Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win 8.1: Trojaner eingefangen (https://www.trojaner-board.de/171540-win-8-1-trojaner-eingefangen.html)

CptMw 25.09.2015 22:52
Win 8.1: Trojaner eingefangen
 
Hallo,

ich habe mir da blöderweise was eingefangen und wäre über Hilfestellung bei der Entfernung dankbar.

Ich habe eine .exe ausgeführt, blöderweise mit Admin-Rechten.

Nach meinen Recherchen handelt es sich um diesen süßen Fratz hxxp://www.virusradar.com/en/MSIL_Kryptik.DNN/description

https://www.virustotal.com/en/file/673cf41507f5809b25aeb30fccbcc4d85fe7d9d48e971080b5a2fb4df2fe954e/analysis/

https://malwr.com/analysis/OTQyYzViZGNiMjg5NDBjZTkyMTdiOWYzZTZhODY5MTI/

Das Teil hat sich nach AppData kopiert und einen Autorun-Eintrag angelegt (via Task Scheduler), welchen ich händisch entfernt habe.

Anschließend hat MBAM noch die Binary und 2 Registry-Einträge gelöscht.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 25.09.2015
Scan Time: 22:44
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.25.05
Rootkit Database: v2015.09.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: mongole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371471
Time Elapsed: 6 min, 47 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [08118ba9f09b61d514ecf80efb09ce32],
Trojan.Agent, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [08118ba9f09b61d514ecf80efb09ce32],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Agent, C:\Users\mongole\AppData\Roaming\chrome.exe, Quarantined, [08118ba9f09b61d514ecf80efb09ce32],

Physical Sectors: 0
(No malicious items detected)


(end)
Hier nun die Logfiles.

Defogger

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:21 on 25/09/2015 (mongole)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST64

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by mongole (administrator) on MONGOMACHINE-8 (25-09-2015 23:40:42)
Running from B:\TEMP\mozOpenDownload
Loaded Profiles: mongole (Available Profiles: mongole)
Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() M:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
(SecureMix LLC) M:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.2\EMET_Agent.exe
() M:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Greenshot) M:\Program Files\Greenshot\Greenshot.exe
(RaMMicHaeL) M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(alch) M:\Program Files (x86)\ClamWin\bin\ClamTray.exe
() M:\Program Files (x86)\ownCloud\owncloud.exe
() M:\Program Files\Ditto\Ditto.exe
(Andrea Russo - Italy) C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
(SecureMix LLC) M:\Program Files (x86)\GlassWire\GlassWire.exe
(VirtuaWin) C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
() C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(TrueCrypt Foundation) M:\Program Files\TrueCrypt\TrueCrypt.exe
(SecureMix LLC) M:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(The Pidgin developer community) M:\Program Files (x86)\Pidgin\pidgin.exe
() M:\Program Files\HexChat\hexchat.exe
() M:\Program Files (x86)\qBittorrent\qbittorrent.exe
() M:\Program Files (x86)\Spaz\Spaz.exe
() M:\Program Files (x86)\SABnzbd\SABnzbd.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Valve Corporation) M:\Games\Steam\Steam.exe
(Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) M:\Games\Steam\bin\steamwebhelper.exe
(Sysinternals - www.sysinternals.com) M:\Programme\SysinternalsSuite\Autoruns.exe
(ConEmu-Maximus5) C:\Program Files\ConEmu\ConEmu64.exe
(ConEmu-Maximus5) C:\Program Files\ConEmu\ConEmu\ConEmuC64.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
(Moonchild Productions) C:\Program Files\FossaMail\FossaMail.exe
() C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe
() B:\Downloads\Defogger.exe
(Malwarebytes Corporation) M:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() M:\Program Files (x86)\ClamWin\bin\clamscan.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [OODefragTray] => M:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [Greenshot] => m:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G Data Software AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-06-18] (Malwarebytes Corporation)
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <===== ATTENTION
HKLM\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKLM-x32\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [7 Taskbar Tweaker] => M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ClamWin] => m:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SandboxieControl] => m:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Google Update] => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ownCloud] => M:\Program Files (x86)\ownCloud\owncloud.exe [1748494 2015-09-01] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Ditto] => m:\Program Files\Ditto\Ditto.exe [1975808 2015-01-10] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [LoxCONTROL] => M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe [1865176 2014-05-07] (Loxone Electronics GmbH)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [f.lux] => C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Clam Sentinel] => C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe [737280 2014-07-18] (Andrea Russo - Italy)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GlassWire] => M:\Program Files (x86)\GlassWire\glasswire.exe [12771872 2015-07-30] (SecureMix LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {00fc8422-4518-11e4-8264-0015833d0a57} - "Z:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {07a2f1dc-dbb6-11e4-8291-97d8e33ee520} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0b248c5f-c9bc-11e4-8290-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3130-6b70-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31a4-6b70-11e4-8273-0015833d0a57} - "J:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31c9-6b70-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3228-6b70-11e4-8273-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {14df6a04-0a84-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {162e6353-bf1e-11e4-828f-0015833d0a57} - "Q:\BvsC_Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {18bfff98-a6b1-11e4-8284-e65431e47091} - "R:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2df4f224-5338-11e5-82b8-c975e38b645c} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2f6767ba-72b0-11e4-8277-0015833d0a57} - "P:\start.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab32722-d8e7-11e4-8291-97d8e33ee520} - "H:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab327eb-d8e7-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab328a3-d8e7-11e4-8291-97d8e33ee520} - "L:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4fc9a4b0-580a-11e5-82ba-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {60881c93-86fc-11e4-827e-9f3555d7a4f3} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4753-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4891-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {714b828f-4260-11e5-82b7-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b7399-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b75e7-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b9426-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042a8e-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042bc2-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83043e48-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {830440a0-617d-11e4-8273-0015833d0a57} - "K:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83044447-617d-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {89f42221-ff1a-11e4-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aada012-a252-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aadaf0b-a252-11e4-8284-e65431e47091} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a4fef4da-5e67-11e5-82ba-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a9a16c7d-0027-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b22c0533-6397-11e5-82bc-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b39f8cc0-1d22-11e5-82a9-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225db12-d660-11e4-8291-97d8e33ee520} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225e732-d660-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc266ba8-80b9-11e4-827d-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dfac2b46-37c5-11e5-82b2-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e0617187-c45c-11e4-828f-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e06176a3-c45c-11e4-828f-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e06e4-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e0808-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e7b61e58-9e1a-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [{BF6DA836-4385-488D-8F01-89E886CAD41D}] => "B:\Killer_Network_Drivers_(driver_only)_1.1.50.1073\Killer\setup.exe"
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BtProx.lnk [2015-03-29]
ShortcutTarget: BtProx.lnk -> C:\Program Files (x86)\BtProx\btprox.exe (BtProx)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk [2014-10-19]
ShortcutTarget: Duplicati.lnk -> M:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-07]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-12-16]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk [2014-09-23]
ShortcutTarget: VirtuaWin.lnk -> C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeZautocheck autochk *
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8F5EDCF9-F14F-4A0C-AEB1-5860B2A385C0}: [NameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> m:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-06-27] (FreeDownloadManager.ORG)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - m:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - m:\Program Files (x86)\Free Download Manager\Firefox\Extension [2014-09-25]
StartMenuInternet: FIREFOX.EXE - m:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
R2 DirMngr; m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
R2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S3 FileZilla Server; m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [794584 2015-06-12] (FileZilla Project)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
R2 GlassWire; M:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7438880 2015-07-30] (SecureMix LLC)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 iked; m:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S3 ipsecd; m:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
S3 MBAMService; m:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4045264 2015-08-03] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2284496 2015-07-30] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI)
R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100352 2014-09-25] (Microsoft Corporation)
S3 OODefragAgent; M:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
S3 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SbieSvc; m:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 Synergy; M:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
S2 uvnc_service; m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1979136 2015-05-28] (UltraVNC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 MPlayerWWService; "M:\Programme\mplayer\tools\MPlayerWWService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [118320 2015-06-19] (Rivet Networks, LLC.)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dvblink_tuner; C:\Windows\system32\drivers\dvblink_tuner.sys [78184 2013-10-24] (DVBLogic)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2015-03-04] (G Data Software AG)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [126512 2015-03-18] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-25] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2014-09-25] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 pbfilter; M:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PORTMON; M:\Programme\SysinternalsSuite\PORTMSYS.SYS [28656 2015-07-11] (Systems Internals) [File not signed]
R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [81912 2012-12-27] (Micro-Star Int'l Co., Ltd.)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2014-09-25] (Microsoft Corporation)
R3 SbieDrv; m:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 UDST7000BDA; C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys [917160 2012-08-20] (TerraTec Electronic GmbH.)
S3 UDST7000HID; C:\Windows\System32\drivers\TerraTecUsbHid.sys [26408 2012-08-20] (TerraTec Electronic GmbH.)
U5 UnlockerDriver5; c:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-13] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-07-25] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
U0 xtcx; C:\Windows\System32\drivers\elqmjfvr.sys [79064 2015-09-25] (Malwarebytes Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
U3 kglcypob; \??\B:\TEMP\kglcypob.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 23:38 - 2015-09-25 23:40 - 00000000 ____D C:\FRST
2015-09-25 23:21 - 2015-09-25 23:21 - 00000000 _____ C:\Users\mongole\defogger_reenable
2015-09-25 22:51 - 2015-09-25 22:51 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\elqmjfvr.sys
2015-09-25 22:38 - 2015-09-25 22:50 - 00000000 ____D C:\Windows\System32\Tasks\Update
2015-09-25 22:38 - 2015-09-25 22:38 - 00000445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA.lnk
2015-09-25 22:38 - 2015-09-25 22:38 - 00000000 ____D C:\Users\mongole\AppData\Roaming\F3247B3C-E835-478E-8AA4-F9949F685480
2015-09-25 17:11 - 2015-09-25 17:11 - 00000021 _____ C:\Windows\S.dirmngr
2015-09-25 16:05 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-10 20:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-25 16:05 - 2015-08-10 20:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-25 16:05 - 2015-08-10 20:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 19:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-25 16:05 - 2015-08-10 18:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 18:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-25 16:05 - 2015-08-07 23:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-25 16:05 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-25 16:05 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-25 16:05 - 2015-08-06 21:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-25 16:05 - 2015-08-06 21:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-25 16:05 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-25 16:05 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-25 16:05 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-23 21:06 - 2015-09-23 21:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\FRITZ!
2015-09-23 21:04 - 2015-09-23 21:04 - 00000726 _____ C:\Users\Public\Desktop\FRITZ!fax.lnk
2015-09-23 21:04 - 2015-09-23 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2015-09-23 21:04 - 2006-02-23 12:16 - 00047616 _____ (TODO: <Company name>) C:\Windows\system32\AvmColorFax.dll
2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ C:\Windows\system32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:53 - 00043520 _____ (TODO: <Company name>) C:\Windows\system32\AvmFax.dll
2015-09-23 21:04 - 2006-02-22 10:51 - 00027136 _____ (AVM Berlin GmbH) C:\Windows\system32\FriDru64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ C:\Windows\system32\FritzPort64.dll
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\ISDNWatch
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\FRITZ!fax für FRITZ!Box
2015-09-23 20:58 - 2015-09-23 20:58 - 00000174 _____ C:\Windows\setup.log
2015-09-22 20:35 - 2015-09-14 02:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-22 20:35 - 2015-09-14 02:29 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-17 16:50 - 2015-09-17 16:50 - 00000000 ____D C:\Users\mongole\AppData\Roaming\XnView
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\Users\mongole\AppData\Roaming\TagScanner
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\pdfforge
2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-09-15 23:24 - 2015-06-04 10:36 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-09-15 04:12 - 2015-09-15 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-12 03:14 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-11 20:08 - 2015-09-11 20:08 - 00000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Users\mongole\AppData\Roaming\IrfanView
2015-09-11 01:21 - 2015-09-11 01:21 - 00000000 ____D C:\Program Files\IrfanView
2015-09-11 00:21 - 2015-09-25 17:11 - 00002070 _____ C:\Windows\setupact.log
2015-09-11 00:21 - 2015-09-11 00:21 - 00000000 _____ C:\Windows\setuperr.log
2015-09-10 22:18 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\start
2015-09-10 21:44 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\stop
2015-09-10 21:05 - 2015-09-14 02:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll
2015-09-10 20:57 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-10 20:57 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-10 20:57 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-10 20:57 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-10 20:57 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 20:57 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 20:57 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 20:57 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-10 20:57 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-10 20:57 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-10 20:57 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-10 20:57 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-10 20:57 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-10 20:57 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-10 20:57 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-10 20:57 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-10 20:57 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-10 20:57 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-10 20:57 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-10 20:57 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-10 20:57 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-10 20:57 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-10 20:57 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-10 20:57 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 20:57 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-10 20:57 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-10 20:57 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-10 20:57 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-10 20:57 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-10 20:57 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-07 01:18 - 2015-09-07 01:18 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Killer
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\Program Files\Killer Networking
2015-09-05 17:51 - 2015-09-05 17:51 - 00000722 _____ C:\Users\mongole\Desktop\Act of Aggression.lnk
2015-09-05 17:51 - 2015-09-05 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Act of Aggression
2015-09-04 21:10 - 2015-09-04 21:12 - 00000000 ____D C:\Users\mongole\Documents\b1-keys
2015-09-04 21:10 - 2015-09-04 21:10 - 00000000 ____D C:\Users\mongole\b1-keys
2015-09-02 14:25 - 2015-09-02 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 13:36 - 2015-09-02 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-08-30 19:57 - 2015-08-30 19:57 - 00000665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\Program Files (x86)\WinPcap
2015-08-29 13:19 - 2015-08-29 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-08-29 12:55 - 2015-08-29 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guacamelee! Super Turbo Championship Edition [GOG.com]
2015-08-29 12:24 - 2015-08-29 12:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Sun
2015-08-29 12:24 - 2015-08-29 12:24 - 00000000 ____D C:\Users\mongole\.oracle_jre_usage
2015-08-27 20:17 - 2015-08-27 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-08-27 20:17 - 2015-08-27 20:17 - 00000000 ____D C:\Program Files\Classic Shell

