Desktop\FRST64.exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00050477 _____ () C:\Users\JDR\Desktop\Defogger.exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00000468 _____ () C:\Users\JDR\Desktop\defogger_disable.log
2015-01-12 20:22 - 2015-01-12 20:22 - 00000000 _____ () C:\Users\JDR\defogger_reenable
2015-01-12 19:29 - 2015-01-12 19:29 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-12 19:16 - 2015-01-16 18:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-12 19:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-12 19:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-12 19:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-12 19:05 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-12 19:05 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-12 00:20 - 2015-01-12 00:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-12 00:20 - 2015-01-12 00:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 00:20 - 2015-01-12 00:20 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-12 00:19 - 2015-01-12 00:19 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-12 00:13 - 2015-01-12 00:26 - 00000000 ____D () C:\Users\JDR\AppData\Local\Adobe
2015-01-11 23:47 - 2015-01-11 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2015-01-11 23:44 - 2015-01-11 23:46 - 00000000 ____D () D:\Program Files\Tracker Software
2015-01-11 23:44 - 2015-01-11 23:46 - 00000000 ____D () D:\Program Files\Tracker Software
2015-01-11 23:31 - 2015-01-11 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () D:\Program Files\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () D:\Program Files\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-11 23:20 - 2015-01-11 23:20 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Panda Security
2015-01-11 23:20 - 2015-01-11 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-11 23:19 - 2015-01-11 23:20 - 00000000 ____D () D:\Program Files\Panda Security
2015-01-11 23:19 - 2015-01-11 23:20 - 00000000 ____D () D:\Program Files\Panda Security
2015-01-11 23:18 - 2015-01-11 23:20 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 22:12 - 2015-01-11 22:12 - 00000199 _____ () C:\Users\JDR\Desktop\Dota 2.url
2015-01-11 21:57 - 2015-01-11 21:57 - 00000000 ____D () C:\Users\JDR\Documents\My Games
2015-01-11 21:38 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-11 21:38 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-11 21:38 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-11 21:38 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-11 21:38 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-11 21:38 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-11 21:38 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-11 21:38 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-11 21:38 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-11 21:38 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-11 21:38 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-11 21:38 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-11 21:38 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-11 21:38 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-11 21:38 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-11 21:38 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-11 21:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-11 21:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-11 21:38 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-11 21:38 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-11 21:38 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-11 21:38 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-11 21:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-11 21:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-11 21:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-11 21:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-11 21:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-11 21:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-11 21:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-11 21:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-11 21:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-11 21:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-11 21:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-11 21:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-11 21:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-11 21:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-11 21:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-11 21:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-11 21:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-11 21:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-11 21:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-11 21:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-11 21:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-11 21:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-11 21:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-11 21:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-11 21:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-11 21:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-11 21:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-11 21:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-11 21:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-11 21:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-11 21:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-11 21:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-11 21:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-11 21:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-11 21:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-11 21:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-11 21:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-11 21:32 - 2015-01-11 21:32 - 00000201 _____ () C:\Users\JDR\Desktop\Driver Parallel Lines.url
2015-01-11 21:31 - 2015-01-11 21:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-11 21:31 - 2015-01-11 21:31 - 00000710 _____ () C:\Users\Public\Desktop\The Secret World.lnk
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\Users\JDR\AppData\Local\Funcom
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
2015-01-11 21:30 - 2015-01-11 21:30 - 23483944 _____ (Funcom ) C:\Users\JDR\Desktop\setup.exe
2015-01-11 20:53 - 2015-01-16 18:48 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () D:\Program Files\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () D:\Program Files\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launchy
2015-01-11 20:40 - 2015-01-11 20:40 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\AMD
2015-01-11 20:38 - 2015-01-11 20:38 - 00000201 _____ () C:\Users\JDR\Desktop\RIFT.url
2015-01-11 20:29 - 2015-01-16 18:54 - 00000000 ____D () C:\Steam
2015-01-11 20:29 - 2015-01-11 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () D:\Program Files\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () D:\Program Files\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\Users\JDR\AppData\Local\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-11 20:19 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-01-11 18:50 - 2015-01-14 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-11 18:48 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-11 18:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-11 18:47 - 2015-01-11 18:47 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2015-01-11 18:47 - 2015-01-11 18:47 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2015-01-11 18:45 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-11 18:45 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-11 18:45 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-11 18:45 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-11 18:45 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-11 18:45 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-11 18:45 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-11 18:45 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-11 18:45 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-11 18:45 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-11 18:45 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-11 18:45 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-11 18:45 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-11 18:45 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-11 18:45 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-11 18:45 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-11 18:45 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-11 18:45 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-11 18:45 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-11 18:45 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-11 18:45 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-11 18:45 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-11 18:45 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-11 18:45 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-11 18:45 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-11 18:45 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-11 18:45 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-11 18:45 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-11 18:45 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-11 18:45 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-11 18:45 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-11 18:45 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-11 18:45 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-11 18:45 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-11 18:45 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-11 18:45 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-11 18:45 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-11 18:45 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-11 18:45 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-11 18:45 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-11 18:45 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-11 18:45 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-11 18:45 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-11 18:45 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-11 18:45 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-11 18:45 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-11 18:45 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-11 18:45 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-11 18:45 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-11 18:45 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-11 18:45 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-11 18:45 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-11 18:45 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-11 18:45 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-11 18:45 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-11 18:45 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-11 18:45 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-11 18:45 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-11 18:45 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-11 18:45 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-11 18:45 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-11 18:45 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-11 18:45 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-11 18:45 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-11 18:45 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-11 18:45 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-11 18:45 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-11 18:45 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-11 18:45 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-11 18:45 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-11 18:45 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-11 18:45 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-11 18:45 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-11 18:45 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-11 18:45 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-11 18:45 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-11 18:45 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-11 18:45 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-11 18:45 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-11 18:45 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-11 18:44 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-11 18:44 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-11 18:44 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-11 18:43 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-11 18:43 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-11 18:43 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-11 18:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-11 18:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-11 18:36 - 2015-01-16 18:54 - 00000000 ___RD () C:\Users\JDR\iCloudDrive
2015-01-11 18:36 - 2015-01-11 18:36 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple Inc
2015-01-11 18:29 - 2015-01-11 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-11 18:25 - 2015-01-12 23:06 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Apple Computer
2015-01-11 18:25 - 2015-01-11 18:34 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple Computer
2015-01-11 18:25 - 2015-01-11 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-11 18:25 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () D:\Program Files\iTunes
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () D:\Program Files\iTunes
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () D:\Program Files\iPod
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () D:\Program Files\iPod
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-11 18:23 - 2015-01-11 18:36 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple
2015-01-11 18:23 - 2015-01-11 18:23 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () D:\Program Files\Apple Software Update
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () D:\Program Files\Apple Software Update
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-11 18:22 - 2015-01-11 18:29 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-11 18:21 - 2015-01-11 18:21 - 00000000 ____D () D:\Program Files\Bonjour
2015-01-11 18:21 - 2015-01-11 18:21 - 00000000 ____D () D:\Program Files\Bonjour
2015-01-11 18:20 - 2015-01-11 18:23 - 00000000 ____D () C:\ProgramData\Apple
2015-01-11 17:39 - 2015-01-11 19:58 - 00000000 ____D () D:\Program Files\CCleaner
2015-01-11 17:39 - 2015-01-11 19:58 - 00000000 ____D () D:\Program Files\CCleaner
2015-01-11 17:39 - 2015-01-11 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-11 17:22 - 2015-01-11 17:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-11 17:21 - 2015-01-11 17:21 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Skype
2015-01-11 17:21 - 2015-01-11 17:21 - 00000000 ____D () C:\Users\JDR\AppData\Local\Skype
2015-01-11 17:20 - 2015-01-11 17:22 - 00000000 ____D () C:\ProgramData\Skype
2015-01-11 17:20 - 2015-01-11 17:20 - 00000827 _____ () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-11 17:19 - 2015-01-15 07:56 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\uTorrent
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () D:\Program Files\7-Zip
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () D:\Program Files\7-Zip
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-11 16:12 - 2015-01-11 23:17 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-11 11:37 - 2015-01-11 11:37 - 00184800 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2015-01-11 05:27 - 2015-01-11 05:27 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-01-11 05:27 - 2010-11-21 04:23 - 00383786 __RSH () C:\bootmgr
2015-01-10 23:06 - 2015-01-10 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Opera Software
2015-01-10 23:06 - 2015-01-10 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Local\Opera Software
2015-01-10 22:16 - 2015-01-10 23:07 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\QuickScan
2015-01-10 21:40 - 2015-01-10 21:55 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\StormFall
2015-01-10 21:39 - 2015-01-10 21:39 - 00000000 ____D () C:\Users\JDR\AppData\Local\StormFall
2015-01-10 21:39 - 2015-01-10 21:39 - 00000000 ____D () C:\ProgramData\6adc0a0000005fd
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\ATI
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\Users\JDR\AppData\Local\ATI
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\ProgramData\ATI
2015-01-10 21:20 - 2015-01-10 21:20 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-10 21:04 - 2015-01-10 21:04 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-10 21:04 - 2015-01-10 21:04 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Macromedia
2015-01-10 21:00 - 2015-01-10 22:22 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Raptr
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\library_dir
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\ProgramData\AMD
2015-01-10 20:59 - 2015-01-10 20:59 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-10 20:58 - 2015-01-10 20:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-10 20:49 - 2015-01-12 19:02 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-10 20:47 - 2015-01-10 20:47 - 00000000 ____D () C:\Users\JDR\AppData\Local\Google
2015-01-10 20:47 - 2015-01-10 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 20:46 - 2015-01-10 21:49 - 00002281 _____ () C:\Windows\patsearch.bin
2015-01-10 20:41 - 2015-01-10 20:41 - 00000000 __SHD () C:\Users\JDR\AppData\Local\EmieUserList
2015-01-10 20:41 - 2015-01-10 20:41 - 00000000 __SHD () C:\Users\JDR\AppData\Local\EmieSiteList
2015-01-10 20:40 - 2015-01-10 20:40 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Adobe
2015-01-10 20:39 - 2015-01-12 23:05 - 00000000 ____D () C:\Users\JDR
2015-01-10 20:39 - 2015-01-11 23:20 - 00058488 _____ () C:\Users\JDR\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-10 20:39 - 2015-01-10 20:39 - 00001648 _____ () C:\Windows\system32\WinToolkit_RunOnce_Log.log
2015-01-10 20:39 - 2015-01-10 20:39 - 00000020 ___SH () C:\Users\JDR\ntuser.ini
2015-01-10 20:39 - 2015-01-10 20:39 - 00000000 ____D () C:\Users\JDR\AppData\Local\VirtualStore
2015-01-10 20:39 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-10 20:39 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-10 20:38 - 2015-01-10 20:38 - 00371116 __RSH () C:\OGJCH
2015-01-10 20:35 - 2015-01-14 03:00 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 20:35 - 2015-01-10 20:35 - 00000000 __SHD () C:\Recovery
2015-01-10 20:32 - 2015-01-16 18:57 - 01131283 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 20:31 - 2015-01-10 20:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-10 20:30 - 2015-01-10 20:30 - 00000000 ____D () C:\Windows\CSC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 19:01 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 19:01 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 18:58 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-16 18:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 07:51 - 2014-09-19 16:37 - 00000000 ____D () C:\Windows\Panther
2015-01-14 03:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 03:16 - 2011-04-12 09:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-13 03:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-12 19:49 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins
2015-01-12 19:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-12 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-12 18:59 - 2009-07-14 05:45 - 00314840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 20:33 - 2014-11-15 15:37 - 00000000 ____D () C:\Users\JDR\Desktop\Paleo - The Sacred Science
2015-01-11 20:33 - 2014-01-30 14:07 - 00000000 ____D () C:\Users\JDR\Desktop\Paleocon
2015-01-11 20:04 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 15:41 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-11 05:27 - 2009-07-14 06:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-10 21:21 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-10 20:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-10 20:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-10 20:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\JDR\AppData\Local\Temp\Quarantine.exe
C:\Users\JDR\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 03:50