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-25 23:40 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\McAfee
2015-09-25 23:40 - 2014-09-22 21:43 - 00000000 ____D C:\Users\mongole\AppData\Roaming\.purple
2015-09-25 23:39 - 2014-10-26 01:01 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Ditto
2015-09-25 23:37 - 2014-10-17 18:44 - 00001158 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job
2015-09-25 23:30 - 2014-09-22 15:18 - 00070702 _____ C:\Users\mongole\Desktop\main.kdbx
2015-09-25 23:27 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\stinger
2015-09-25 23:22 - 2014-10-31 13:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-25 23:21 - 2014-09-21 21:21 - 00000000 ____D C:\Users\mongole
2015-09-25 22:54 - 2014-09-21 21:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859236888-2619314948-3413747170-1001
2015-09-25 22:51 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConEmu
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\Program Files\ConEmu
2015-09-25 22:41 - 2015-07-25 19:36 - 00001246 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-25 19:47 - 2014-09-21 21:27 - 01816717 _____ C:\Windows\WindowsUpdate.log
2015-09-25 19:41 - 2015-07-25 19:36 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-25 17:37 - 2014-10-12 20:02 - 00000000 ____D C:\Users\mongole\AppData\Roaming\qBittorrent
2015-09-25 17:17 - 2014-09-22 15:08 - 00763218 _____ C:\Windows\system32\perfh007.dat
2015-09-25 17:17 - 2014-09-22 15:08 - 00159364 _____ C:\Windows\system32\perfc007.dat
2015-09-25 17:17 - 2014-03-18 12:01 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-25 17:14 - 2014-09-23 01:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\HexChat
2015-09-25 17:13 - 2014-09-26 00:20 - 00006469 _____ C:\Windows\SysWOW64\Gms.log
2015-09-25 17:12 - 2014-09-24 22:03 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Dropbox
2015-09-25 17:12 - 2014-09-21 21:21 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-25 17:11 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-25 16:55 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-25 16:54 - 2014-09-22 15:20 - 00000000 ____D C:\Users\mongole\AppData\Roaming\KeePass
2015-09-25 16:39 - 2014-10-17 18:44 - 00002452 _____ C:\Users\mongole\Desktop\Google Chrome Canary.lnk
2015-09-25 16:05 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-25 02:58 - 2014-10-02 21:17 - 00001780 _____ C:\Windows\Sandboxie.ini
2015-09-25 01:47 - 2014-09-25 15:33 - 00000000 ____D C:\Users\mongole\AppData\Roaming\foobar2000
2015-09-24 22:58 - 2014-10-05 20:45 - 00000000 ____D C:\Users\mongole\AppData\Roaming\vlc
2015-09-24 20:29 - 2014-09-22 23:04 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-09-24 20:29 - 2014-03-18 11:51 - 00083868 _____ C:\Windows\PFRO.log
2015-09-24 20:27 - 2014-09-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-09-24 20:27 - 2014-09-22 23:04 - 00006223 _____ C:\Windows\LkmdfCoInst.log
2015-09-24 20:27 - 2014-09-22 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-09-24 19:40 - 2014-10-30 11:15 - 00004208 __RSH C:\ProgramData\ntuser.pol
2015-09-24 13:12 - 2015-03-16 21:35 - 00000000 ____D C:\Program Files\Pale Moon
2015-09-24 04:37 - 2014-10-17 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job
2015-09-23 21:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2015-09-22 20:35 - 2014-09-24 01:32 - 00000000 ____D C:\Temp
2015-09-22 20:35 - 2014-09-22 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-22 20:34 - 2014-09-26 00:16 - 00000000 ____D C:\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\Program Files (x86)\MSI
2015-09-15 04:32 - 2014-10-17 18:44 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA
2015-09-15 04:32 - 2014-10-17 18:44 - 00003728 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core
2015-09-15 04:12 - 2014-09-22 23:59 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-09-15 04:12 - 2014-09-22 23:59 - 00001906 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-09-15 04:12 - 2014-09-22 23:59 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-15 04:12 - 2014-09-21 21:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-15 03:18 - 2013-08-22 17:38 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2013-08-22 17:38 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 02:29 - 2015-02-21 21:30 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-14 02:29 - 2014-11-17 00:00 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-14 00:09 - 2014-09-22 15:15 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-14 00:09 - 2014-09-22 15:15 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-13 20:24 - 2014-09-22 22:51 - 00000000 ____D C:\Users\mongole\AppData\Roaming\gnupg
2015-09-11 14:17 - 2014-09-22 15:15 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-11 01:00 - 2014-10-24 23:29 - 00000038 _____ C:\Users\mongole\.lesshst
2015-09-11 00:33 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-11 00:23 - 2014-10-19 23:36 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2015-09-10 22:44 - 2014-10-02 21:44 - 00000912 __RSH C:\Users\mongole\ntuser.pol
2015-09-10 21:08 - 2013-08-22 16:44 - 00409384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 21:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-10 20:58 - 2014-03-18 11:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 22:55 - 2014-09-22 21:36 - 00001771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FossaMail.lnk
2015-09-08 22:55 - 2014-09-22 21:36 - 00000000 ____D C:\Program Files\FossaMail
2015-09-06 00:52 - 2015-06-22 22:15 - 00000992 _____ C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-09-05 20:14 - 2014-09-25 20:49 - 00000000 ____D C:\Users\mongole\Documents\My Games
2015-09-05 17:38 - 2014-10-24 23:35 - 00000000 ____D C:\Users\mongole\.VirtualBox
2015-09-05 09:16 - 2014-11-16 20:05 - 00000600 _____ C:\Users\mongole\AppData\Roaming\winscp.rnd
2015-09-04 19:49 - 2015-01-11 17:43 - 00034426 _____ C:\Users\mongole\Documents\default.xdb
2015-09-02 14:25 - 2015-07-25 19:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-31 23:15 - 2014-09-26 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z
2015-08-29 13:02 - 2015-01-16 03:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Azureus
2015-08-29 12:55 - 2014-09-24 01:29 - 00384876 _____ C:\Windows\DirectX.log
2015-08-29 12:24 - 2015-01-19 22:50 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-29 12:24 - 2015-01-19 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-29 12:24 - 2014-10-02 16:27 - 00000000 ____D C:\Program Files\Java
2015-08-26 18:37 - 2014-09-23 00:29 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-26 11:36 - 2015-02-08 19:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer

==================== Files in the root of some directories =======

2014-11-16 20:05 - 2015-09-05 09:16 - 0000600 _____ () C:\Users\mongole\AppData\Roaming\winscp.rnd
2014-09-24 04:01 - 2014-10-28 08:45 - 0005632 _____ () C:\Users\mongole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 14:53 - 2015-04-12 14:56 - 0000000 _____ () C:\Users\mongole\AppData\Local\Driver_LOM_8161Present.flag
2015-03-01 01:39 - 2015-03-01 01:39 - 0000000 ___SH () C:\Users\mongole\AppData\Local\LumaEmu
2014-11-24 20:59 - 2015-09-02 20:45 - 0000600 _____ () C:\Users\mongole\AppData\Local\PUTTY.RND
2014-09-26 12:29 - 2015-02-18 01:23 - 0007600 _____ () C:\Users\mongole\AppData\Local\resmon.resmoncfg
2014-10-13 07:21 - 2014-10-13 07:21 - 0004222 _____ () C:\Users\mongole\AppData\Local\Shrew Soft VPN.7z

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-23 02:12

==================== End of FRST.txt ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-09-2015
Ran by mongole (2015-09-25 23:40:55)
Running from B:\TEMP\mozOpenDownload
Windows 8.1 Enterprise (X64) (2014-09-21 19:21:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3859236888-2619314948-3413747170-500 - Administrator - Disabled)
Guest (S-1-5-21-3859236888-2619314948-3413747170-501 - Limited - Disabled)
mongole (S-1-5-21-3859236888-2619314948-3413747170-1001 - Administrator - Enabled) => C:\Users\mongole

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Act of Aggression (HKLM-x32\...\Act of Aggression_is1) (Version:  - )
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
ADBGUI6 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\979922cacf20f967) (Version: 6.0.1.22 - URGERO.ORG)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version:  - )
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.3 - Angry IP Scanner)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Areca (HKLM-x32\...\Areca) (Version:  - )
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Assassins Creed Unity (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1) (Version: 1 - )
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Battle vs. Chess (HKLM-x32\...\Battle vs. Chess_is1) (Version: 1.0 - Zuxxez Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Bitcoin Core (32-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (32-bit)) (Version: 0.10.1 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.8 - BleachBit)
Bloodsports TV (HKLM-x32\...\Bloodsports TV_is1) (Version:  - )
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BtProx (HKLM-x32\...\BtProx) (Version:  - Uri Kogan)
Call of Duty - Advanced Warfare (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Citrix AppCenter (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Citrix AppCenter) (Version: 1.0 - Delivered by Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Citrix Terminalserver (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@TS.Citrix Terminalserver) (Version: 1.0 - Delivered by Citrix)
Clam Sentinel 1.22 (HKLM-x32\...\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1) (Version:  - Andrea Russo - Italy)
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Clink v0.4.2 (HKLM-x32\...\clink_0.4.2) (Version: 0.4.2 - Martin Ridgers)
Closure (HKLM-x32\...\Steam App 72000) (Version:  - Eyebrow Interactive)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
cmd (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.cmd) (Version: 1.0 - Delivered by Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
ConEmu (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.ConEmu) (Version: 1.0 - Delivered by Citrix)
ConEmu 150913.x64 (HKLM\...\{FE293547-3E5B-4E1F-B9A8-724C4881CA22}) (Version: 11.150.9130 - ConEmu-Maximus5)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DBOX2 Image-Flashing-Assistent 3.1 (HKLM-x32\...\DBOX2 Image-Flashing-Assistent_is1) (Version:  - Hallenberg.com)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version:  - )
Depth (HKLM-x32\...\Steam App 274940) (Version:  - Digital Confectioners)
Desura (HKLM-x32\...\Desura) (Version: 100.59 - Desura)
DigiTweet (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7d5aa0ba8fedecb4) (Version: 1.0.0.59 - Digiflare Inc.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.2 - DiskInternals Research)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
DS Storage Manager 10 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.DS Storage Manager 10) (Version: 1.0 - Delivered by Citrix)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version:  - 3D Realms)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version:  - )
Dying Light Update v1.4.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
EMET 5.2 (HKLM-x32\...\{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}) (Version: 5.2 - Microsoft Corporation)
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Flux) (Version:  - )
Fahrenheit Indigo Prophecy Remastered (HKLM-x32\...\Fahrenheit Indigo Prophecy Remastered_is1) (Version:  - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version:  - )
Far Cry 4 Valley of the Yeti Addon (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
FileZilla Client 3.12.0.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.53 - FileZilla Project)
Firefox (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Firefox) (Version: 1.0 - Delivered by Citrix)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version:  - Bugbear Entertainment)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
FossaMail 25.1.7 (x64 en-US) (HKLM\...\FossaMail 25.1.7 (x64 en-US)) (Version: 25.1.7 - Mozilla)
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM-x32\...\R2VvbWV0cnlEYXNo_is1) (Version: 1 - )
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.21 - SecureMix LLC)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome Canary (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Google Chrome SxS) (Version: 47.0.2518.0 - Google Inc.)
Gow (HKLM-x32\...\Gow) (Version:  - )
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\1207665733_is1) (Version: 2.0.0.1 - GOG.com)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Halite (HKLM\...\{A6E8D850-4C28-4C6F-8B69-1109D0709F29}) (Version: 0.4.02 - BinaryNotions.com)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Hatred Survival Addon (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - EKO Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
i2pd version 0.2.1 (HKLM\...\i2pd_is1) (Version: 0.2.1 - )
iNFekt NFO Viewer (HKLM\...\{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1) (Version: 0.9.5 - syndicode)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Jamestown (HKLM-x32\...\Steam App 94200) (Version:  - Final Form Games)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jitsi (HKLM\...\{1069D709-EDA7-472D-A5EE-97C8E3E398AB}) (Version: 2.8.5426 - Jitsi)
JSignPdf 1.6.1 (HKLM-x32\...\JSignPdf_is1) (Version: 1.6.1 - Josef Cacek)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Qualcomm Atheros)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LibreOffice 5.0.1.2 (HKLM\...\{A18CF6D8-7CE1-46F2-85B9-D87B7197B2F6}) (Version: 5.0.1.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.2 - Hermann Schinagl)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
Loxone Config (HKLM-x32\...\LoxoneConfig_is1) (Version: 6.3 - Loxone Electronics GmbH)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 40.0.3 (x86 de) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.00 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
Mumble 1.3.0 (HKLM\...\{006B90FD-7E67-4908-A718-9B87B875DD04}) (Version: 1.3.0 - The Mumble team)
My Game Long Name (HKLM\...\UDK-348e5299-f952-4ecf-bb48-70a2184543c0) (Version:  - Epic Games, Inc.)
Namecoin 0.3.80 (HKLM-x32\...\Namecoin_is1) (Version:  - )
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team)
NVIDIA Grafiktreiber 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{46CD29D7-580C-4E2E-8469-BD7F7CB1CCF8}) (Version: 18.0.39 - O&O Software GmbH)
Oddworld - New 'n' Tasty (HKLM-x32\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OlliOlli (HKLM-x32\...\T2xsaU9sbGk=_is1) (Version: 1 - )
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version:  - )
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.1.5446 - ownCloud)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.7.0 (x64 en-US) (HKLM\...\Pale Moon 25.7.0 (x64 en-US)) (Version: 25.7.0 - Moonchild Productions)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.312.1 - Tracker Software Products (Canada) Ltd.)
PeaZip 5.7.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peerunity (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Peerunity) (Version: 0.1.0.0 - Peerunity project)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
PokerTH (HKLM-x32\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Pro Evolution Soccer 2015 GERMAN (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
Psi (remove only) (HKLM-x32\...\Psi) (Version:  - )
Putty (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Putty) (Version: 1.0 - Delivered by Citrix)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 5.0.1.0225 - QNAP Systems, Inc.)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Saints Row: Gat out of Hell (HKLM-x32\...\U2FpbnRzUm93R2F0b3V0b2ZIZWxs_is1) (Version: 1 - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SERVER-MGMT Desktop (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.SERVER-MGMT Desktop) (Version: 1.0 - Delivered by Citrix)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Sir You Are Being Hunted v1.3 64BiT version 1.3 (HKLM-x32\...\Sir You Are Being Hunted v1.3 64BiT_is1) (Version: 1.3 - WaLMaRT)
SOMA (HKLM\...\U09NQQ==_is1) (Version: 1 - )
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spaz (HKLM-x32\...\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1) (Version: 0.9.24 - UNKNOWN)
Spaz (x32 Version: 0.9.24 - UNKNOWN) Hidden
Spintires (HKLM-x32\...\Spintires_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.9811 - Krzysztof Kowalczyk)
Synergy (64-bit) (HKLM\...\{FDD88467-9C61-4E2D-BA69-2A89735A21CC}) (Version: 1.5.0 - The Synergy Project)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
TagScanner 5.1.668 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tembo the Badass Elephant (HKLM-x32\...\Tembo the Badass Elephant_is1) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_is1) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version:  - )
TOXIKK (HKLM-x32\...\Steam App 324810) (Version:  - Reakktor Studios)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
Transmission Remote GUI 5.0.1 (HKLM-x32\...\transgui_is1) (Version:  - Yury Sidorov)
Trials Fusion - After the Incident (HKLM-x32\...\Trials Fusion - After the Incident_is1) (Version:  - )
Trials Fusion - Fire in the Deep (HKLM-x32\...\Trials Fusion - Fire in the Deep_is1) (Version:  - )
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version:  - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.1.0 (HKLM-x32\...\tvbrowser) (Version: 3.4.1.0 - TV-Browser Team)
Ultratron (HKLM-x32\...\Steam App 219190) (Version:  - Puppygames)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Management Suite Administrator (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Administrat) (Version: 1.0 - Delivered by Citrix)
Universal Management Suite Console (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Console) (Version: 1.0 - Delivered by Citrix)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-2 - IDRIX)
Vim 7.4.711 (HKLM-x32\...\Vim) (Version:  - )
VirtuaWin Unicode v4.4 (HKLM-x32\...\VirtuaWin_is1) (Version:  - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware vSphere Client (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VMware vSphere Client) (Version: 1.0 - Delivered by Citrix)
VNC (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VNC) (Version: 1.0 - Delivered by Citrix)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WATCH_DOGS Update v1.04.497 (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
WinDirStat 1.1.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\WinDirStat) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.4 (HKLM-x32\...\winscp3_is1) (Version: 5.7.4 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version:  - )
Wireshark 1.12.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)
XCA (X Certificate and Key Management) (HKLM-x32\...\xca) (Version: 1.2.0 - Christian Hohnstaedt <christian@hohnstaedt.de>)
YubiKey Personalization Tool (HKLM-x32\...\yubikey-personalization-gui) (Version: 3.1.18 - Yubico AB)

CptMw 25.09.2015 22:53
Code:
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\mongole\AppData\Local\Google\Chrome SxS\Application\47.0.2518.0\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32 -> m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll ()
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> M:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B3F5EDE0-4267-49eb-A775-799895476453}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B8D080EE-9541-460f-A1AE-7C43CDA96C0F}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-09-11 01:01 - 00002659 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 feedback.windows.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 pre.footprintpredict.com
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 statsfe2.update.microsoft.com.akadns.net
127.0.0.1 statsfe2.ws.microsoft.com

There are 14 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AA455F-D91A-487D-91C6-2E460B1F5E08} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {2E2385AA-5866-465A-8E65-9F4B95924710} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-13] ()
Task: {3930A1E9-B5C5-4B6C-A1E4-460A2E7CF383} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {613F8E20-CB4F-4A29-A577-4785ED6840B1} - System32\Tasks\iSCSIAgentAutoStartup => m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-02-25] ()
Task: {615C2D13-ECEC-4A3E-911F-12FF2E00F912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7EAD4639-8D71-41EC-A19B-50076B0EA426} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {81721326-32A8-497D-B7E2-EAA4F81A8C59} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {88BFD09E-2004-42B8-8D29-4B8325C763B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A361FEBF-4CF1-4B2D-9111-ADFE0688E332} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {D6E457A3-1C07-467F-AF60-227380CA1A9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {FA5CB74E-0F3C-414F-BEB4-975BBF5C279C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2014-10-02 18:47 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2014-09-03 13:07 - 2014-09-03 13:07 - 00216576 _____ () m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2015-03-11 16:43 - 2015-03-11 16:43 - 00157344 _____ () C:\Program Files (x86)\EMET 5.2\HelperLib.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00018584 _____ () C:\Program Files (x86)\EMET 5.2\ReportingSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00052384 _____ () C:\Program Files (x86)\EMET 5.2\PKIPinningSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00035992 _____ () C:\Program Files (x86)\EMET 5.2\TrayIconSubsystem.dll
2015-03-11 16:43 - 2015-03-11 16:43 - 00036504 _____ () C:\Program Files (x86)\EMET 5.2\TelemetrySubsystem.dll
2014-03-19 13:31 - 2014-03-19 13:31 - 00348160 _____ () C:\Program Files (x86)\EMET 5.2\DevExpress.UserSkins.HighContrast.dll
2015-07-25 19:54 - 2015-02-25 08:15 - 01739952 _____ () m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-09-01 16:41 - 2015-09-01 16:41 - 01748494 _____ () M:\Program Files (x86)\ownCloud\owncloud.exe
2015-07-25 20:06 - 2015-01-10 14:45 - 01975808 _____ () M:\Program Files\Ditto\Ditto.exe
2014-09-23 00:48 - 2012-10-09 23:32 - 00015360 _____ () C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
2015-03-07 02:07 - 2015-03-07 02:07 - 00908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-09-01 20:27 - 2015-09-01 20:27 - 01095448 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-07 02:07 - 2015-03-07 02:07 - 00060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-09-01 20:27 - 2015-09-01 20:27 - 00240408 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-02 18:49 - 2013-10-04 06:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-11-26 11:05 - 2013-11-26 11:05 - 00091136 _____ () C:\Windows\system32\SSDEVM64.DLL
2014-12-26 03:56 - 2014-11-25 20:09 - 00741888 _____ () M:\Program Files\HexChat\hexchat.exe
2014-12-26 03:56 - 2014-11-22 20:50 - 01394688 _____ () M:\Program Files\HexChat\cairo.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00076288 _____ () M:\Program Files\HexChat\zlib1.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00225280 _____ () M:\Program Files\HexChat\libpng16.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00682496 _____ () M:\Program Files\HexChat\fontconfig.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 00028160 _____ () M:\Program Files\HexChat\iconv.dll
2014-12-26 03:56 - 2014-11-22 20:49 - 00613888 _____ () M:\Program Files\HexChat\pixman-1.dll
2014-12-26 03:56 - 2014-11-22 20:48 - 01502720 _____ () M:\Program Files\HexChat\libxml2.dll
2014-12-26 03:56 - 2014-11-22 20:50 - 00783360 _____ () M:\Program Files\HexChat\harfbuzz.dll
2014-12-26 03:56 - 2014-11-22 20:51 - 00056832 _____ () M:\Program Files\HexChat\lib\gtk-2.0\i686-pc-vs10\engines\libwimp.dll
2014-12-26 03:56 - 2014-11-22 20:50 - 00287744 _____ () M:\Program Files\HexChat\lib\enchant\libenchant_myspell.dll
2014-12-26 03:56 - 2014-11-25 20:09 - 00014848 _____ () M:\Program Files\HexChat\plugins\hcfishlim.dll
2014-12-26 03:56 - 2014-11-25 20:09 - 00011264 _____ () M:\Program Files\HexChat\plugins\hcupd.dll
2015-08-02 15:29 - 2015-08-02 15:29 - 14844416 _____ () M:\Program Files (x86)\qBittorrent\qbittorrent.exe
2014-11-08 05:43 - 2014-11-08 05:43 - 00142336 _____ () M:\Program Files (x86)\Spaz\Spaz.exe
2015-05-14 23:53 - 2015-05-14 23:53 - 00104960 _____ () m:\Program Files (x86)\SABnzbd\SABnzbd.exe
2015-03-16 21:35 - 2015-08-27 23:19 - 04091904 _____ () C:\Program Files\Pale Moon\mozjs.dll
2015-06-19 03:31 - 2015-06-19 03:31 - 00059392 _____ () m:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00043480 _____ () m:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () c:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-23 00:28 - 2008-04-19 16:35 - 00080384 _____ () m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () m:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-22 21:36 - 2015-08-27 13:28 - 04089344 _____ () C:\Program Files\FossaMail\mozjs.dll
2014-09-22 21:36 - 2015-08-27 13:30 - 00219136 _____ () C:\Program Files\FossaMail\NSLDAP32V60.dll
2014-09-22 21:36 - 2015-08-27 13:30 - 00018944 _____ () C:\Program Files\FossaMail\NSLDAPPR32V60.dll
2013-09-30 12:45 - 2013-09-30 12:45 - 00172544 _____ () C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe
2015-09-25 23:19 - 2015-09-25 23:19 - 00050477 _____ () B:\Downloads\Defogger.exe
2015-07-08 22:56 - 2015-05-05 09:42 - 00098304 _____ () m:\Program Files (x86)\ClamWin\bin\clamscan.exe
2014-09-03 12:53 - 2014-09-03 12:53 - 00221184 _____ () m:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-09-03 12:41 - 2014-09-03 12:41 - 00050176 _____ () m:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-09-03 12:53 - 2014-09-03 12:53 - 00069632 _____ () m:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-09-03 12:56 - 2014-09-03 12:56 - 00742400 _____ () m:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2014-09-03 12:48 - 2014-09-03 12:48 - 00038400 _____ () m:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2015-07-30 08:09 - 2015-07-30 08:09 - 00246304 _____ () M:\Program Files (x86)\GlassWire\GeoIP.dll
2015-09-22 20:34 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2014-12-15 00:43 - 2005-02-08 18:23 - 00979005 _____ () M:\Program Files (x86)\ClamWin\bin\python23.dll
2014-12-15 00:43 - 2004-11-20 04:27 - 00069632 _____ () M:\Program Files (x86)\ClamWin\lib\win32api.pyd
2014-12-15 00:43 - 2004-10-11 21:21 - 00094208 _____ () M:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2014-12-15 00:43 - 2004-05-25 22:18 - 00057401 _____ () M:\Program Files (x86)\ClamWin\lib\_sre.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00086016 _____ () M:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00024576 _____ () M:\Program Files (x86)\ClamWin\lib\win32event.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00036864 _____ () M:\Program Files (x86)\ClamWin\lib\win32process.pyd
2014-12-15 00:43 - 2004-05-25 22:18 - 00049212 _____ () M:\Program Files (x86)\ClamWin\lib\_socket.pyd
2014-12-15 00:43 - 2004-05-25 22:18 - 00495616 _____ () M:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2014-12-15 00:43 - 2004-05-25 22:20 - 00036864 _____ () M:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2014-12-15 00:43 - 2004-10-11 21:22 - 00315392 _____ () M:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2014-12-15 00:43 - 2004-11-20 04:27 - 00106496 _____ () M:\Program Files (x86)\ClamWin\lib\shell.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00065536 _____ () M:\Program Files (x86)\ClamWin\lib\win32security.pyd
2014-12-15 00:43 - 2004-01-15 15:45 - 00061440 _____ () M:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00077824 _____ () M:\Program Files (x86)\ClamWin\lib\win32file.pyd
2014-12-15 00:43 - 2004-11-20 04:27 - 00024576 _____ () M:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2014-12-15 00:43 - 2003-10-01 14:40 - 02240512 _____ () M:\Program Files (x86)\ClamWin\lib\wxc.pyd
2014-12-15 00:43 - 2003-10-01 12:43 - 03239936 _____ () M:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2014-12-15 00:43 - 2003-08-10 10:14 - 00061440 _____ () M:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2014-12-15 00:43 - 2004-05-25 22:17 - 00622651 _____ () M:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2014-12-15 00:43 - 2004-05-25 22:19 - 00045117 _____ () M:\Program Files (x86)\ClamWin\lib\datetime.pyd
2015-09-01 16:41 - 2015-09-01 16:41 - 00670222 _____ () M:\Program Files (x86)\ownCloud\libocsync.dll
2015-09-01 16:41 - 2015-09-01 16:41 - 00971278 _____ () M:\Program Files (x86)\ownCloud\libowncloudsync.dll
2015-08-06 09:59 - 2015-08-06 09:59 - 00097326 _____ () M:\Program Files (x86)\ownCloud\libgcc_s_sjlj-1.dll
2015-08-06 09:59 - 2015-08-06 09:59 - 00922727 _____ () M:\Program Files (x86)\ownCloud\libstdc++-6.dll
2015-08-06 17:48 - 2015-08-06 17:48 - 00051095 _____ () M:\Program Files (x86)\ownCloud\libqt5keychain.dll
2015-08-06 09:10 - 2015-08-06 09:10 - 00085548 _____ () M:\Program Files (x86)\ownCloud\zlib1.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 02197765 _____ () M:\Program Files (x86)\ownCloud\icui18n53.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 01308778 _____ () M:\Program Files (x86)\ownCloud\icuuc53.dll
2015-08-06 09:11 - 2015-08-06 09:11 - 00148117 _____ () M:\Program Files (x86)\ownCloud\libpcre16-0.dll
2015-08-06 09:16 - 2015-08-06 09:16 - 01366986 _____ () M:\Program Files (x86)\ownCloud\libGLESv2.dll
2015-08-06 09:14 - 2015-08-06 09:14 - 00209711 _____ () M:\Program Files (x86)\ownCloud\libpng16-16.dll
2015-08-06 09:21 - 2015-08-06 09:21 - 21539975 _____ () M:\Program Files (x86)\ownCloud\icudata53.dll
2015-08-06 09:16 - 2015-08-06 09:16 - 00154982 _____ () M:\Program Files (x86)\ownCloud\libEGL.dll
2015-08-06 09:14 - 2015-08-06 09:14 - 00350662 _____ () M:\Program Files (x86)\ownCloud\libjpeg-8.dll
2015-08-06 09:17 - 2015-08-06 09:17 - 00689339 _____ () M:\Program Files (x86)\ownCloud\libsqlite3-0.dll
2015-08-06 11:35 - 2015-08-06 11:35 - 00247540 _____ () M:\Program Files (x86)\ownCloud\libwebp-4.dll
2015-08-06 09:26 - 2015-08-06 09:26 - 01169416 _____ () M:\Program Files (x86)\ownCloud\libxml2-2.dll
2015-08-06 11:38 - 2015-08-06 11:38 - 00231727 _____ () M:\Program Files (x86)\ownCloud\libxslt-1.dll
2015-09-25 17:12 - 2015-09-25 17:12 - 00071168 _____ () b:\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6hljue.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-07-25 19:37 - 2015-08-05 07:26 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00036878 _____ () M:\Program Files (x86)\Pidgin\libssp-0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00671031 _____ () M:\Program Files (x86)\Pidgin\exchndl.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00904525 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00100352 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00279059 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00553382 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00216992 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 01274655 _____ () M:\Program Files (x86)\Pidgin\libxml2-2.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00177586 _____ () M:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00475580 _____ () M:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021075 _____ () M:\Program Files (x86)\Pidgin\plugins\.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00020997 _____ () M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00013253 _____ () M:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00024924 _____ () M:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015702 _____ () M:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00014147 _____ () M:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018882 _____ () M:\Program Files (x86)\Pidgin\plugins\history.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00012865 _____ () M:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00019043 _____ () M:\Program Files (x86)\Pidgin\plugins\idle.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018555 _____ () M:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015074 _____ () M:\Program Files (x86)\Pidgin\plugins\libaim.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00311021 _____ () M:\Program Files (x86)\Pidgin\liboscar.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00092398 _____ () M:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00328186 _____ () M:\Program Files (x86)\Pidgin\plugins\libgg.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00016005 _____ () M:\Program Files (x86)\Pidgin\plugins\libicq.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00107365 _____ () M:\Program Files (x86)\Pidgin\plugins\libirc.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00190464 _____ () M:\Program Files (x86)\Pidgin\libsasl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00374169 _____ () M:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00150598 _____ () M:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00106671 _____ () M:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00123540 _____ () M:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00116071 _____ () M:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00152852 _____ () M:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00171123 _____ () M:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 02097721 _____ () M:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00818985 _____ () M:\Program Files (x86)\Pidgin\libsilcclient-1-1-3.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00055880 _____ () M:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00486400 _____ () M:\Program Files (x86)\Pidgin\sqlite3.dll
2014-11-05 20:34 - 2014-11-05 20:34 - 00062090 _____ () M:\Program Files (x86)\Pidgin\plugins\libsteam-1.4.dll
2014-11-05 20:57 - 2014-11-05 20:57 - 00278906 _____ () M:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021337 _____ () M:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00417758 _____ () M:\Program Files (x86)\Pidgin\libjabber.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00022832 _____ () M:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00236666 _____ () M:\Program Files (x86)\Pidgin\libymsg.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00019793 _____ () M:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00047934 _____ () M:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00021795 _____ () M:\Program Files (x86)\Pidgin\plugins\markerline.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00013456 _____ () M:\Program Files (x86)\Pidgin\plugins\newline.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029225 _____ () M:\Program Files (x86)\Pidgin\plugins\notify.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00017023 _____ () M:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2012-09-09 15:17 - 2012-09-09 15:17 - 00472576 _____ () M:\Program Files (x86)\Pidgin\plugins\pidgin-otr.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029256 _____ () M:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2011-01-12 22:11 - 2011-01-12 22:11 - 00084816 _____ () M:\Program Files (x86)\Pidgin\plugins\pidgin_gpg.dll
2014-09-03 13:29 - 2014-09-03 13:29 - 00249344 _____ () m:\Program Files (x86)\GNU\GnuPG\libgpgme-11.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015380 _____ () M:\Program Files (x86)\Pidgin\plugins\psychic.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015429 _____ () M:\Program Files (x86)\Pidgin\plugins\relnot.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015045 _____ () M:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00069625 _____ () M:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00031993 _____ () M:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00012004 _____ () M:\Program Files (x86)\Pidgin\plugins\ssl.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00015978 _____ () M:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00030353 _____ () M:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00032020 _____ () M:\Program Files (x86)\Pidgin\plugins\ticker.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00018399 _____ () M:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00023851 _____ () M:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00029791 _____ () M:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00030771 _____ () M:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00037191 _____ () M:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2014-11-23 19:34 - 2014-11-23 19:34 - 00044494 _____ () M:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102400 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslANONYMOUS.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00115712 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslCRAMMD5.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00140288 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslDIGESTMD5.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102912 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslLOGIN.dll
2014-11-23 19:33 - 2014-11-23 19:33 - 00102912 _____ () M:\Program Files (x86)\Pidgin\sasl2\saslPLAIN.dll
2014-09-22 21:42 - 2014-09-22 21:42 - 00090496 _____ () M:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2015-09-25 19:59 - 2015-09-25 19:59 - 04887224 _____ () C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00053248 _____ () m:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00671744 _____ () m:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00294912 _____ () m:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00102400 _____ () m:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00118784 _____ () m:\Program Files (x86)\SABnzbd\lib\pywintypes25.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00013824 _____ () m:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00036864 _____ () m:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00057344 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00007168 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00037888 _____ () m:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00086016 _____ () m:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00049152 _____ () m:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00546205 _____ () m:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2015-05-14 23:53 - 2015-05-14 23:53 - 00008192 _____ () m:\Program Files (x86)\SABnzbd\lib\select.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00009728 _____ () m:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00012288 _____ () m:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00135168 _____ () m:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00040960 _____ () m:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00110592 _____ () m:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00014848 _____ () m:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00024576 _____ () m:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00019968 _____ () m:\Program Files (x86)\SABnzbd\lib\win32pipe.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00155648 _____ () m:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2015-05-14 23:53 - 2015-05-14 23:53 - 00176128 _____ () m:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2015-09-25 22:29 - 2015-09-21 22:01 - 00778240 _____ () m:\games\Steam\SDL2.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 04962816 _____ () m:\games\Steam\v8.dll
2015-09-25 22:29 - 2015-09-25 01:36 - 02422464 _____ () m:\games\Steam\video.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 01556992 _____ () m:\games\Steam\icui18n.dll
2015-07-05 13:05 - 2015-07-03 18:12 - 01187840 _____ () m:\games\Steam\icuuc.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 02549248 _____ () m:\games\Steam\libavcodec-56.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00491008 _____ () m:\games\Steam\libavformat-56.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00332800 _____ () m:\games\Steam\libavresample-2.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00442880 _____ () m:\games\Steam\libavutil-54.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 00485888 _____ () m:\games\Steam\libswscale-3.dll
2015-09-25 22:29 - 2015-09-25 01:36 - 00704192 _____ () M:\Games\Steam\bin\chromehtml.DLL
2015-09-25 22:29 - 2015-09-14 22:20 - 00193536 _____ () m:\games\Steam\bin\openvr_api.dll
2015-09-25 22:29 - 2015-09-24 02:33 - 44931464 _____ () M:\Games\Steam\bin\libcef.dll
2015-09-25 22:29 - 2015-09-25 01:56 - 00119208 _____ () m:\games\Steam\winh264.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00039384 _____ () m:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BtProx.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "LoxCONTROL"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{93A9D61A-C2CC-45FF-9736-23793DA77273}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{EA127691-ADB9-4F0B-B0FD-AB5EB632C67B}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{8F4D2F0C-BD4C-4B4D-90B3-77B222762829}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{4E343A9F-EC5D-4F7A-8CF1-A750E276C07E}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{03902AB5-B25F-45BB-8C16-90E425BC2AC2}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC3563A8-7E9C-4CAF-8936-7B50032964E1}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{D93BFC92-376E-42BD-A029-95D881FE2B20}] => (Block) M:\Games\Among The Sleep\Among the Sleep.exe
FirewallRules: [TCP Query User{CAE86FAE-9634-437F-958D-172A40D9404E}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{FE4563EA-3D80-47A8-9586-E5C4EC0C6091}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{0CB8D9BD-342F-4B68-BD34-EB0E126ABF8A}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [UDP Query User{6F261233-0EAF-4602-921B-0E348756F6B6}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{719F55C5-3B05-428D-96A8-5B992A9FA14D}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{5F409192-87EA-4082-9F85-245A307D55F7}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{D5ACBDDB-67C1-49A2-8DD2-A912B57697E6}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B93FC633-5D81-4906-B52D-992178B5A689}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5750AFC2-4E6C-44ED-8940-A0FB8632D288}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{A966AA43-3589-4B86-9F65-D76F57E936D3}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{E8CB60F1-2C74-461C-BC20-8C3CF692EAEB}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{5CE349E4-8246-4224-8DBB-20676A117AA4}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{0E5E3A5F-1470-43D5-8183-A413609E76F6}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{B05D355A-5BDF-4A17-9416-D4F8509096BF}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{1DC7625F-FFD6-4C6A-81C4-10DF996F4983}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{FDCB3062-A859-4F1F-B8C2-D1C7B61DD02E}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{24B729FF-C01B-4FFA-B936-F6B312CA1E54}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{B9E06E7D-CBBE-4B5A-AF0C-64C519220453}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [TCP Query User{AE566132-E296-40EC-B222-BA8946B8B0BA}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [UDP Query User{57B759ED-0472-4B12-905F-FD888F0BC24F}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [{D9FD30EB-C8EE-4679-8631-82DA268DCDD1}] => (Block) M:\Games\WATCH_DOGS\bin\watch_dogs.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [TCP Query User{E04BA44D-E370-4EAA-9F3E-E484073EC533}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{B3FA4B4F-5058-4652-9ECF-7A45B1ED2283}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{187BB2E4-41B5-4F8C-BA26-B6F5187611FB}] => (Block) M:\Games\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DF7EBA93-CD1B-41F7-9817-2711459CC6BE}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{CC547B3F-96A2-4889-8F80-E2B1E7761801}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher64.exe
FirewallRules: [{1572EA49-ADE2-4C38-B281-79ADA014E6BA}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{DD90AC4E-1894-4727-9669-3A2599B31227}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
FirewallRules: [{C58F9CFE-6A73-4F16-BF2C-42100D2E24A9}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
FirewallRules: [{CE0A13B8-58DC-4E41-A17F-60BEC59C6D5C}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
FirewallRules: [{6467AF19-0EE0-449E-8267-AE1CD9FE6C86}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5E71C38C-12C2-4525-8368-140E9B0651AD}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0553671B-D681-465E-8217-729E0B9F5C08}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{7355E8BA-3A49-4D2A-A914-EDDCD09092C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{FE8477E1-BFB5-453B-863E-18C87C49DCBD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{92253110-3C21-46F0-8956-04F4818BB5D4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9AEE164A-094B-4D25-8C64-9B7312BF8F71}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{91376A69-DDA3-4AFD-B0D3-9FC1FB13118A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F3706D39-519D-4DC5-A6F0-03ED0353321D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{6A291437-DBEF-41BF-82FA-20FE0F40FFD5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{596DE404-29BE-48C7-8E0C-6F13A916F82E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{DDB25983-DA26-4F5D-B66A-E761589812EF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8B657919-489F-4601-A7FA-A2C6882D5FBB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{2E8EAB9A-4AE2-4749-98B3-F4738A3DCF8A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{5F93B048-8BE3-42D9-8C18-95860B649000}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{3AC94CCE-9D93-4B37-AF99-D3B91E6C41E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{03888570-F02F-4B35-9B7A-7F824E874BC6}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{29F927E9-7C77-418E-AE49-6C49E7AB9938}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F6A58D82-03B3-42D4-8572-307AB1778ADF}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{D6BE42DA-F290-428D-8B53-B4D9A123D3A6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0DA83BAE-4CA8-48BB-994E-C5734FCD17BA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{22500A13-0509-46B6-A1EA-DD384F13EFFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{A4C092C3-FD50-4497-9B03-2B986FD0610A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{89B65D33-CB91-48E4-BB0F-7196148D003A}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{225FCD44-2F72-459E-A061-61C61B6BFB96}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{031901DB-691B-4225-AAEB-3B3012E0944B}] => (Block) M:\Games\Dead Rising 3\deadrising3.exe