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by JDR at 2015-01-16 19:05:47
Running from C:\Users\JDR\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\uTorrent) (Version: 3.4.2.37951 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Driver: Parallel Lines (HKLM-x32\...\Steam App 21780) (Version:  - Ubisoft Reflections)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.3 (HKLM\...\{9F6EA3D4-B2FA-3120-8DF8-07396231AFB4}) (Version: 4.5.53315 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D27F63D-65B6-4882-9D6B-3B3EAB618B29} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {31BBB98D-6B2F-4A07-AA52-D78BB353D7F2} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {335CF032-CD14-4751-8888-E54B1DC95703} - \{33CB2A0C-599B-4E94-9AA8-56CD0953778C} No Task File <==== ATTENTION
Task: {3DDD5833-9172-4D89-A3E1-06E21C036D2C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {43C63C62-4F72-4694-9E84-330EA7DC34D7} - \upfs7235 No Task File <==== ATTENTION
Task: {AE5E945C-9895-45AB-8B6B-2825286D9907} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B90C8C4B-7091-4903-B045-9E61BA60D67E} - System32\Tasks\elbyExecuteWithUAC => D:\Program Files\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] ()
Task: {FD8591D9-7C88-45DF-88E6-42333E3C28AA} - System32\Tasks\Apple\AppleSoftwareUpdate => D:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) =============