FirewallRules: [{2FAA661B-FFE6-4E30-A795-45F4AFB1B5A3}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{A44800DD-9F6E-423E-A920-F28BF6394155}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{41A10A08-83DA-4902-AF3C-DFC140F9C2C1}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{548FF84B-1FD0-4B4B-B59F-6C4480ADA871}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [TCP Query User{0B0F6C9B-A509-4A31-BDD0-DA090D38544A}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{D0F9293A-D5F9-4176-942A-14B0EE6FEFE2}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{BA7F7F90-0A5D-4836-886C-7945BF025249}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [UDP Query User{593D609D-BB99-4C92-ACFA-2242B473087F}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [TCP Query User{353B3934-877C-444F-BB0F-05353D29F238}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{9E489310-FB55-422F-B256-C07A6B3464B9}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [{7C448746-1ABA-4171-92D1-B3C1AEE15EBB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{52BA6252-B166-4F45-A26E-C3B5AABBDBEE}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3DCF4608-5EAA-49A7-A339-352A5D3088B8}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CDFD4323-40AF-4BAB-88A1-98CD9DACA9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{741DCFA0-D75A-4400-9429-AB0E47BA78AB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C033527A-5BEA-412A-91A3-A7B812159165}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{6D6FD5E4-BEEB-4E3C-8ED6-EC25A7FA8D90}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{424FC9EB-D860-43BC-9F4C-CA7DF1D47A1F}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [TCP Query User{A007A484-31C1-423A-9741-EF0F102E0A04}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [UDP Query User{F8D760CE-F07C-4D75-A223-7D3030BA4191}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [TCP Query User{B3D764C2-6B42-4AE0-BB14-E57855C49C81}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{2208B81E-9862-45CE-BF00-E06B06FE42FC}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{B118B254-1E4A-45DB-8896-42FE882592CE}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{3E3D3325-65CD-4204-9FB0-7A6BC89025CD}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{37A7B427-CA8B-436B-948B-201604E87AD3}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F0EB2202-4591-410F-BEF5-EACB99F653BB}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{77B53A83-3F0C-4BE1-9B34-3942C55AEFF3}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{567CA49D-EF01-4354-A9C0-A94A8C3DEB04}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{22489C17-4A10-47E6-9DDB-40A465130AB7}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6F3316D0-397D-4AF4-94B5-146DCED31F04}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6E18E2EC-EB19-434D-A845-71DF8B3A0254}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{635EC92B-D555-4026-B744-280CFA96E10B}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE9DB318-4890-4372-856E-41EC1D7EECD2}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{EA2E5CD4-23B2-4AF6-B156-3A573CAAED7D}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{C5E3C8F5-A371-4923-9449-8092826FED5A}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{49E3C0FF-AD6A-4AEC-93B4-2B7E1BC9C30C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{2D8BE52D-6E74-41E7-8588-8C529C454005}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{1DB302D7-6BF1-4DA4-BB7A-C8CF7C4BCAA2}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{EF65FD05-429F-486A-BE80-CAA534F858BB}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{70DC3DBF-8E54-4852-AF6B-CA74585DDA34}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win32\AstronautsGame-Win32-Shipping.exe
FirewallRules: [{3CFBC750-DEBE-4991-B4F7-98EC7E5E110A}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win64\AstronautsGame-Win64-Shipping.exe
FirewallRules: [TCP Query User{DA619417-710D-4B45-AD6E-517A45D28327}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9462B7D4-F5FB-489A-8C57-2D9CB066A4D0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B34AA0A5-85B1-418F-A075-CD9E6F6D16BD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [UDP Query User{605315F6-8373-4389-BF68-C5A8EEF0AEAD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [{AB1A890A-2AC5-4123-B154-4EF5B2AEB26B}] => (Block) M:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{2E47CA85-99A9-4F88-B23A-8E12B8997BFF}] => (Block) M:\Games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{3089E656-5C03-4363-83C3-E7FA683A8F51}] => (Block) M:\Games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{BDBF07E9-5DB8-4F48-BB53-58A9F7A6DFEA}] => (Block) M:\Games\Call of Duty - Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [TCP Query User{248ED716-F16E-44DB-9AD4-B058324DE469}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [UDP Query User{481E01E6-2DCF-4B07-B4F0-CFE2A9B94A35}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [{994A1CE8-2287-416F-B04B-1AE713189E34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F951DC3-AE7F-4752-9A28-D7FE188CFE72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2657D70-93EE-4889-ADED-399F97137134}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFC3D7CC-6E4A-43DA-9CD5-F84CF71A4AEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14BB8CD7-7D9B-4692-96EF-3424D851621F}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8697AC22-942A-473D-91DC-2927AF54E181}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{49A9219E-D6A1-4331-959A-F8225D224646}] => (Block) M:\Games\Emergency 5\bin\x64r\emergency5.exe
FirewallRules: [{24D0EDF5-3D35-4BC6-A11C-0EA80F5B15C5}] => (Block) M:\Games\Emergency 5\bin\em5_launcher.exe
FirewallRules: [{3A5CE854-47D2-478F-A416-2A0D75D807A8}] => (Block) M:\Games\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{364E73A1-3F3A-48D2-BFC3-9EAA3BA8FCB7}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{7D9BDA86-4F5F-4A0D-BC52-43FB70631D9C}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{434C59DE-4EF6-421C-A076-377BA4555A78}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BD9A86DE-A41C-4D3C-8938-625D38B4AA2B}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{5BC67C73-3F89-4144-88DE-851A05C5A7F5}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{E22BDA91-8BE1-4B58-ABE2-312B69F5F92E}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{91417446-187E-4267-B32C-C059EF295953}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6C4A73F7-42B8-4145-9570-5CD92BE6B74E}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F0C0F0D-5AB2-469B-8068-5E8BC056651D}] => (Block) M:\Games\Metal Gear Solid V Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{AC9B1FCB-C8C2-4E45-B77E-E3B2D57AC311}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{7AC59EA4-65D8-43BE-ACBA-2E57801BD21D}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{BFBC1A6D-9314-4E9E-9673-FF0FB1F1384A}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{9C5C78ED-A765-454B-9FAB-3F93D91B9B86}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{5D9C1722-FBDD-4C74-87C0-A94AB690A075}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{F44B4D68-2890-4DB1-BBE8-018CD747B1BE}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [TCP Query User{BFB0493B-F9B2-4DEC-BAE3-C685C9019F0F}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [UDP Query User{BFA826F7-C0C0-4238-997C-2FB753CE6FB2}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{35D61A5D-9977-4F07-9CC3-30B4FA52B1D0}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{A9E99EF8-F7EA-42C4-8425-4180640D9C7B}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{B579E7C8-7067-4018-94B5-53DFFC0F86AC}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{714671A4-D83E-4843-8200-5EF35EEB6071}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{8C9DED58-3E6C-4F1E-89E2-2B6CC8869C08}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{70C6E6DF-16D1-4397-A00A-FD7FC9D5837B}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{B1294E6B-9A5F-4016-8B09-AB4DB9317ED8}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [UDP Query User{62B71617-8077-4ACC-BAE7-84C9B01C11DB}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [{4B7EECCA-3EA2-406D-A351-ACECAA053534}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{344ABB5D-B36B-4A47-AAF5-7ADD539C9819}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A1230E38-BC6B-4423-884E-7C04AC6EAC4D}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{6137CAEF-525D-477E-B6F0-AE8653E9B9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{552F8607-4925-48F5-BE29-AA29716535CD}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F0AF273C-F0D8-49B6-B5D0-140BAB3C20C8}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{129DA68C-10D5-4A54-AF78-FE14626F89FA}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{C96FEB0A-D1EC-4E8A-9D67-A9B88FFBCCE4}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{90635068-74C0-4A5E-89D7-A1002938EC7F}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{DBFC02B6-D19F-4687-9775-9FC9C684EFFC}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{86E9F973-34FA-45FC-B29F-10D355AC9A51}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [UDP Query User{5071F1DA-BC94-4605-8817-969D0BFD4F8C}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [{BBD735BF-2935-41CE-803D-F951C13DF71B}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{182E01A8-6389-4022-90B0-F77DAD0D3A2D}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{96093A0B-AE70-4943-BBA1-A1C943E10B1D}] => (Block) M:\Games\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
FirewallRules: [{C697EC6B-941F-4972-80A4-20BF80ADE92D}] => (Allow) M:\Program Files\Synergy\synergys.exe
FirewallRules: [{ED48CF50-3137-4FA0-AAA6-5129EBDE836B}] => (Block) F:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{AEB39B74-EA27-4022-9E46-5AF81D6A6A40}] => (Block) F:\Games\Dragon Age Inquisition\Launcher.exe
FirewallRules: [{5E27A642-B227-4D97-BF24-FB6531F7428A}] => (Block) F:\Games\Trials Fusion - Fire in the Deep\datapack\trials_fusion.exe
FirewallRules: [{06AECA0B-4B68-4A6C-BD7D-793672D2CFDB}] => (Block) F:\Games\3DMGAME-OMSI.2.Cracked-3DM\OMSI 2\Omsi.exe
FirewallRules: [{1F3E9DB3-03E8-4A19-9C64-9B1CC5CFCA35}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{D39DA46A-34CE-4CDC-91E3-B23FCBB3CCF7}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{9D01AC1A-8587-4434-9378-0AE4F03A5597}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [UDP Query User{5B6510ED-491C-4992-890F-2AFEF91BA430}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [TCP Query User{79003072-7204-4FD4-A113-F26A93E6666F}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [UDP Query User{79209835-BB21-48E2-88D3-2B4BBC0F3C7D}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [TCP Query User{4808077D-D942-4D3B-B786-201B96987BC5}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [UDP Query User{72C89448-729D-4574-8CDD-2D154030E0D6}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [{A8D44089-9785-43A4-9DC7-D27C5A79DC31}] => (Block) F:\Gamez\BroForce.v2014.10.07.Build.2598.Steam.Workshop.Update-TPTB\TPTB-BROF\TPTB-BROF\Broforce October Update\BROFORCE_Beta.exe
FirewallRules: [{736CB91D-01D2-46D3-B0A2-D3BE74141EE2}] => (Block) F:\Games\Dying Light\DyingLightGame.exe
FirewallRules: [{CD88DD7D-65A1-49CD-A9A4-885A38FDEA8A}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
FirewallRules: [{AC11F986-70E8-4B52-AA75-40BE1BBF4EB7}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{6F45770F-CC60-4B45-B987-6FFF5BCAC5C2}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C53BE3F0-1538-42CF-920E-70BC0FE9F2F0}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0E43AE6C-F566-441F-96DD-B2EC395A4B74}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{BEF016FB-4A83-428F-AE38-F4CC47A8E977}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3ACC59E7-64E4-48BD-95DB-CEC3493EAD56}] => (Allow) LPort=5031
FirewallRules: [{985DEDCD-8156-49C2-A98C-0F5D568955C3}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{3C8DF17D-7E92-4FE4-A012-90F339DBA74A}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{9E35948F-1B11-4193-99FF-008033B75385}] => (Block) F:\Games\Battle vs. Chess\battlevschess.exe
FirewallRules: [{B35AEF73-DAB2-40F1-A36A-74686E90E011}] => (Block) F:\Games\Battle vs. Chess\Activation.exe
FirewallRules: [TCP Query User{2FDE19C3-BD20-4A2C-ADD7-176EB09056F0}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [UDP Query User{558AA483-C8E2-4E0A-A7C7-B4188F6801BE}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [TCP Query User{B37A88D8-AE18-4F67-A0D5-C8370A3CDEB1}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{696A7DD7-A729-4D59-A679-13A94CEEF629}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{05D25445-45D5-47B0-BDFC-D38C1618EDCE}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [UDP Query User{D6A37DB2-C5DD-41AA-A8F4-3624A8892794}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [{5D731F2D-E351-4A43-A2E5-E19D15A83FD8}] => (Block) F:\Gamez\The.Talos.Principle.Build.220996.Incl.DLC-TPTB\TPTB-TLOS\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D60796AB-0E37-4B2C-BCD2-3A0135FCC88B}] => (Block) F:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe
FirewallRules: [{D1065750-03A4-4CE8-B5CD-6AD7E9CE0A2E}] => (Block) F:\Games\Oddworld - New 'n' Tasty\NNT.exe
FirewallRules: [TCP Query User{A7A7E28E-8338-4353-AC74-0E7D2A7EA058}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{6C3779EB-AFD3-414E-ACB7-B3BEEBEC2CEB}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [{B4577D29-771C-48CD-A1E7-65339FE68945}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{4DB29EAC-77E7-41EC-99EB-570E5597E310}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{A965A841-AE03-42FC-9F36-9BE27DA91E59}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{573A76E3-7DF7-4FAD-AEF0-67FDE6452099}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{34C111C1-EBAA-4987-AFD8-83EE4B0D0FD4}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{DB2F5B50-E8F4-451C-B246-84561FAD53DA}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{C70BBCDA-5126-4E1B-82C1-0A34064B2DEF}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{65D6FCA4-7447-4B0C-A805-F48B13CE81D4}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{39BD05E6-034C-414E-8492-9A78F82FADD4}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{7E24D3D2-C045-43AA-8468-940A1423E5A1}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{A91A2A3D-69FE-478D-95DF-8E13C0A6F3BD}] => (Block) F:\Games\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{B08B78C4-702C-402E-9342-9F7FF8D98A97}] => (Block) F:\Games\Trials Fusion - After the Incident\datapack\trials_fusion.exe
FirewallRules: [{C76E1CA4-3F96-400F-A90A-87B12EF0417A}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\game.exe
FirewallRules: [{2083F763-2AB4-4B67-9754-0D84DEF43F2C}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\startup_setting.exe
FirewallRules: [{779CB0C0-93C8-40A1-9EA7-0227EF5E3309}] => (Block) F:\Games\Bloodsports TV\bloodsports.exe
FirewallRules: [TCP Query User{9FE9ED83-9B64-4FD4-AEBF-67739A0E27C7}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B14740C1-962F-4B73-BF1B-6F892C6013B2}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{D44D9DE4-4333-493F-8612-D50976EFD424}] => (Block) F:\Games\Ori and the Blind Forest\ori.exe
FirewallRules: [{CE062D04-75A1-4186-9F23-EC9A12CE7715}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{971FF926-DFC9-4AC2-B8D5-7AF50EA5AE63}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{AECBF9FB-0FBB-4E78-8616-D5E91EAD280E}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{88E1287D-00D7-406A-96AB-5F593B01A404}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{CF7C1938-2A8A-46EB-AC5A-FEEDC692EC91}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{16E625D0-D511-4E5D-BF1C-71F5DC0888FA}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{641D6791-3FBC-4D66-BA37-0828F7A3DF4C}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5E3155A6-D119-408B-B5CE-544F0B9E908A}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{73AD9C2C-228E-41B1-86DB-554541EE7022}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{D4661D20-C5E0-4B2F-9B49-D355B2E44FDA}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{CB34AD36-031F-43F7-A7B0-DBA351DAA6F2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{127FE993-610A-4EE5-8D1E-DB2FF9F13367}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1213E8AB-23AC-4820-B5C2-92F537D8F8E2}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{8D30DB3A-B89E-4C03-B1BA-A1C04C778825}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{11203B2E-2219-4493-9A4B-663998506188}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{D88E7769-DAD5-4764-9AEE-A5382D36FC6E}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{1A166CDC-F18D-49CB-B768-ED86C22697AC}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{5EF3BE44-4F20-42DF-9DD5-118EA597DEAB}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [TCP Query User{EFE008D3-79C7-4413-B298-1A8C13399889}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA960FFF-09E6-4DBF-9FEC-30078E7E18F7}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{05A367DC-A9AD-480C-A486-F0FDCB8A6CE0}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{318A177A-0184-4FF2-BAFD-2C3B0D2E7AC7}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D77AAA5D-49E2-4562-AAA9-9A6789F4F407}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{CBF933FA-01D5-4200-85D8-90958F02DFAF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{65B58FCE-85C8-4B19-B747-0C067DEAA68C}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{F50DEFA1-AB04-4665-8620-E74261B95C31}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{CB23A8B5-7631-44A5-A8A7-3B338917814F}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{52801A91-0552-494F-9891-472499331805}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{6759AF2D-B7BA-4662-9A18-24123561DBFA}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{25FFBEF5-EDBB-4AFE-A0E7-AFDFAD49EB60}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{12A981BD-E07E-4110-BE87-A1AC5EF2C1B2}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{0DFEEF7D-5ABC-4AFF-A927-AD169872BC1B}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{52DA281E-9821-406D-A286-01C75E04A30B}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{AB9BBED0-1FF8-486E-BCC9-E2C80BFE724E}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{17382AC5-9476-4618-B108-4568A910BC63}] => (Block) G:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{1F0EDA63-387A-4E84-ACF6-C3CD2E0F49E6}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{B1E3AF09-708F-46E0-91EA-D06A10529903}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{4B091B33-232D-4E3B-BFDD-BED29239717C}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{74C07DD3-D6E7-46D8-B311-D7F32E310458}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{96AF514A-5398-45B6-BC6E-DE4420836BFA}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{7138359E-C5DC-49F4-B8B3-193007C43EF9}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{970B83BE-4ED5-4BB9-B20B-8F8B499F41BD}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E440A275-5762-4E80-99E1-C3E9728ECAF3}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{8EB0BA31-7B99-4181-AFAE-C526D34AA2EC}] => (Block) G:\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{89947782-B01B-489D-B391-1EBF191BFA53}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_launcher.exe
FirewallRules: [{507F57F6-A191-4901-AC71-B6913F535D36}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_64bit.exe
FirewallRules: [{90DE4BC8-1043-4DE3-9220-662E3444A074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06CB0103-7652-47F1-BDE8-FE744E614A48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11A69F30-6FBE-4C71-AD3A-3BE743364533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{308744F5-3D25-4870-A6F6-99149F34AA3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45A10B15-5D3F-4267-B46F-8CD4D9CE4EF3}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{2FE605A5-0756-4724-AC1F-24C64F04316A}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{71764963-7970-4916-9E52-EEE8F9A590C5}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{D8E79390-5873-4DA8-9A34-4429A18E062D}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{66E4CD1B-797D-43A0-AD47-16F9F607FCF5}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{33D865C0-874F-43CF-B308-18D3BA938064}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{1F8B8068-4215-4F04-B340-D5E72C00CA69}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{BACAE36C-F4C7-44B4-9866-D47900B4688B}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{5C1E7824-B02C-4FCC-A39F-9F1D263A079A}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4A674C27-C404-4E2A-98C3-61DCD39C0DC5}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{BD88A5D0-576A-48C2-84BB-9FC5306D4E91}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E629AB3E-863F-4E04-A962-69D844A6DA10}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6B9B3657-81CD-4F66-AE00-8BA5AF84C23D}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D3E3A14D-4AE7-4D6E-A24C-E5E2E2BA37AE}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{D9753E3C-9082-462F-AF67-922F33F2DECB}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{B5F6FA34-9057-49F5-BCE2-6F250F08D27C}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{065F22E2-E281-402C-85D8-A7E4DA317DF3}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{16139CE7-9FAE-434A-8951-AE36A5672C35}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{051289DE-CFC1-4850-B197-E523E3C340E1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{57501666-57BF-4A5A-8099-09157351DAE1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{61A8946B-D000-48CC-B097-0DCB32246503}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{8C18E07B-3F1E-4B87-9BD9-E7102C7EBA68}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{505362FB-C4C7-45C7-87BE-6C8E4229EF8B}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{74BFEB60-AAA2-41DE-A381-15B9E8C3A44C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{F975DE6E-91DD-4EC6-805A-D2EF82169F40}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{87DCA32C-F9F5-423E-99B3-3233D44F1B4D}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{D7DED483-1733-4F91-BB0E-0487D7D7B266}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{920D4BE6-06D0-44B1-9BAC-77BDDEBA048D}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{76F30BFB-CC77-4906-A75A-E3D5093A1F00}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{D98EAAC6-9BAC-4531-B6AF-3B1F0E52B3D6}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{1C8B61E4-0FB6-4894-ACEE-B49FF131F16D}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{12427FBA-C50C-48D9-86B1-4F958253598F}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{E71C36B8-6B00-4EC0-8662-9F53AB8A4A92}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6C74104F-2FC5-4AE5-A7D9-7C4722F69829}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8EC9B25A-4EDB-48C8-B6E0-2898F9A3E025}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5383EA28-70CB-4517-AB71-32CB05193080}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{55A108E5-A6A7-4AD2-94AE-D3F97CE3F476}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{B63A07FF-59FD-4580-A09E-73DAE9161CAF}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [{EC0633FB-51D5-49C4-AADC-184C8ABC411D}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [{E4D48C8C-5D30-41BA-811C-7C4214CB8F51}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [TCP Query User{00235518-81DE-4051-B77A-C71B70D27B37}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{8FB43FF3-EE4A-4059-A1BF-4B595DACF09A}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{BE8EFA65-8618-4B50-A992-1368DDB3D0E8}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{31D00BD2-AF45-4E1B-8FD5-89E5B44088E4}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{A0924598-58FE-46FA-A8A1-60FD1DA618BA}] => (Allow) M:\Program Files\Halite\Halite.exe
FirewallRules: [TCP Query User{7261A86F-2A25-48DC-878E-ABA339604219}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [UDP Query User{264C444C-77A6-4B4C-86EB-386217A7B862}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [{ECE4BD9E-E075-4D5D-B3DA-CD7819ADA9B9}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{27925614-EE31-4402-A4B7-2D56EC8B840E}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D75C508E-E7A4-42F7-9F95-B171F7EFD21F}] => (Block) M:\Games\Tembo the Badass Elephant\Tembo The Badass Elephant.exe
FirewallRules: [{A1E91B3E-A276-4E9D-BD76-5724EDB18EFC}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F2F5A0B3-D8A1-447E-88B0-52F757466A2F}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{EA560A31-A9E0-4356-9AD2-0EC8EBDA0B46}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{D8767F0C-DC04-4901-B2E7-D41A4B2E850E}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{5D902F96-EAB9-4A65-9769-A0F8ADB3960B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{95A846A8-4CEE-4CEC-9A8A-F558B4D8C164}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{3F06409E-24AE-476B-89CE-F0BC56BC21FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{9B20C778-3D43-4464-9969-E45907517074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7FC58F41-7894-4C15-AB3E-481BE5CD75BA}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_64bit.exe
FirewallRules: [{33F3AADD-F31E-4307-BE48-11D18ECBA39D}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_32bit.exe
FirewallRules: [{660ACE76-CC78-424D-A3F0-1640D22637A1}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_launcher.exe
FirewallRules: [TCP Query User{0E7FB79C-8EAC-48E9-ADF2-C1941E96B5DB}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{A2F161B0-9851-4656-8291-A7B664DFFBFF}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [{023F5A2A-5189-4841-8332-99CA51500362}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8864B29C-6D8A-4028-95D7-CBF99A82CC4F}] => (Block) F:\Games\Act of Aggression\ActOfAggression.exe
FirewallRules: [{9AA66804-AAAA-4728-AB35-5DEBBD9C730C}] => (Block) F:\Games\Act of Aggression\unins000.exe
FirewallRules: [{FAC1FAEA-0888-4F8A-A6F9-FA227B60DF70}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{8BF725F0-1371-4144-B039-C0C89604EAB4}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{95A37C24-AE84-42A0-89B5-594944937687}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [UDP Query User{0141E4FC-BA4F-4A11-9A20-5B6EF376D63D}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [TCP Query User{B0462F46-07E7-425C-A6B2-C015FB0E3FF6}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [UDP Query User{BE8A9421-3A21-4817-AB58-8EB244F33A76}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [{E3B7C074-AB1B-4244-B1C2-1F6D2F2E2FA3}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E12E2D98-51B2-482A-9824-B05C64E5BD33}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe

CptMw 26.09.2015 02:30
Code:
==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WeOnlyDo Network Adapter 2.5
Description: WeOnlyDo Network Adapter 2.5
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WeOnlyDo Network Provider
Service: wod0205
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/25/2015 10:57:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1daf8

Startzeit: 01d0f7d4adafc815

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe

Berichts-ID: fbae144a-63c7-11e5-82bc-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/25/2015 10:55:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1d750

Startzeit: 01d0f7d480124ada

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe

Berichts-ID: c47a2c9f-63c7-11e5-82bc-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/25/2015 10:55:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm clover.exe, Version 3.0.406.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 17b4

Startzeit: 01d0f7a4a6dd407e

Endzeit: 3

Anwendungspfad: C:\Program Files (x86)\Clover\clover.exe

Berichts-ID: aebf9672-63c7-11e5-82bc-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/25/2015 10:39:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Soma.exe, Version: 0.0.0.0, Zeitstempel: 0x55fff75a
Name des fehlerhaften Moduls: fbxsdk-2012.2.dll, Version: 6.3.9600.18007, Zeitstempel: 0x55c4c16b
Ausnahmecode: 0xc0000135
Fehleroffset: 0x00000000000ec4e0
ID des fehlerhaften Prozesses: 0x1b080
Startzeit der fehlerhaften Anwendung: 0xSoma.exe0
Pfad der fehlerhaften Anwendung: Soma.exe1
Pfad des fehlerhaften Moduls: Soma.exe2
Berichtskennung: Soma.exe3
Vollständiger Name des fehlerhaften Pakets: Soma.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Soma.exe5

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (09/25/2015 10:05:43 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (09/25/2015 10:05:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8


System errors:
=============
Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "uvnc_service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sandboxie Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sound Blaster Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Creative Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 11:11:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/25/2015 10:29:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (09/25/2015 10:29:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (09/25/2015 04:55:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Superfetch" wurde mit folgendem Fehler beendet:
%%1062

Error: (09/25/2015 04:54:30 PM) (Source: Ntfs) (EventID: 137) (User: )
Description: Auf dem Volume "Z:" konnte der Transaktionsressourcen-Manager aufgrund eines nicht wiederholbaren Fehlers nicht gestartet werden. Der Fehlercode ist in den Daten enthalten.