2015-01-11 20:53 - 2010-11-10 19:38 - 00380928 _____ () D:\Program Files\Launchy\Launchy.exe
2014-04-14 20:41 - 2015-01-11 17:37 - 00039192 ____R () D:\Program Files\CCleaner\branding.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () D:\Program Files\Notepad++\NppShell_06.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () D:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-11 20:53 - 2009-12-16 22:13 - 08314880 _____ () D:\Program Files\Launchy\QtGui4.dll
2015-01-11 20:53 - 2009-12-16 21:54 - 02236416 _____ () D:\Program Files\Launchy\QtCore4.dll
2015-01-11 20:53 - 2009-12-16 21:56 - 00712704 _____ () D:\Program Files\Launchy\QtNetwork4.dll
2015-01-11 20:53 - 2009-12-17 00:18 - 00233472 _____ () D:\Program Files\Launchy\imageformats\qmng4.dll
2015-01-11 20:53 - 2010-11-10 19:39 - 00081920 _____ () D:\Program Files\Launchy\plugins\calcy.dll
2015-01-11 20:53 - 2010-11-10 19:39 - 00090112 _____ () D:\Program Files\Launchy\plugins\controly.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00024064 _____ () D:\Program Files\Launchy\plugins\gcalc.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00094208 _____ () D:\Program Files\Launchy\plugins\runner.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00057344 _____ () D:\Program Files\Launchy\plugins\verby.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2100642859-3274675363-52059511-500 - Administrator - Disabled)
Guest (S-1-5-21-2100642859-3274675363-52059511-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2100642859-3274675363-52059511-1002 - Limited - Enabled)
JDR (S-1-5-21-2100642859-3274675363-52059511-1001 - Administrator - Enabled) => C:\Users\JDR

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 51%
Total physical RAM: 4094.48 MB
Available physical RAM: 1971.1 MB
Total Pagefile: 8187.15 MB
Available Pagefile: 5357.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.62 GB) (Free:10.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:438.83 GB) NTFS
Drive e: () (Fixed) (Total:931.5 GB) (Free:90.42 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:445.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: A6DE872E)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8C9BA9B6)
Partition 2: (Active) - (Size=931.5 GB) - (Type=05)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 69852B7A)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CDA4A639)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 17.01.2015 16:41
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49772;https=127.0.0.1:49772
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR StartupUrls: Default -> "http://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M803E9CBA-5FAE-4AC3-9E19-E242AB9FB316&SearchSource=55&CUI=&UM=8&UP=SP1D66BFA2-DFCF-49F7-93C6-B7062BCB9E2C&SSPV=", "http://www.google.com/", "http://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013"
Task: {2D27F63D-65B6-4882-9D6B-3B3EAB618B29} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {335CF032-CD14-4751-8888-E54B1DC95703} - \{33CB2A0C-599B-4E94-9AA8-56CD0953778C} No Task File <==== ATTENTION
Task: {43C63C62-4F72-4694-9E84-330EA7DC34D7} - \upfs7235 No Task File <==== ATTENTION
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


jaydee81 17.01.2015 18:07
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by JDR at 2015-01-17 18:03:28 Run:1
Running from C:\Users\JDR\Desktop
Loaded Profiles: JDR (Available profiles: JDR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49772;https=127.0.0.1:49772
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M803E9CBA-5FAE-4AC3-9E19-E242AB9FB316&SearchSource=55&CUI=&UM=8&UP=SP1D66BFA2-DFCF-49F7-93C6-B7062BCB9E2C&SSPV=", "hxxp://www.google.com/", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013"
Task: {2D27F63D-65B6-4882-9D6B-3B3EAB618B29} - \CreateChoiceProcessTask No Task File <==== ATTENTION
Task: {335CF032-CD14-4751-8888-E54B1DC95703} - \{33CB2A0C-599B-4E94-9AA8-56CD0953778C} No Task File <==== ATTENTION
Task: {43C63C62-4F72-4694-9E84-330EA7DC34D7} - \upfs7235 No Task File <==== ATTENTION
EmptyTemp:
Hosts:
       
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2100642859-3274675363-52059511-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
Chrome StartupUrls deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2D27F63D-65B6-4882-9D6B-3B3EAB618B29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D27F63D-65B6-4882-9D6B-3B3EAB618B29}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CreateChoiceProcessTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{335CF032-CD14-4751-8888-E54B1DC95703}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{335CF032-CD14-4751-8888-E54B1DC95703}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{33CB2A0C-599B-4E94-9AA8-56CD0953778C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{43C63C62-4F72-4694-9E84-330EA7DC34D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43C63C62-4F72-4694-9E84-330EA7DC34D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 311.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:03:30 ====

cosinus 17.01.2015 18:51
Neustart bitte. Zeig dann mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

jaydee81 18.01.2015 09:43

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015
Ran by JDR (administrator) on JDR-PC on 18-01-2015 09:41:19
Running from C:\Users\JDR\Desktop
Loaded Profiles: JDR (Available profiles: JDR)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) D:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe
(Malwarebytes Corporation) D:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
() D:\Program Files\Launchy\Launchy.exe
() F:\OC\CoreTemp64\Core Temp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Panda Security, S.L.) D:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe
(Elaborate Bytes AG) D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) D:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Valve Corporation) C:\Steam\Steam.exe
(Valve Corporation) C:\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-05-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [PSUAMain] => D:\Program Files\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe,
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [GoogleChromeAutoLaunch_11543E6E594100321B2DB79E36ECE066] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-06] (Google Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [6160152 2014-05-20] (Piriform Ltd)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-09-19] (Apple Inc.)
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
Startup: C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> D:\Program Files\Launchy\Launchy.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49772;https=127.0.0.1:49772
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2100642859-3274675363-52059511-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 80.69.103.78 80.69.102.158

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> d:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2100642859-3274675363-52059511-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> D:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)