CodeIntegrity:
===================================
  Date: 2015-07-11 02:34:41.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Programme\SysinternalsSuite\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-15 21:34:14.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-25 01:39:52.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-10 15:21:43.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-29 21:40:08.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-29 21:39:57.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-31 12:45:17.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-31 12:45:08.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 22:09:44.251
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 22:09:40.509
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 42%
Total physical RAM: 32716.61 MB
Available physical RAM: 18804.97 MB
Total Virtual: 36812.61 MB
Available Virtual: 22366.24 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:7.99 GB) (Free:7.77 GB) exFAT
Drive c: () (Fixed) (Total:111.45 GB) (Free:32.57 GB) NTFS
Drive f: (Backup) (Fixed) (Total:465.76 GB) (Free:19.61 GB) NTFS
Drive g: (SSD) (Fixed) (Total:59.62 GB) (Free:9.89 GB) NTFS
Drive m: (Data) (Fixed) (Total:931.39 GB) (Free:54.21 GB) NTFS
Drive x: () (Fixed) (Total:1863.01 GB) (Free:40.71 GB) NTFS
Drive z: () (Fixed) (Total:270 GB) (Free:5.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 49A204F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3064FF80)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=06)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 59.6 GB) (Disk ID: 000BF271)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
GMER

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-26 00:16:46
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003d Samsung_SSD_840_EVO_120GB rev.EXT0BB6Q 111,79GB
Running: okr3kyhy.exe; Driver: B:\TEMP\kglcypob.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                                                                                                          fffff96000248300 15 bytes [00, 0B, F2, 01, 00, 06, 6C, ...]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 16                                                                                                                                                                                                                                                                      fffff96000248310 8 bytes [00, D7, FB, FF, 00, D3, CD, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualAlloc                                                                                                                                                                                                        00007ffe094d11c0 7 bytes JMP 00007ffec94c08f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!MapViewOfFileEx                                                                                                                                                                                                      00007ffe094d1220 7 bytes JMP 00007ffec94c2578
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualProtect                                                                                                                                                                                                      00007ffe094d14b0 7 bytes JMP 00007ffec94c0cb8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!MapViewOfFile                                                                                                                                                                                                        00007ffe094d1780 7 bytes JMP 00007ffec94c24b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW                                                                                                                                                                                                        00007ffe094d17e0 5 bytes JMP 00007ffec94c03b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExW                                                                                                                                                                                                      00007ffe094d2aa0 7 bytes JMP 00007ffec94c0538
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExA                                                                                                                                                                                                      00007ffe094d2ac0 7 bytes JMP 00007ffec94c0478
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingW                                                                                                                                                                                                  00007ffe094d2ad0 7 bytes JMP 00007ffec94c21b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!HeapCreate                                                                                                                                                                                                          00007ffe094d31a0 7 bytes JMP 00007ffec94c1078
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadLibraryA                                                                                                                                                                                                        00007ffe094d4960 5 bytes JMP 00007ffec94c02f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingA                                                                                                                                                                                                  00007ffe094d49f0 7 bytes JMP 00007ffec94c20f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessA                                                                                                                                                                                                      00007ffe094d4ab0 7 bytes JMP 00007ffec94c12b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessW                                                                                                                                                                                                      00007ffe094d7b30 7 bytes JMP 00007ffec94c1378
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualAllocEx                                                                                                                                                                                                      00007ffe094ef2e0 7 bytes JMP 00007ffec94c09b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!WriteProcessMemory                                                                                                                                                                                                  00007ffe09592250 7 bytes JMP 00007ffec94c1af8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!LoadPackagedLibrary                                                                                                                                                                                                  00007ffe095acc70 5 bytes JMP 00007ffec94c0778
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!WinExec                                                                                                                                                                                                              00007ffe095af840 5 bytes JMP 00007ffec94c1d38
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalA                                                                                                                                                                                              00007ffe095afff0 7 bytes JMP 00007ffec94c1438
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                                                                                                                                                                              00007ffe095b0070 7 bytes JMP 00007ffec94c14f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!CreateRemoteThread                                                                                                                                                                                                  00007ffe095b00f0 7 bytes JMP 00007ffec94c17f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNEL32.DLL!VirtualProtectEx                                                                                                                                                                                                    00007ffe095b0d30 7 bytes JMP 00007ffec94c0d78
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc                                                                                                                                                                                                      00007ffe08fc1780 1 byte JMP 00007ffec94c0a78
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc + 2                                                                                                                                                                                                  00007ffe08fc1782 4 bytes {JMP 0xffffffffc04ff2f8}
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileEx                                                                                                                                                                                                    00007ffe08fc1e60 9 bytes JMP 00007ffec94c26f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualProtect                                                                                                                                                                                                    00007ffe08fc4c80 9 bytes JMP 00007ffec94c0e38
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualProtectEx                                                                                                                                                                                                  00007ffe08fc4cb0 7 bytes JMP 00007ffec94c0ef8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile                                                                                                                                                                                                      00007ffe08fc5e10 9 bytes JMP 00007ffec94c2638
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileW                                                                                                                                                                                                        00007ffe08fc7990 12 bytes JMP 00007ffec94c1eb8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingNumaW                                                                                                                                                                                            00007ffe08fc7f70 7 bytes JMP 00007ffec94c2338
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingW                                                                                                                                                                                                00007ffe08fc80b0 9 bytes JMP 00007ffec94c2278
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                                                    00007ffe08fc8900 5 bytes JMP 00007ffec94c06b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA                                                                                                                                                                                                    00007ffe08fc9330 5 bytes JMP 00007ffec94c05f8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                                                                                                                                                                              00007ffe08fdfea0 5 bytes JMP 00007ffec94c18b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!HeapCreate                                                                                                                                                                                                        00007ffe08fe04e0 6 bytes JMP 00007ffec94c1138
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!CreateFileA                                                                                                                                                                                                        00007ffe08fe05b0 5 bytes JMP 00007ffec94c1df8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                                                00007ffe08ff6d50 5 bytes JMP 00007ffec94c1bb8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileFromApp                                                                                                                                                                                              00007ffe0900e6a0 7 bytes JMP 00007ffec94c27b8
.text    C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe[2956] C:\Windows\system32\KERNELBASE.dll!VirtualAllocEx                                                                                                                                                                                                    00007ffe09020960 8 bytes JMP 00007ffec94c0b38
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 125                                                                                                                                                                                          00000000633cb41d 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path + 250                                                                                                                                                                                          00000000633cb49a 4 bytes [98, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                      * 5
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path_source + 125                                                                                                                                                                                    00000000633cb83d 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_adjust_path_source + 266                                                                                                                                                                                    00000000633cb8ca 4 bytes [98, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                      * 5
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 359                                                                                                                                                                                                00000000633cbd57 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!csync_rename_record + 679                                                                                                                                                                                                00000000633cbe97 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE22_M_emplace_hint_uniqueIIRKSt21piecewise_construct_tSt5tupleIIOSsEESD_IIEEEEESt17_Rb_tree_iteratorIS2_ESt23_Rb_tree_const_iteratorIS2_EDpOT_ + 38  000000006344ab66 4 bytes [A4, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE22_M_emplace_hint_uniqueIIRKSt21piecewise_construct_tSt5tupleIIOSsEESD_IIEEEEESt17_Rb_tree_iteratorIS2_ESt23_Rb_tree_const_iteratorIS2_EDpOT_ + 48  000000006344ab70 4 bytes [A4, E1, ED, 6F]
.text    ...                                                                                                                                                                                                                                                                                                                      * 3
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + 40                                                                                                              000000006344b0a8 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\ownCloud\owncloud.exe[4432] M:\Program Files (x86)\ownCloud\libocsync.dll!_ZNSt8_Rb_treeISsSt4pairIKSsSsESt10_Select1stIS2_ESt4lessISsESaIS2_EE8_M_eraseEPSt13_Rb_tree_nodeIS2_E + 91                                                                                                              000000006344b0db 4 bytes [98, E1, ED, 6F]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\.dll!purple_init_plugin + 9                                                                                                                                                                                                          000000005ea71f95 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\.dll!purple_init_plugin + 130                                                                                                                                                                                                        000000005ea7200e 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 10                                                                                                                                                                                              000000005e8d1ce2 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\autoaccept.dll!purple_init_plugin + 160                                                                                                                                                                                              000000005e8d1d78 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\libgg.dll!purple_init_plugin + 11                                                                                                                                                                                                    000000005e7583ff 4 bytes [20, B0, 3A, 00]
.text    M:\Program Files (x86)\Pidgin\pidgin.exe[3196] M:\Program Files (x86)\Pidgin\plugins\libgg.dll!purple_init_plugin + 412                                                                                                                                                                                                  000000005e758590 4 bytes [20, B0, 3A, 00]
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualAlloc                                                                                                                                                                                                                              00007ffe094d11c0 7 bytes JMP 00007ffec94c08f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!MapViewOfFileEx                                                                                                                                                                                                                          00007ffe094d1220 7 bytes JMP 00007ffec94c2578
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualProtect                                                                                                                                                                                                                            00007ffe094d14b0 7 bytes JMP 00007ffec94c0cb8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!MapViewOfFile                                                                                                                                                                                                                            00007ffe094d1780 7 bytes JMP 00007ffec94c24b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW                                                                                                                                                                                                                              00007ffe094d17e0 8 bytes JMP 00007ffec94c03b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryW + 9                                                                                                                                                                                                                          00007ffe094d17e9 3 bytes [CC, CC, CC]
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExW                                                                                                                                                                                                                            00007ffe094d2aa0 7 bytes JMP 00007ffec94c0538
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryExA                                                                                                                                                                                                                            00007ffe094d2ac0 7 bytes JMP 00007ffec94c0478
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingW                                                                                                                                                                                                                        00007ffe094d2ad0 7 bytes JMP 00007ffec94c21b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!HeapCreate                                                                                                                                                                                                                                00007ffe094d31a0 7 bytes JMP 00007ffec94c1078
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadLibraryA                                                                                                                                                                                                                              00007ffe094d4960 10 bytes JMP 00007ffec94c02f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateFileMappingA                                                                                                                                                                                                                        00007ffe094d49f0 7 bytes JMP 00007ffec94c20f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessA                                                                                                                                                                                                                            00007ffe094d4ab0 7 bytes JMP 00007ffec94c12b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessW                                                                                                                                                                                                                            00007ffe094d7b30 7 bytes JMP 00007ffec94c1378
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualAllocEx                                                                                                                                                                                                                            00007ffe094ef2e0 7 bytes JMP 00007ffec94c09b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!WriteProcessMemory                                                                                                                                                                                                                        00007ffe09592250 7 bytes JMP 00007ffec94c1af8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!LoadPackagedLibrary                                                                                                                                                                                                                      00007ffe095acc70 10 bytes JMP 00007ffec94c0778
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!WinExec                                                                                                                                                                                                                                  00007ffe095af840 10 bytes JMP 00007ffec94c1d38
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalA                                                                                                                                                                                                                    00007ffe095afff0 7 bytes JMP 00007ffec94c1438
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateProcessInternalW                                                                                                                                                                                                                    00007ffe095b0070 7 bytes JMP 00007ffec94c14f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!CreateRemoteThread                                                                                                                                                                                                                        00007ffe095b00f0 7 bytes JMP 00007ffec94c17f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNEL32.DLL!VirtualProtectEx                                                                                                                                                                                                                          00007ffe095b0d30 7 bytes JMP 00007ffec94c0d78
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc                                                                                                                                                                                                                            00007ffe08fc1780 1 byte JMP 00007ffec94c0a78
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAlloc + 2                                                                                                                                                                                                                        00007ffe08fc1782 6 bytes {JMP 0xffffffffc04ff2f8}
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileEx                                                                                                                                                                                                                        00007ffe08fc1e60 9 bytes JMP 00007ffec94c26f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualProtect                                                                                                                                                                                                                          00007ffe08fc4c80 9 bytes JMP 00007ffec94c0e38
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualProtectEx                                                                                                                                                                                                                        00007ffe08fc4cb0 7 bytes JMP 00007ffec94c0ef8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile                                                                                                                                                                                                                          00007ffe08fc5e10 9 bytes JMP 00007ffec94c2638
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileW                                                                                                                                                                                                                            00007ffe08fc7990 12 bytes JMP 00007ffec94c1eb8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingNumaW                                                                                                                                                                                                                  00007ffe08fc7f70 7 bytes JMP 00007ffec94c2338
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileMappingW                                                                                                                                                                                                                      00007ffe08fc80b0 9 bytes JMP 00007ffec94c2278
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                                                                                                                                          00007ffe08fc8900 10 bytes JMP 00007ffec94c06b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExA                                                                                                                                                                                                                          00007ffe08fc9330 10 bytes JMP 00007ffec94c05f8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateRemoteThreadEx                                                                                                                                                                                                                    00007ffe08fdfea0 8 bytes JMP 00007ffec94c18b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!HeapCreate                                                                                                                                                                                                                              00007ffe08fe04e0 13 bytes JMP 00007ffec94c1138
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!CreateFileA                                                                                                                                                                                                                            00007ffe08fe05b0 10 bytes JMP 00007ffec94c1df8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!WriteProcessMemory                                                                                                                                                                                                                      00007ffe08ff6d50 10 bytes JMP 00007ffec94c1bb8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!MapViewOfFileFromApp                                                                                                                                                                                                                    00007ffe0900e6a0 7 bytes JMP 00007ffec94c27b8
.text    C:\Program Files\Pale Moon\palemoon.exe[86888] C:\Windows\system32\KERNELBASE.dll!VirtualAllocEx                                                                                                                                                                                                                          00007ffe09020960 8 bytes JMP 00007ffec94c0b38
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CloseHandle                                                                                                                                                                                                          00007ffe08fc14c0 5 bytes JMP 00007fff08fb0914
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTimeAsFileTime                                                                                                                                                                                              00007ffe08fc1630 3 bytes JMP 00007fff08fb0d53
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTimeAsFileTime + 4                                                                                                                                                                                          00007ffe08fc1634 1 byte [FF]
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteFile                                                                                                                                                                                                            00007ffe08fc1c50 5 bytes JMP 00007fff08fb0995
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!UnmapViewOfFile                                                                                                                                                                                                      00007ffe08fc1d70 5 bytes JMP 00007fff08fb0f50
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetConsoleMode                                                                                                                                                                                                      00007ffe08fc1fa0 5 bytes JMP 00007fff08fb0894
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetSystemTime                                                                                                                                                                                                        00007ffe08fc30c0 5 bytes JMP 00007fff08fb0dd4
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!MapViewOfFile                                                                                                                                                                                                        00007ffe08fc5e10 5 bytes JMP 00007fff08fb0f97
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetLocalTime                                                                                                                                                                                                        00007ffe08fc6550 5 bytes JMP 00007fff08fb0d93
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateFileW                                                                                                                                                                                                          00007ffe08fc7990 5 bytes JMP 00007fff08fb09da
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadFile                                                                                                                                                                                                            00007ffe08fc7eb0 5 bytes JMP 00007fff08fb0953
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!OpenFileMappingW                                                                                                                                                                                                    00007ffe08fc87c0 5 bytes JMP 00007fff08fb0fd3
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentVariableW                                                                                                                                                                                              00007ffe08fc8d30 5 bytes JMP 00007fff08fb0e53
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentStringsW                                                                                                                                                                                              00007ffe08fca530 5 bytes JMP 00007fff08fb0e13
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetEnvironmentVariableW                                                                                                                                                                                              00007ffe08fcb4b0 5 bytes JMP 00007fff08fb0ed4
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!TerminateThread                                                                                                                                                                                                      00007ffe08fcc140 5 bytes JMP 00007fff08fb0c13
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetCurrentDirectoryW                                                                                                                                                                                                00007ffe08fcc950 5 bytes JMP 00007fff08fb0b14
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateProcessW                                                                                                                                                                                                      00007ffe08fcfca0 5 bytes JMP 00007fff08fb0b95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetEnvironmentVariableA                                                                                                                                                                                              00007ffe08fcfd70 5 bytes JMP 00007fff08fb0e95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleMode                                                                                                                                                                                                      00007ffe08fd26b0 5 bytes JMP 00007fff08fb0856
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleW                                                                                                                                                                                                        00007ffe08fd4d80 5 bytes JMP 00007fff08fb0397
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleTitleW                                                                                                                                                                                                    00007ffe08fd4ed0 5 bytes JMP 00007fff08fb07d3
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!TerminateProcess                                                                                                                                                                                                    00007ffe08fe58c0 5 bytes JMP 00007fff08fb0cd3
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleTextAttribute                                                                                                                                                                                              00007ffe0901fdb0 5 bytes JMP 00007fff08fb0695
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetEnvironmentVariableA                                                                                                                                                                                              00007ffe09022690 5 bytes JMP 00007fff08fb0f13
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateProcessA                                                                                                                                                                                                      00007ffe090237b0 5 bytes JMP 00007fff08fb0bd5
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!PeekConsoleInputW                                                                                                                                                                                                    00007ffe09024520 5 bytes JMP 00007fff08fb0557
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCursorPosition                                                                                                                                                                                            00007ffe090245f0 5 bytes JMP 00007fff08fa0fd5
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!FlushConsoleInputBuffer                                                                                                                                                                                              00007ffe09024630 5 bytes JMP 00007fff08fb0215
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetNumberOfConsoleInputEvents                                                                                                                                                                                        00007ffe09024670 5 bytes JMP 00007fff08fb0254
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetThreadContext                                                                                                                                                                                                    00007ffe09038e30 4 bytes JMP 00007fff08fb0c58
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateThread                                                                                                                                                                                                        00007ffe0903abf0 5 bytes JMP 00007fff08fb0c95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputW                                                                                                                                                                                                  00007ffe0903b540 5 bytes JMP 00007fff08fb0657
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!AllocConsole                                                                                                                                                                                                        00007ffe0908f0c0 5 bytes JMP 00007fff08fb0754
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!FreeConsole                                                                                                                                                                                                          00007ffe0908f450 5 bytes JMP 00007fff08fb0719
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!CreateConsoleScreenBuffer                                                                                                                                                                                            00007ffe0908f4c0 5 bytes JMP 00007fff08fb01d3
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!PeekConsoleInputA                                                                                                                                                                                                    00007ffe0908f7b0 5 bytes JMP 00007fff08fb0517
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputA                                                                                                                                                                                                    00007ffe0908f7e0 5 bytes JMP 00007fff08fb0494
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleInputW                                                                                                                                                                                                    00007ffe0908f860 5 bytes JMP 00007fff08fb04d4
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleInputA                                                                                                                                                                                                  00007ffe0908fa00 5 bytes JMP 00007fff08fb0457
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleInputW                                                                                                                                                                                                  00007ffe0908fab0 5 bytes JMP 00007fff08fb0417
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputA                                                                                                                                                                                                  00007ffe0908fad0 5 bytes JMP 00007fff08fb0617
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputCharacterA                                                                                                                                                                                        00007ffe0908fb40 5 bytes JMP 00007fff08fb02d7
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleOutputCharacterW                                                                                                                                                                                        00007ffe0908fb70 5 bytes JMP 00007fff08fb0297
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!GetLargestConsoleWindowSize                                                                                                                                                                                          00007ffe0908fd20 5 bytes JMP 00007fff08fb0057
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ScrollConsoleScreenBufferA                                                                                                                                                                                          00007ffe0908fd70 5 bytes JMP 00007fff08fb0357
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ScrollConsoleScreenBufferW                                                                                                                                                                                          00007ffe0908fe20 5 bytes JMP 00007fff08fb0317
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleActiveScreenBuffer                                                                                                                                                                                        00007ffe0908fe50 5 bytes JMP 00007fff08fb0195
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCP                                                                                                                                                                                                        00007ffe0908fe90 5 bytes JMP 00007fff08fa0ed5
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleCursorInfo                                                                                                                                                                                                00007ffe0908fee0 5 bytes JMP 00007fff08fa0f95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleOutputCP                                                                                                                                                                                                  00007ffe0908ff30 5 bytes JMP 00007fff08fa0e95
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleScreenBufferInfoEx                                                                                                                                                                                        00007ffe0908ff80 5 bytes JMP 00007fff08fb0095
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleScreenBufferSize                                                                                                                                                                                          00007ffe09090080 5 bytes JMP 00007fff08fb0115
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetConsoleWindowInfo                                                                                                                                                                                                00007ffe090900d0 5 bytes JMP 00007fff08fb0155
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleA                                                                                                                                                                                                        00007ffe09090310 5 bytes JMP 00007fff08fb0594
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!ReadConsoleW                                                                                                                                                                                                        00007ffe09090540 5 bytes JMP 00007fff08fb05d4
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!WriteConsoleA                                                                                                                                                                                                        00007ffe09090590 5 bytes JMP 00007fff08fb03d7
.text    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe[116684] C:\Windows\system32\KERNELBASE.dll!SetCurrentDirectoryA                                                                                                                                                                                                00007ffe090a14c0 5 bytes JMP 00007fff08fb0b53
.text    C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_InsertPtr                                                                                                                                                00007ffe067f2fd0 5 bytes JMP 00007fff056d0f88
.text    C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_DeletePtr                                                                                                                                                00007ffe067f3050 5 bytes JMP 00007fff056d0f48
.text    C:\Windows\explorer.exe[123448] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8\Comctl32.dll!DPA_Create                                                                                                                                                  00007ffe067f3230 5 bytes JMP 00007fff056d0fc8
.text    C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance                                                                                                                                                                                                                                          00007ffe0982d050 5 bytes JMP 00007fff06d40070
.text    C:\Windows\explorer.exe[123996] C:\Windows\system32\USER32.dll!GetAncestor                                                                                                                                                                                                                                                00007ffe0b5412f0 5 bytes JMP 00007fff06d40028
.text    C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\dwmapi.dll!DwmIsCompositionEnabled                                                                                                                                                                                                                                    00007ffe06f01410 5 bytes JMP 00007fff06d40010
.text    C:\Windows\explorer.exe[123996] C:\Windows\SYSTEM32\UIAutomationCore.dll!UiaReturnRawElementProvider                                                                                                                                                                                                                      00007ffdf32e5740 5 bytes JMP 00007ffe06d40040