Chrome:
=======
CHR HomePage: Default -> hxxp://google.de/
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331617&octid=EB_ORIGINAL_CTID&ISID=M803E9CBA-5FAE-4AC3-9E19-E242AB9FB316&SearchSource=55&CUI=&UM=8&UP=SP1D66BFA2-DFCF-49F7-93C6-B7062BCB9E2C&SSPV=", "hxxp://www.google.com/", "hxxp://isearch.omiga-plus.com/?type=hppp&ts=1420919252&from=tugs&uid=STTXFTM64GX25H_P569318-btix-6269013"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-10]
CHR Extension: (Google Docs) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-10]
CHR Extension: (Google Drive) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-10]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-10]
CHR Extension: (Brushed) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2015-01-10]
CHR Extension: (WOT) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-01-10]
CHR Extension: (YouTube) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-10]
CHR Extension: (Hide My Ass! Web Proxy) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmgnmcnlncejehjlnhaglpnoolgbflbd [2015-01-10]
CHR Extension: (Google Search) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-10]
CHR Extension: (Feedspot Notifier) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcfmbmjlieikcpodcpemdlecckdhnhbj [2015-01-10]
CHR Extension: (Torrent Turbo Search App) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\eegbffmjdkflkcfncpfjjbggbdlnbdif [2015-01-11]
CHR Extension: (Video Downloader professional) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-01-10]
CHR Extension: (Google Sheets) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-10]
CHR Extension: (AdBlock) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-10]
CHR Extension: (Google Mail Checker) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-01-10]
CHR Extension: (Google Wallet) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-10]
CHR Extension: (Google Quick Scroll) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-01-10]
CHR Extension: (Gmail) - C:\Users\JDR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-10]
CHR HKLM-x32\...\Chrome\Extension: [iomphmdalfmaifjccmagmllnicjoghhk] - No Path
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [390504 2011-08-30] (Apple Inc.)
R3 iPod Service; D:\Program Files\iPod\bin\iPodService.exe [643880 2014-10-15] (Apple Inc.)
R2 MBAMScheduler; D:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NanoServiceMain; D:\Program Files\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; D:\Program Files\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; D:\Program Files\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-09-19] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R3 ALSysIO; \??\C:\Users\JDR\AppData\Local\Temp\ALSysIO64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 18:03 - 2015-01-18 09:41 - 00000000 ____D () C:\Users\JDR\Desktop\FRST-OlderVersion
2015-01-17 17:58 - 2014-03-25 14:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-17 15:41 - 2015-01-17 15:41 - 00002704 _____ () C:\Windows\System32\Tasks\Core Temp Autostart JDR
2015-01-16 22:37 - 2015-01-16 22:37 - 00000830 _____ () C:\Users\Public\Desktop\World of Warcraft.lnk
2015-01-16 22:37 - 2015-01-16 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2015-01-16 19:53 - 2015-01-16 19:53 - 00000000 ____D () C:\Users\JDR\AppData\Local\Blizzard
2015-01-16 19:05 - 2015-01-16 19:06 - 00012785 _____ () C:\Users\JDR\Desktop\Addition.txt
2015-01-16 18:58 - 2015-01-16 18:58 - 00001646 _____ () C:\Users\JDR\Desktop\JRT.txt
2015-01-16 18:56 - 2015-01-16 18:56 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 18:55 - 2015-01-16 18:55 - 01707939 _____ (Thisisu) C:\Users\JDR\Desktop\JRT.exe
2015-01-16 18:54 - 2015-01-16 18:54 - 00008093 _____ () C:\Users\JDR\Desktop\AdwCleaner[S0].txt
2015-01-16 18:54 - 2015-01-16 18:54 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-16 18:47 - 2015-01-16 18:52 - 00000000 ____D () C:\AdwCleaner
2015-01-16 18:47 - 2015-01-16 18:47 - 02191360 _____ () C:\Users\JDR\Desktop\AdwCleaner_4.107.exe
2015-01-16 09:25 - 2015-01-17 18:04 - 00000336 _____ () C:\Windows\setupact.log
2015-01-16 09:25 - 2015-01-16 09:25 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-14 19:52 - 2015-01-14 19:52 - 00000000 ____D () C:\Users\JDR\Documents\Diablo III
2015-01-14 08:36 - 2015-01-14 08:36 - 00000763 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2015-01-14 08:36 - 2015-01-14 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2015-01-13 23:24 - 2015-01-13 23:24 - 00000778 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2015-01-13 23:23 - 2015-01-13 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2015-01-13 23:20 - 2015-01-18 09:37 - 00000000 ____D () C:\Users\JDR\AppData\Local\Battle.net
2015-01-13 23:20 - 2015-01-13 23:20 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Battle.net
2015-01-13 23:20 - 2015-01-13 23:20 - 00000000 ____D () C:\Users\JDR\AppData\Local\Blizzard Entertainment
2015-01-13 23:14 - 2015-01-13 23:14 - 00000930 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-01-13 23:14 - 2015-01-13 23:14 - 00000000 ____D () D:\Program Files\Battle.net
2015-01-13 23:14 - 2015-01-13 23:14 - 00000000 ____D () D:\Program Files\Battle.net
2015-01-13 23:14 - 2015-01-13 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-01-13 23:14 - 2015-01-13 23:14 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-01-13 23:05 - 2015-01-15 07:51 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 23:00 - 2015-01-13 23:00 - 00000000 ____D () C:\ProgramData\Battle.net
2015-01-13 22:40 - 2015-01-18 08:38 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\vlc
2015-01-13 22:39 - 2015-01-13 22:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-01-13 22:38 - 2015-01-13 22:38 - 00000000 ____D () D:\Program Files\VideoLAN
2015-01-13 22:38 - 2015-01-13 22:38 - 00000000 ____D () D:\Program Files\VideoLAN
2015-01-13 22:33 - 2015-01-13 22:33 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2015-01-13 22:32 - 2015-01-13 22:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
2015-01-13 22:24 - 2015-01-13 22:24 - 00002978 _____ () C:\Windows\System32\Tasks\elbyExecuteWithUAC
2015-01-13 22:24 - 2015-01-13 22:24 - 00001038 _____ () C:\Users\Public\Desktop\Virtual CloneDrive.lnk
2015-01-13 22:23 - 2015-01-13 22:23 - 00000000 ____D () D:\Program Files\Elaborate Bytes
2015-01-13 22:23 - 2015-01-13 22:23 - 00000000 ____D () D:\Program Files\Elaborate Bytes
2015-01-13 22:23 - 2015-01-13 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-01-13 21:54 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 21:54 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 21:54 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 21:54 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 21:54 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 21:54 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 21:54 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:54 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:54 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:54 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 21:54 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 21:54 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 21:54 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 20:42 - 2015-01-13 20:42 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\EMCO
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ___HD () D:\Program Files\InstallShield Installation Information
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ___HD () D:\Program Files\InstallShield Installation Information
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ____D () D:\Program Files\Realtek
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ____D () D:\Program Files\Realtek
2015-01-13 19:57 - 2015-01-13 19:57 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-01-13 19:57 - 2014-05-14 18:37 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-01-13 19:57 - 2014-05-14 16:00 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-01-13 19:57 - 2014-05-09 11:17 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-01-13 19:57 - 2014-04-30 11:34 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-01-13 19:57 - 2014-04-28 15:48 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-01-13 19:57 - 2014-04-25 13:51 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-01-13 19:57 - 2014-04-25 13:23 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-01-13 19:57 - 2014-04-10 12:19 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-01-13 19:57 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-01-13 19:57 - 2014-04-10 12:19 - 01063512 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-01-13 19:57 - 2014-03-06 16:35 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-01-13 19:57 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-01-13 19:57 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-01-13 19:57 - 2014-01-08 15:25 - 00397592 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2015-01-13 19:57 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-01-13 19:57 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-01-13 19:57 - 2012-06-08 16:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2015-01-13 19:57 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2015-01-13 19:57 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-01-13 19:57 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-01-13 19:57 - 2011-12-16 14:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2015-01-13 19:57 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-01-13 19:57 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-01-13 19:57 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-01-13 19:57 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-01-13 19:57 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-01-13 19:57 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-01-13 19:57 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-01-13 19:57 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-01-13 19:57 - 2009-11-18 07:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2015-01-13 19:52 - 2015-01-13 19:58 - 00000000 ___HD () D:\Program Files\Temp
2015-01-13 19:52 - 2015-01-13 19:58 - 00000000 ___HD () D:\Program Files\Temp
2015-01-13 19:52 - 2014-02-26 15:16 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-01-13 03:16 - 2015-01-13 03:16 - 00000000 ____D () D:\Program Files\Windows Sidebar
2015-01-13 03:16 - 2015-01-13 03:16 - 00000000 ____D () D:\Program Files\Windows Sidebar
2015-01-13 03:16 - 2015-01-13 03:16 - 00000000 ____D () D:\Program Files\DVD Maker
2015-01-13 03:16 - 2015-01-13 03:16 - 00000000 ____D () D:\Program Files\DVD Maker
2015-01-12 22:44 - 2015-01-12 22:44 - 00009019 _____ () C:\Users\JDR\Desktop\Gmer.log
2015-01-12 22:40 - 2015-01-12 22:40 - 00380416 _____ () C:\Users\JDR\Desktop\hotte2n7.exe
2015-01-12 22:34 - 2015-01-18 09:41 - 00016726 _____ () C:\Users\JDR\Desktop\FRST.txt
2015-01-12 22:34 - 2015-01-18 09:41 - 00000000 ____D () C:\FRST
2015-01-12 22:33 - 2015-01-18 09:41 - 02126336 _____ (Farbar) C:\Users\JDR\Desktop\FRST64.exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00050477 _____ () C:\Users\JDR\Desktop\Defogger.exe
2015-01-12 20:22 - 2015-01-12 20:22 - 00000468 _____ () C:\Users\JDR\Desktop\defogger_disable.log
2015-01-12 20:22 - 2015-01-12 20:22 - 00000000 _____ () C:\Users\JDR\defogger_reenable