---- Threads - GMER 2.1 ----

Thread  C:\Windows\system32\csrss.exe [632:3996]                                                                                                                                                                                                                                                                                  fffff960009312d0
---- Processes - GMER 2.1 ----

Library  C:\Users\mongole\AppData\Local\KeePass\PluginCache\3CCPp6DCHvRxKsWOsm1T\DataBaseBackup.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [5104] (DataBaseBackup/Francis Noël)(2015-06-06 11:58:40)                                                                                    000000001c2c0000
Library  C:\Users\mongole\AppData\Local\KeePass\PluginCache\PwaUSoqXaMU2Mq5Ih23n\OtpKeyProv.dll (*** suspicious ***) @ C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [5104] (OtpKeyProv/Dominik Reichl)(2015-06-06 11:58:40)                                                                                          000000001b670000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                                                                                                                                                                                                        \??\C:\Users\mongole\AppData\Roaming\chrome.exe??
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                                                                                                                                        -871816015
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57                                                                                                                                                                                                                                             
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@181eb02e593b                                                                                                                                                                                                                                  0xEE 0x81 0xAB 0x55 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@d487d89d7a2f                                                                                                                                                                                                                                  0x7B 0xF0 0xFD 0x4F ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@d890e8586158                                                                                                                                                                                                                                  0x24 0x5E 0x35 0x12 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@181eb02f42f1                                                                                                                                                                                                                                  0x89 0xEE 0x2C 0x1C ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@a49a5853ec4a                                                                                                                                                                                                                                  0x39 0x64 0x4B 0x2A ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015833d0a57@b43a28c20bc0                                                                                                                                                                                                                                  0x74 0x2F 0x19 0x55 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Start                                                                                                                                                                                                                                                                0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Tag                                                                                                                                                                                                                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@ImagePath                                                                                                                                                                                                                                                            system32\drivers\MBAMSwissArmy.sys
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy@Group                                                                                                                                                                                                                                                                System Reserved
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MBAMSwissArmy                                                                                                                                                                                                                                                                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NdisCap\Parameters@RefCount                                                                                                                                                                                                                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                                                                                                          42345
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideIcons                                                                                                                                                                                                                                                0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU@MRUList                                                                                                                                                                                                                                                    fedcba
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}\iexplore@Count                                                                                                                                                                                                            2806
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8A6CAA2-533D-4AED-9E05-8EB19A4021AB}\iexplore@Count                                                                                                                                                                                                            2783
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\xxx@xxx.comMessageCount                                                                                                                                                                                                                              4

---- EOF - GMER 2.1 ----
Update:

Sample des Virus übermittelt an: Sophos, Symantec, ClamAV, Microsoft, Avira, McAfee, Kaspersky, Lavasoft, TrendMicro, Comodo, Baidu, Agnitum, Webroot, Vir.IT, Zoner. SUPERAntiSpyware.

In der Hoffnung, bald vernünftige Erkennungsraten und spezifische Removal Instructions zu bekommen :)