2015-01-12 19:29 - 2015-01-12 19:29 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-12 19:16 - 2015-01-18 08:47 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () D:\Program Files\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-12 19:15 - 2015-01-12 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-12 19:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-12 19:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-12 19:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-12 19:05 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-12 19:05 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-12 00:20 - 2015-01-12 00:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-12 00:20 - 2015-01-12 00:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-12 00:20 - 2015-01-12 00:20 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-12 00:19 - 2015-01-12 00:19 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-12 00:13 - 2015-01-12 00:26 - 00000000 ____D () C:\Users\JDR\AppData\Local\Adobe
2015-01-11 23:47 - 2015-01-11 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2015-01-11 23:44 - 2015-01-11 23:46 - 00000000 ____D () D:\Program Files\Tracker Software
2015-01-11 23:44 - 2015-01-11 23:46 - 00000000 ____D () D:\Program Files\Tracker Software
2015-01-11 23:31 - 2015-01-11 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () D:\Program Files\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () D:\Program Files\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-11 23:31 - 2015-01-11 23:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-01-11 23:20 - 2015-01-11 23:20 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Panda Security
2015-01-11 23:20 - 2015-01-11 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-11 23:19 - 2015-01-11 23:20 - 00000000 ____D () D:\Program Files\Panda Security
2015-01-11 23:19 - 2015-01-11 23:20 - 00000000 ____D () D:\Program Files\Panda Security
2015-01-11 23:18 - 2015-01-11 23:20 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-11 22:12 - 2015-01-11 22:12 - 00000199 _____ () C:\Users\JDR\Desktop\Dota 2.url
2015-01-11 21:57 - 2015-01-11 21:57 - 00000000 ____D () C:\Users\JDR\Documents\My Games
2015-01-11 21:38 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-11 21:38 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-11 21:38 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-01-11 21:38 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-01-11 21:38 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-01-11 21:38 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-01-11 21:38 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-01-11 21:38 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-01-11 21:38 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-01-11 21:38 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-01-11 21:38 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-01-11 21:38 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-01-11 21:38 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-01-11 21:38 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-01-11 21:38 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-01-11 21:38 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-01-11 21:38 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-01-11 21:38 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-01-11 21:38 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-01-11 21:38 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-01-11 21:38 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-01-11 21:38 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-01-11 21:38 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-01-11 21:38 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-01-11 21:38 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-01-11 21:38 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-01-11 21:38 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-01-11 21:38 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-01-11 21:38 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-01-11 21:38 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-01-11 21:38 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-01-11 21:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-01-11 21:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-01-11 21:38 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-01-11 21:38 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-01-11 21:38 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-01-11 21:38 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-01-11 21:38 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-01-11 21:38 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-01-11 21:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-01-11 21:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-01-11 21:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-01-11 21:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-01-11 21:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-01-11 21:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-01-11 21:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-01-11 21:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-01-11 21:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-01-11 21:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-01-11 21:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-01-11 21:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-01-11 21:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-01-11 21:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-01-11 21:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-01-11 21:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-01-11 21:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-01-11 21:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-01-11 21:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-01-11 21:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-01-11 21:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-01-11 21:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-01-11 21:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-01-11 21:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-01-11 21:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-01-11 21:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-01-11 21:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-01-11 21:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-01-11 21:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-01-11 21:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-01-11 21:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-01-11 21:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-01-11 21:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-01-11 21:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-01-11 21:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-01-11 21:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-01-11 21:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-01-11 21:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-01-11 21:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-01-11 21:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-01-11 21:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-01-11 21:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-01-11 21:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-01-11 21:32 - 2015-01-11 21:32 - 00000201 _____ () C:\Users\JDR\Desktop\Driver Parallel Lines.url
2015-01-11 21:31 - 2015-01-11 21:38 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-01-11 21:31 - 2015-01-11 21:31 - 00000710 _____ () C:\Users\Public\Desktop\The Secret World.lnk
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\Users\JDR\AppData\Local\Funcom
2015-01-11 21:31 - 2015-01-11 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Funcom
2015-01-11 21:30 - 2015-01-11 21:30 - 23483944 _____ (Funcom ) C:\Users\JDR\Desktop\setup.exe
2015-01-11 20:53 - 2015-01-16 18:48 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () D:\Program Files\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () D:\Program Files\Launchy
2015-01-11 20:53 - 2015-01-11 20:53 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Launchy
2015-01-11 20:40 - 2015-01-11 20:40 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\AMD
2015-01-11 20:38 - 2015-01-11 20:38 - 00000201 _____ () C:\Users\JDR\Desktop\RIFT.url
2015-01-11 20:29 - 2015-01-17 18:08 - 00000000 ____D () C:\Steam
2015-01-11 20:29 - 2015-01-11 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () D:\Program Files\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () D:\Program Files\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\Users\JDR\AppData\Local\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-11 20:19 - 2015-01-11 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-11 20:19 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-01-11 18:50 - 2015-01-14 03:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-11 18:48 - 2015-01-11 18:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-11 18:48 - 2014-10-18 03:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-11 18:48 - 2014-10-18 02:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-11 18:47 - 2015-01-11 18:47 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2015-01-11 18:47 - 2015-01-11 18:47 - 00000000 ____D () D:\Program Files\Microsoft Silverlight
2015-01-11 18:45 - 2014-11-27 02:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-11 18:45 - 2014-11-27 02:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-11 18:45 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-11 18:45 - 2014-11-22 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-11 18:45 - 2014-11-22 04:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-11 18:45 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-11 18:45 - 2014-11-22 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-11 18:45 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-11 18:45 - 2014-11-22 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-11 18:45 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-11 18:45 - 2014-11-22 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-11 18:45 - 2014-11-22 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-11 18:45 - 2014-11-22 03:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-11 18:45 - 2014-11-22 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-11 18:45 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-11 18:45 - 2014-11-22 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-11 18:45 - 2014-11-22 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-11 18:45 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-11 18:45 - 2014-11-22 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-11 18:45 - 2014-11-22 03:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-11 18:45 - 2014-11-22 03:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-11 18:45 - 2014-11-22 03:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-11 18:45 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-11 18:45 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-11 18:45 - 2014-11-22 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-11 18:45 - 2014-11-22 03:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-11 18:45 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-11 18:45 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-11 18:45 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-11 18:45 - 2014-11-22 02:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-11 18:45 - 2014-11-22 02:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-11 18:45 - 2014-11-22 02:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-11 18:45 - 2014-11-22 02:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-11 18:45 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-11 18:45 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-11 18:45 - 2014-11-22 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-11 18:45 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-11 18:45 - 2014-11-22 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-11 18:45 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-11 18:45 - 2014-11-22 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-11 18:45 - 2014-11-22 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-11 18:45 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-11 18:45 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-11 18:45 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-11 18:45 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-11 18:45 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-11 18:45 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-11 18:45 - 2014-11-22 02:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-11 18:45 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-11 18:45 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-11 18:45 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-11 18:45 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-11 18:45 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-11 18:45 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-11 18:45 - 2014-11-11 04:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-11 18:45 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-11 18:45 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-11 18:45 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-11 18:45 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-11 18:45 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-11 18:45 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-11 18:45 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-11 18:45 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-11 18:45 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-11 18:45 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-11 18:45 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-11 18:45 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-11 18:45 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-11 18:45 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-11 18:45 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-11 18:45 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-11 18:45 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-11 18:45 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-11 18:45 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-11 18:45 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-11 18:45 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-11 18:45 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-11 18:45 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-11 18:45 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-11 18:45 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-11 18:45 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-11 18:45 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-11 18:45 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-11 18:45 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-11 18:45 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-11 18:44 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-11 18:44 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-11 18:44 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-11 18:44 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-11 18:44 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-11 18:43 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-11 18:43 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-11 18:43 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-11 18:42 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-11 18:42 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-11 18:36 - 2015-01-17 18:04 - 00000000 ___RD () C:\Users\JDR\iCloudDrive
2015-01-11 18:36 - 2015-01-11 18:36 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple Inc
2015-01-11 18:29 - 2015-01-11 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-01-11 18:25 - 2015-01-12 23:06 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Apple Computer
2015-01-11 18:25 - 2015-01-11 18:34 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple Computer
2015-01-11 18:25 - 2015-01-11 18:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-11 18:25 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () D:\Program Files\iTunes
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () D:\Program Files\iTunes
2015-01-11 18:24 - 2015-01-11 18:25 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () D:\Program Files\iPod
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () D:\Program Files\iPod
2015-01-11 18:24 - 2015-01-11 18:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-01-11 18:23 - 2015-01-11 18:36 - 00000000 ____D () C:\Users\JDR\AppData\Local\Apple
2015-01-11 18:23 - 2015-01-11 18:23 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () D:\Program Files\Apple Software Update
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () D:\Program Files\Apple Software Update
2015-01-11 18:23 - 2015-01-11 18:23 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-01-11 18:22 - 2015-01-11 18:29 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-11 18:21 - 2015-01-11 18:21 - 00000000 ____D () D:\Program Files\Bonjour
2015-01-11 18:21 - 2015-01-11 18:21 - 00000000 ____D () D:\Program Files\Bonjour
2015-01-11 18:20 - 2015-01-11 18:23 - 00000000 ____D () C:\ProgramData\Apple
2015-01-11 17:39 - 2015-01-11 19:58 - 00000000 ____D () D:\Program Files\CCleaner
2015-01-11 17:39 - 2015-01-11 19:58 - 00000000 ____D () D:\Program Files\CCleaner
2015-01-11 17:39 - 2015-01-11 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-11 17:22 - 2015-01-11 17:22 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-11 17:21 - 2015-01-11 17:21 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Skype
2015-01-11 17:21 - 2015-01-11 17:21 - 00000000 ____D () C:\Users\JDR\AppData\Local\Skype
2015-01-11 17:20 - 2015-01-11 17:22 - 00000000 ____D () C:\ProgramData\Skype
2015-01-11 17:20 - 2015-01-11 17:20 - 00000827 _____ () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-01-11 17:19 - 2015-01-15 07:56 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\uTorrent
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () D:\Program Files\7-Zip
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () D:\Program Files\7-Zip
2015-01-11 17:17 - 2015-01-11 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-11 16:12 - 2015-01-11 23:17 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-11 11:37 - 2015-01-11 11:37 - 00184800 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2015-01-11 05:27 - 2015-01-11 05:27 - 00008192 __RSH () C:\BOOTSECT.BAK
2015-01-11 05:27 - 2010-11-21 04:23 - 00383786 __RSH () C:\bootmgr
2015-01-10 23:06 - 2015-01-10 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Opera Software
2015-01-10 23:06 - 2015-01-10 23:33 - 00000000 ____D () C:\Users\JDR\AppData\Local\Opera Software
2015-01-10 22:16 - 2015-01-10 23:07 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\QuickScan
2015-01-10 21:40 - 2015-01-10 21:55 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\StormFall
2015-01-10 21:39 - 2015-01-10 21:39 - 00000000 ____D () C:\Users\JDR\AppData\Local\StormFall
2015-01-10 21:39 - 2015-01-10 21:39 - 00000000 ____D () C:\ProgramData\6adc0a0000005fd
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\ATI
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\Users\JDR\AppData\Local\ATI
2015-01-10 21:21 - 2015-01-10 21:21 - 00000000 ____D () C:\ProgramData\ATI
2015-01-10 21:20 - 2015-01-10 21:20 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-01-10 21:04 - 2015-01-10 21:04 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-10 21:04 - 2015-01-10 21:04 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Macromedia
2015-01-10 21:00 - 2015-01-10 22:22 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Raptr
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\library_dir
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-01-10 21:00 - 2015-01-10 21:00 - 00000000 ____D () C:\ProgramData\AMD
2015-01-10 20:59 - 2015-01-10 20:59 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2015-01-10 20:58 - 2015-01-10 20:59 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-10 20:49 - 2015-01-12 19:02 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-10 20:47 - 2015-01-10 20:47 - 00000000 ____D () C:\Users\JDR\AppData\Local\Google
2015-01-10 20:47 - 2015-01-10 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 20:46 - 2015-01-10 21:49 - 00002281 _____ () C:\Windows\patsearch.bin
2015-01-10 20:41 - 2015-01-10 20:41 - 00000000 __SHD () C:\Users\JDR\AppData\Local\EmieUserList
2015-01-10 20:41 - 2015-01-10 20:41 - 00000000 __SHD () C:\Users\JDR\AppData\Local\EmieSiteList
2015-01-10 20:40 - 2015-01-10 20:40 - 00000000 ____D () C:\Users\JDR\AppData\Roaming\Adobe
2015-01-10 20:39 - 2015-01-12 23:05 - 00000000 ____D () C:\Users\JDR
2015-01-10 20:39 - 2015-01-11 23:20 - 00058488 _____ () C:\Users\JDR\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-10 20:39 - 2015-01-10 20:39 - 00001648 _____ () C:\Windows\system32\WinToolkit_RunOnce_Log.log
2015-01-10 20:39 - 2015-01-10 20:39 - 00000020 ___SH () C:\Users\JDR\ntuser.ini
2015-01-10 20:39 - 2015-01-10 20:39 - 00000000 ____D () C:\Users\JDR\AppData\Local\VirtualStore
2015-01-10 20:39 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-10 20:39 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\JDR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-10 20:38 - 2015-01-10 20:38 - 00371116 __RSH () C:\OGJCH
2015-01-10 20:35 - 2015-01-14 03:00 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-10 20:35 - 2015-01-10 20:35 - 00000000 __SHD () C:\Recovery
2015-01-10 20:32 - 2015-01-18 03:00 - 01170053 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 20:31 - 2015-01-10 20:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-01-10 20:30 - 2015-01-10 20:30 - 00000000 ____D () C:\Windows\CSC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 18:11 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 18:11 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 18:10 - 2009-07-14 06:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 18:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 07:51 - 2014-09-19 16:37 - 00000000 ____D () C:\Windows\Panther
2015-01-14 03:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 03:16 - 2011-04-12 09:28 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-13 03:16 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-12 19:49 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins
2015-01-12 19:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech
2015-01-12 19:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\TAPI
2015-01-12 18:59 - 2009-07-14 05:45 - 00314840 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-11 20:33 - 2014-11-15 15:37 - 00000000 ____D () C:\Users\JDR\Desktop\Paleo - The Sacred Science
2015-01-11 20:33 - 2014-01-30 14:07 - 00000000 ____D () C:\Users\JDR\Desktop\Paleocon
2015-01-11 20:04 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-11 15:41 - 2009-07-14 03:34 - 00000505 _____ () C:\Windows\win.ini
2015-01-11 05:27 - 2009-07-14 06:32 - 00032768 _____ () C:\Windows\system32\config\BCD-Template
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-01-10 23:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-10 21:21 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-01-10 20:58 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\restore
2015-01-10 20:35 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-10 20:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-31 12:14 - 2010-11-21 04:27 - 00298120 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\JDR\AppData\Roaming\BQBECKYI
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\JDR\AppData\Roaming\EPBFEZ
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\JDR\AppData\Roaming\LYVB

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 03:50

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015
Ran by JDR at 2015-01-18 09:41:42
Running from C:\Users\JDR\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2100642859-3274675363-52059511-1001\...\uTorrent) (Version: 3.4.2.37951 - BitTorrent Inc.)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
CPUID CPU-Z 1.71.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Driver: Parallel Lines (HKLM-x32\...\Steam App 21780) (Version:  - Ubisoft Reflections)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Launchy 2.5 (HKLM-x32\...\Launchy_21344213_is1) (Version:  - Code Jelly)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.3 (HKLM\...\{9F6EA3D4-B2FA-3120-8DF8-07396231AFB4}) (Version: 4.5.53315 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0000 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version:  - Trion Worlds)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-01-17 18:03 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {31BBB98D-6B2F-4A07-AA52-D78BB353D7F2} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {3DDD5833-9172-4D89-A3E1-06E21C036D2C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {6416FAA5-22E9-452D-8F97-A467D569B142} - System32\Tasks\Core Temp Autostart JDR => F:\OC\CoreTemp64\Core Temp.exe [2013-10-08] ()
Task: {AE5E945C-9895-45AB-8B6B-2825286D9907} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B90C8C4B-7091-4903-B045-9E61BA60D67E} - System32\Tasks\elbyExecuteWithUAC => D:\Program Files\Elaborate Bytes\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-21] ()
Task: {FD8591D9-7C88-45DF-88E6-42333E3C28AA} - System32\Tasks\Apple\AppleSoftwareUpdate => D:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

==================== Loaded Modules (whitelisted) =============

2015-01-11 20:53 - 2010-11-10 19:38 - 00380928 _____ () D:\Program Files\Launchy\Launchy.exe
2015-01-13 21:22 - 2013-10-08 13:23 - 00890016 _____ () F:\OC\CoreTemp64\Core Temp.exe
2014-04-14 20:41 - 2015-01-11 17:37 - 00039192 ____R () D:\Program Files\CCleaner\branding.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () D:\Program Files\Panda Security\Panda Security Protection\SQLite3.dll
2015-01-11 20:53 - 2009-12-16 22:13 - 08314880 _____ () D:\Program Files\Launchy\QtGui4.dll
2015-01-11 20:53 - 2009-12-16 21:54 - 02236416 _____ () D:\Program Files\Launchy\QtCore4.dll
2015-01-11 20:53 - 2009-12-16 21:56 - 00712704 _____ () D:\Program Files\Launchy\QtNetwork4.dll
2015-01-11 20:53 - 2009-12-17 00:18 - 00233472 _____ () D:\Program Files\Launchy\imageformats\qmng4.dll
2015-01-11 20:53 - 2010-11-10 19:39 - 00081920 _____ () D:\Program Files\Launchy\plugins\calcy.dll
2015-01-11 20:53 - 2010-11-10 19:39 - 00090112 _____ () D:\Program Files\Launchy\plugins\controly.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00024064 _____ () D:\Program Files\Launchy\plugins\gcalc.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00094208 _____ () D:\Program Files\Launchy\plugins\runner.dll
2015-01-11 20:53 - 2010-11-10 19:38 - 00057344 _____ () D:\Program Files\Launchy\plugins\verby.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2015-01-10 21:01 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2015-01-11 20:30 - 2014-11-11 19:48 - 01171456 _____ () c:\Steam\libavcodec-56.dll
2015-01-11 20:30 - 2014-11-11 19:48 - 00442368 _____ () c:\Steam\libavutil-54.dll
2015-01-11 20:30 - 2014-11-11 19:48 - 00332800 _____ () c:\Steam\libavresample-2.dll
2015-01-11 20:30 - 2014-11-11 19:47 - 00774656 _____ () c:\Steam\SDL2.dll
2015-01-11 20:30 - 2014-11-18 21:23 - 02227904 _____ () c:\Steam\video.dll
2015-01-11 20:30 - 2014-11-11 19:48 - 00403968 _____ () c:\Steam\libavformat-56.dll
2015-01-11 20:30 - 2014-11-11 19:48 - 00485888 _____ () c:\Steam\libswscale-3.dll
2015-01-11 20:30 - 2014-11-18 21:23 - 00690880 _____ () C:\Steam\bin\chromehtml.DLL
2015-01-11 20:30 - 2014-11-11 19:48 - 34589888 _____ () C:\Steam\bin\libcef.dll
2015-01-11 20:30 - 2014-11-11 19:48 - 00837824 _____ () C:\Steam\bin\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2100642859-3274675363-52059511-500 - Administrator - Disabled)
Guest (S-1-5-21-2100642859-3274675363-52059511-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2100642859-3274675363-52059511-1002 - Limited - Enabled)
JDR (S-1-5-21-2100642859-3274675363-52059511-1001 - Administrator - Enabled) => C:\Users\JDR

==================== Faulty Device Manager Devices =============

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2015 06:04:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 05:58:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 02:30:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 05:24:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12527

Error: (01/17/2015 05:24:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12527

Error: (01/17/2015 05:24:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/17/2015 05:24:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11529

Error: (01/17/2015 05:24:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11529

Error: (01/17/2015 05:24:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/17/2015 05:24:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10515


System errors:
=============
Error: (01/17/2015 06:06:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (01/17/2015 06:04:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/17/2015 06:00:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (01/17/2015 05:58:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/17/2015 02:32:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The WinDefend service terminated with the following error:
%%126

Error: (01/17/2015 02:30:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/17/2015 04:49:53 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/16/2015 10:16:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}


Microsoft Office Sessions:
=========================
Error: (01/17/2015 06:04:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 05:58:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 02:30:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 05:24:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12527

Error: (01/17/2015 05:24:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12527

Error: (01/17/2015 05:24:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/17/2015 05:24:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11529

Error: (01/17/2015 05:24:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11529

Error: (01/17/2015 05:24:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/17/2015 05:24:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10515


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz
Percentage of memory in use: 41%
Total physical RAM: 4094.48 MB
Available physical RAM: 2400.82 MB
Total Pagefile: 8187.15 MB
Available Pagefile: 5357.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:59.62 GB) (Free:10.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:411.84 GB) NTFS
Drive e: () (Fixed) (Total:931.5 GB) (Free:90.42 GB) NTFS
Drive f: () (Fixed) (Total:465.76 GB) (Free:445.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: A6DE872E)
Partition 1: (Active) - (Size=59.6 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: CDA4A639)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8C9BA9B6)
Partition 2: (Active) - (Size=931.5 GB) - (Type=05)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 69852B7A)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 18.01.2015 14:55
Hm, einen neuen Fix bitte

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49772;https=127.0.0.1:49772
C:\Users\JDR\AppData\Roaming\BQBECKYI
C:\Users\JDR\AppData\Roaming\EPBFEZ
C:\Users\JDR\AppData\Roaming\LYVB
C:\ProgramData\6adc0a0000005fd
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Und Proxysettings prüfen/korrigieren:




Falsche Proxy Einstellungen entfernen
  • Klicke im Start-Menü unter "Einstellungen" auf "Systemsteuerung" -> "Internetoptionen".
  • Wähle die Karteikarte "Verbindungen->Lan-Einstellungen“ und überprüfe ob bei Proxyserver ein Häkchen steht,
    wenn ja -> Entfernen, dann -> OK (sofern nicht richtige Eintragung)

jaydee81 18.01.2015 21:48
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01
Ran by JDR at 2015-01-18 21:44:27 Run:2
Running from C:\Users\JDR\Desktop
Loaded Profiles: JDR (Available profiles: JDR)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49772;https=127.0.0.1:49772
C:\Users\JDR\AppData\Roaming\BQBECKYI
C:\Users\JDR\AppData\Roaming\EPBFEZ
C:\Users\JDR\AppData\Roaming\LYVB
C:\ProgramData\6adc0a0000005fd
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
EmptyTemp:
Hosts:
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Users\JDR\AppData\Roaming\BQBECKYI => Moved successfully.
C:\Users\JDR\AppData\Roaming\EPBFEZ => Moved successfully.
C:\Users\JDR\AppData\Roaming\LYVB => Moved successfully.
C:\ProgramData\6adc0a0000005fd => Moved successfully.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 231 MB temporary data.


The system needed a reboot.

==== End of Fixlog 21:44:29 ====
War kein Proy-Server eingestellt...

cosinus 18.01.2015 23:20
Ist nach einem Reboot auch kein Proxyserver drin?

jaydee81 19.01.2015 18:20
Nein, nach dem Reboot kein Proxy drin.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:50 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27