schrauber 28.09.2015 15:15
hi,

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

CptMw 28.09.2015 15:25
Hi,

hier das Log

Code:
16:21:03.0467 0x1ed8  TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
16:21:08.0358 0x1ed8  ============================================================
16:21:08.0358 0x1ed8  Current date / time: 2015/09/28 16:21:08.0358
16:21:08.0358 0x1ed8  SystemInfo:
16:21:08.0358 0x1ed8 
16:21:08.0358 0x1ed8  OS Version: 6.3.9600 ServicePack: 0.0
16:21:08.0358 0x1ed8  Product type: Workstation
16:21:08.0358 0x1ed8  ComputerName: MONGOMACHINE-8
16:21:08.0359 0x1ed8  UserName: mongole
16:21:08.0359 0x1ed8  Windows directory: C:\Windows
16:21:08.0359 0x1ed8  System windows directory: C:\Windows
16:21:08.0359 0x1ed8  Running under WOW64
16:21:08.0359 0x1ed8  Processor architecture: Intel x64
16:21:08.0359 0x1ed8  Number of processors: 8
16:21:08.0359 0x1ed8  Page size: 0x1000
16:21:08.0359 0x1ed8  Boot type: Normal boot
16:21:08.0359 0x1ed8  ============================================================
16:21:16.0006 0x1ed8  KLMD registered as C:\Windows\system32\drivers\51290952.sys
16:21:16.0028 0x1ed8  System UUID: {E559B8D1-DD33-9557-D245-677D1438D609}
16:21:16.0185 0x1ed8  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0207 0x1ed8  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0229 0x1ed8  Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 ( 1863.02 Gb ), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0249 0x1ed8  Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0251 0x1ed8  Drive \Device\Harddisk4\DR4 - Size: 0xEE8156000 ( 59.63 Gb ), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:21:16.0261 0x1ed8  ============================================================
16:21:16.0261 0x1ed8  \Device\Harddisk0\DR0:
16:21:16.0261 0x1ed8  MBR partitions:
16:21:16.0261 0x1ed8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
16:21:16.0261 0x1ed8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0xDEE4800
16:21:16.0261 0x1ed8  \Device\Harddisk1\DR1:
16:21:16.0261 0x1ed8  GPT partitions:
16:21:16.0261 0x1ed8  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {63B9CFEB-4795-499B-AAF5-450B1D464EC4}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
16:21:16.0261 0x1ed8  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {F3380D9A-D973-4488-A314-3BDB21372412}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x746C6000
16:21:16.0261 0x1ed8  MBR partitions:
16:21:16.0261 0x1ed8  \Device\Harddisk2\DR2:
16:21:16.0261 0x1ed8  MBR partitions:
16:21:16.0261 0x1ed8  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x800, BlocksNum 0xE8E07800
16:21:16.0261 0x1ed8  \Device\Harddisk3\DR3:
16:21:16.0262 0x1ed8  MBR partitions:
16:21:16.0262 0x1ed8  \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
16:21:16.0262 0x1ed8  \Device\Harddisk4\DR4:
16:21:16.0262 0x1ed8  MBR partitions:
16:21:16.0262 0x1ed8  \Device\Harddisk4\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x773F800
16:21:16.0262 0x1ed8  ============================================================
16:21:16.0263 0x1ed8  C: <-> \Device\Harddisk0\DR0\Partition2
16:21:16.0271 0x1ed8  G: <-> \Device\Harddisk4\DR4\Partition1
16:21:16.0294 0x1ed8  M: <-> \Device\Harddisk1\DR1\Partition2
16:21:16.0319 0x1ed8  F: <-> \Device\Harddisk3\DR3\Partition1
16:21:16.0319 0x1ed8  ============================================================
16:21:16.0319 0x1ed8  Initialize success
16:21:16.0319 0x1ed8  ============================================================
16:21:43.0146 0x1e90  ============================================================
16:21:43.0146 0x1e90  Scan started
16:21:43.0146 0x1e90  Mode: Manual; SigCheck; TDLFS;
16:21:43.0146 0x1e90  ============================================================
16:21:43.0146 0x1e90  KSN ping started
16:21:45.0504 0x1e90  KSN ping finished: true
16:21:47.0253 0x1e90  ================ Scan system memory ========================
16:21:47.0253 0x1e90  System memory - ok
16:21:47.0254 0x1e90  ================ Scan services =============================
16:21:47.0278 0x1e90  [ E1832BD9FD7E0FC2DC9FA5935DE3E8C1, 41FF7418887AFC8B9C96EF21C5950DD342CC9E3C0D87AFD60A05B988C1D6CC23 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
16:21:47.0302 0x1e90  1394ohci - ok
16:21:47.0310 0x1e90  [ AD508A1A46EC21B740AB31C28EFDFDB1, 9B1046CF0B80723149BD359B55CC0B8B3ABBEAA9038469F542A4C345C503FB02 ] 3ware          C:\Windows\system32\drivers\3ware.sys
16:21:47.0320 0x1e90  3ware - ok
16:21:47.0338 0x1e90  [ E796AE43DDD1844281DB4D57294D17C0, 21AE69615044A96041E46476BE814B52C22624B6C7EA6BFC77BB64F69C3C21F5 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:21:47.0350 0x1e90  ACPI - ok
16:21:47.0355 0x1e90  [ AC8279D229398BCF05C3154ADCA86813, 083E86CBE53244D24C334DB1511C77025133AE7875191845764B890A8CA5AFA9 ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
16:21:47.0361 0x1e90  acpiex - ok
16:21:47.0363 0x1e90  [ A8970D9BF23CD309E0403978A1B58F3F, 9946C8477104EEC7DB197E2222F9905307F101C398CCED4B5FD0F86A5622C791 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
16:21:47.0368 0x1e90  acpipagr - ok
16:21:47.0370 0x1e90  [ 111A89C99C5B4F1A7BCE5F643DD86F65, 41A2E49FF443927D05F7EF638518108227852984E68D4663C8761178C0B84A45 ] AcpiPmi        C:\Windows\System32\drivers\acpipmi.sys
16:21:47.0375 0x1e90  AcpiPmi - ok
16:21:47.0379 0x1e90  [ 5758387D68A20AE7D3245011B07E36E7, 77832E200E8B0D259552F6F60FE454A887E3EBBB9EA2F3590E6645289A04E293 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
16:21:47.0384 0x1e90  acpitime - ok
16:21:47.0421 0x1e90  [ 7C1FDF1B48298CBA7CE4BDD4978951AD, 80F4D536E1231B30E836F72ADC8814AE6AA9FEC573FB5F3F965FAC8ABCCAF0F8 ] ADP80XX        C:\Windows\system32\drivers\ADP80XX.SYS
16:21:47.0462 0x1e90  ADP80XX - ok
16:21:47.0471 0x1e90  [ BCD58DACAA1EAAADC115EDD940478F6D, F31613F583C302F62A00E6766B031531C9E193CAED563689B178BA257715B992 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:21:47.0481 0x1e90  AeLookupSvc - ok
16:21:47.0495 0x1e90  [ 374E27295F0A9DCAA8FC96370F9BEEA5, 51C394E0C2322D7D093941A1B8766171B5D1F47DF2FE0834209492891EA7D999 ] AFD            C:\Windows\system32\drivers\afd.sys
16:21:47.0507 0x1e90  AFD - ok
16:21:47.0512 0x1e90  [ 7DFAEBA9AD62D20102B576D5CAC45EC8, 9FA5207335303D1E8E9A3C9E1FB82C09AD21B04382F69D777A67E48EE91D2093 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:21:47.0517 0x1e90  agp440 - ok
16:21:47.0520 0x1e90  [ FE14D249D39368CA62D8DA6BC94AC694, E1036E22BFBD3750FD2D3DA6AB939B2DD54E824F4BD3E6539EF0E45AB5453DD1 ] ahcache        C:\Windows\system32\DRIVERS\ahcache.sys
16:21:47.0526 0x1e90  ahcache - ok
16:21:47.0530 0x1e90  [ 14A45BE6F5678339F0EC5752D9849410, DD0F60E96FAC68FBD5B86382E541408C613BD0F871D0E0A1EF9AB6E7B26E545C ] ALG            C:\Windows\System32\alg.exe
16:21:47.0536 0x1e90  ALG - ok
16:21:47.0541 0x1e90  [ 7589DE749DB6F71A68489DCE04158729, 5F35EDD50737985595C9D6703237CA2ADE49AA5443331020899698EB5114A0FB ] AmdK8          C:\Windows\System32\drivers\amdk8.sys
16:21:47.0547 0x1e90  AmdK8 - ok
16:21:47.0554 0x1e90  [ B46D2D89AFF8A9490FA8C98C7A5616E3, BE0765B5423B690E0F097FECD9717FAA95BFDFFDC6CF1B93DE5A19A1B7797879 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
16:21:47.0560 0x1e90  AmdPPM - ok
16:21:47.0567 0x1e90  [ D2BF2F94A47D332814910FD47C6BBCD2, FE273D77D119D958676E1197D9EA7B008E3B05C6192B1962A81D4223ED204C35 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
16:21:47.0574 0x1e90  amdsata - ok
16:21:47.0580 0x1e90  [ A8E04943C7BBA7219AA50400272C3C6E, 794C0BD12DF0392654E9A37AE4A24B5BE2D83F1F24F74DD48A1A0BF3AB8B1FF8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:21:47.0589 0x1e90  amdsbs - ok
16:21:47.0591 0x1e90  [ CEA5F4F27CFC08E3A44D576811B35F50, 89DF64B81BD109BAABAE93A4603C1617241219F38DDAF325EFE6BD35FF6FD717 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
16:21:47.0596 0x1e90  amdxata - ok
16:21:47.0600 0x1e90  [ 4887E13C3154816A9503E34FC05F2804, CA05D85C3B63EEB2836D50FF99CDA70DC56D7F67B4296EC50A7D250BBA2F57C4 ] AnyDVD          C:\Windows\system32\Drivers\AnyDVD.sys
16:21:47.0608 0x1e90  AnyDVD - ok
16:21:47.0612 0x1e90  [ 415DD71628795197F7AFC176CBADC74E, 5F0359053A6CD6EE239139E0E6F46E1FA9A73F017C0CE9B7BC052216B2C846EC ] AppID          C:\Windows\system32\drivers\appid.sys
16:21:47.0618 0x1e90  AppID - ok
16:21:47.0621 0x1e90  [ 88358135810B9DFD830A9D3A8C3D149A, DF914DA3828EE2310895D156342E3B3DF5E8C6F6F9B851C359E82A1F48180D4B ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:21:47.0627 0x1e90  AppIDSvc - ok
16:21:47.0630 0x1e90  [ 680BFB820C5A943AB709BAA2B1EF27F2, A51D2A7976A762FE470C13C6D1BA0319A0FB19C9E66BF02AA44F83EAEC7130F8 ] Appinfo        C:\Windows\System32\appinfo.dll
16:21:47.0637 0x1e90  Appinfo - ok
16:21:47.0643 0x1e90  [ 1A8EA3500576DD4B43E9318F10709E0E, 85F8581C319DE241B223366F08A5F9301858DA9DA1A0CAA10ED387A2B99EC216 ] AppMgmt        C:\Windows\System32\appmgmts.dll
16:21:47.0652 0x1e90  AppMgmt - ok
16:21:47.0674 0x1e90  [ 35E28923A23ADABAA5A1B43256D0AB58, A5F3AF8BBEE58B2165BAFACC5FF8B167B55B020998D3D1565C2229ED8753B269 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
16:21:47.0686 0x1e90  AppReadiness - ok
16:21:47.0721 0x1e90  [ 573542B5E97772021B73E854DA861DAA, C3FD00FA28060F8D7CDFD455BBB5FF8239CB76DDFFF2BDAE6AA944674DD993D3 ] AppXSvc        C:\Windows\system32\appxdeploymentserver.dll
16:21:47.0742 0x1e90  AppXSvc - ok
16:21:47.0748 0x1e90  [ 65045784366F7EC5FB4E71BCF923187B, 53C215C64FF12E44B097F7CB88E8482438CE0ACBD3C68D8FD38BA0D0D8747FAA ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:21:47.0757 0x1e90  arcsas - ok
16:21:47.0759 0x1e90  [ 3DB7721F06BC2FEDB25029EA23AB27DA, 221861148C66FE53E4D6EE49C6E656479AB5804A2D348A280A1CD8093E8AB788 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:21:47.0770 0x1e90  AsyncMac - ok
16:21:47.0773 0x1e90  [ 74B14192CF79A72F7536B27CB8814FBD, 0CF6BBB63FFE0C12777664D80B2797923844C8392D0FD81D7962EE5EE2C3C3D9 ] atapi          C:\Windows\system32\drivers\atapi.sys
16:21:47.0777 0x1e90  atapi - ok
16:21:47.0782 0x1e90  [ 431FE56F5A2F5937994CB2DA330B47DB, E5AED551529A21494114959251FDF566802DD6D9B9D86A937A0EECE53338CAC7 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
16:21:47.0790 0x1e90  AudioEndpointBuilder - ok
16:21:47.0803 0x1e90  [ 0F03CC00645D7F841879A048787D6AC7, 3ECD2486157469F2EDB63D4868338D1445F2909153DF0AFFE432083730EEE3F5 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:21:47.0821 0x1e90  Audiosrv - ok
16:21:47.0827 0x1e90  [ 3C6ED74AF41DD1A5585CE5EF3D00915F, A742F576407776634E5A8E49C60023FFDF395DE0B2DE36662A23F85B79405ED2 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:21:47.0833 0x1e90  AxInstSV - ok
16:21:47.0856 0x1e90  [ A4A73F631FE2AA2826FBE4A399B04DEF, 973AACE8DC8DA669D0DF20F17EFDEEABB90AA046AC980948D16A62D39A606A79 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
16:21:47.0887 0x1e90  b06bdrv - ok
16:21:47.0890 0x1e90  [ 8CC7F7E4AFCBA605921B137ED7992C68, 71406E6D6E9964740A6D90B05329D5492BB90AF40E0630CF2FBF4BA4BA14F2DD ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
16:21:47.0895 0x1e90  BasicDisplay - ok
16:21:47.0898 0x1e90  [ 38A82F4EE8C416A6744B6D30381ED768, 9EAAE5F43BA09359130AC04B1DCA0F5D4DF32ED89C02DC5CEB640918948847F7 ] BasicRender    C:\Windows\System32\drivers\BasicRender.sys
16:21:47.0903 0x1e90  BasicRender - ok
16:21:47.0908 0x1e90  [ 2C969095C2827EF4536C7D6FA434F993, 3C1AD826355AB1509DFF74B9168929A98CC207D96F97E356650DF9F9C5ADD9BE ] BazisVirtualCDBus C:\Windows\System32\drivers\BazisVirtualCDBus.sys
16:21:47.0914 0x1e90  BazisVirtualCDBus - ok
16:21:47.0916 0x1e90  [ C1ABB0F7E3BEA48A0417BDF6FF14AB21, 1CAC63A1A0FB9855A27EE977794576A860F6650C9EF7667FFB27F2A2FF721857 ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
16:21:47.0919 0x1e90  bcmfn2 - ok
16:21:47.0927 0x1e90  [ 77D760E9B477C21487C171F561497F98, 2393D466CEC863C771C5BB4CD81B251635DC084386134B8E13F74F3E1C6D68DF ] BDESVC          C:\Windows\System32\bdesvc.dll
16:21:47.0936 0x1e90  BDESVC - ok
16:21:47.0938 0x1e90  [ EC19013E4CF87609534165DF897274D6, 8ED45537CF2D58D759A587CCBFDADD5580C7447B0C3B172CF19ECC7585E073FC ] Beep            C:\Windows\system32\drivers\Beep.sys
16:21:47.0943 0x1e90  Beep - ok
16:21:47.0956 0x1e90  [ 8F2AD111B47A190F325EE7495D3C1803, C61F1506E74A9EFBB61B8A06B30886B6E891C33211F755F30B924EBA202ECEC5 ] BFE            C:\Windows\System32\bfe.dll
16:21:47.0970 0x1e90  BFE - ok
16:21:47.0974 0x1e90  [ 5A98C8DC3947110B792AD91F38EAA4A3, 43C0E7CB0A892A87B2AAF681C29DC2249CD5B4589914DF68122458C4639A04EE ] BfLwf          C:\Windows\system32\DRIVERS\bwcW8x64.sys
16:21:47.0980 0x1e90  BfLwf - ok
16:21:48.0001 0x1e90  [ 48554994279BFE17A3D2B00076D0CB1A, 6521B1EC0BC6B01F63976370D89FE7DC2E7404899F68B6FAC37A9173B9C5D489 ] BITS            C:\Windows\System32\qmgr.dll
16:21:48.0019 0x1e90  BITS - ok
16:21:48.0028 0x1e90  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:21:48.0038 0x1e90  Bonjour Service - ok
16:21:48.0045 0x1e90  [ 6B4FFFDDC618FCF64473CAA86E305697, 29EA66071D5822920F5C50533673ADAB5204F8B25C11027AD27450D881F1142D ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:21:48.0051 0x1e90  bowser - ok
16:21:48.0060 0x1e90  [ FA601515FF2B59F25FDD8EDB1D2A1104, 21DFB53241F8E880F7546B9ADF38F47D6AD0782EC7F8F0284ED69DE7CEF7DCB9 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
16:21:48.0067 0x1e90  BrokerInfrastructure - ok
16:21:48.0072 0x1e90  [ BC111AADACD0BF59D56547461D13AB6E, 91E3619930C29EE4B2683683888BA7EE3CF6B1DDB0C19A14E0880470CBE40EF4 ] Browser        C:\Windows\System32\browser.dll
16:21:48.0078 0x1e90  Browser - ok
16:21:48.0081 0x1e90  [ 0B2EE8B36081C1039EA3D20B952A8DDC, 4849F424B15CBF2342811D944A599D762D206E33D284429483D9769FD07C3BE7 ] bthav          C:\Windows\system32\drivers\bthav.sys
16:21:48.0086 0x1e90  bthav - ok
16:21:48.0089 0x1e90  [ A8F23D453A424FF4DE04989C4727ECC7, AE4A9081395C7379F1C947EF8243F7609F90C843E086B8E77E1A2C06E36D4381 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
16:21:48.0094 0x1e90  BthAvrcpTg - ok
16:21:48.0097 0x1e90  [ 12418846B057E4F92FC621F5C6CF737D, 0B8B0EADE4F2AD95D450A5C71C287C0F04F33897ABF27D3E3B6428A3C99C7B5D ] BthEnum        C:\Windows\System32\drivers\BthEnum.sys
16:21:48.0102 0x1e90  BthEnum - ok
16:21:48.0105 0x1e90  [ 272A62B660A48AEF366F8A1836CED19F, 78EFAC6B1B2313482329BBFFBF0DDA6462BD88E5BE3C817C5E8E0EAF3074C925 ] BthHFEnum      C:\Windows\System32\drivers\bthhfenum.sys
16:21:48.0110 0x1e90  BthHFEnum - ok
16:21:48.0113 0x1e90  [ 71FE2A48E4C93DDB9798C024880B6C07, 8E93DE29C61A5FA64216231228CB3C4A1A693FE87CAA2C070BCAD7BE2D8ED000 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
16:21:48.0117 0x1e90  bthhfhid - ok
16:21:48.0128 0x1e90  [ 9307A4B743D277C499CDA8E19E5687AC, 7A01989EC3D54581F292BDEDC9B9445F2ABD50165102617E3089BDD061C63A19 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
16:21:48.0136 0x1e90  BthHFSrv - ok
16:21:48.0139 0x1e90  [ EF4B9E7C9AD88C00C18A12B0D22D1894, 672537E75201E690D86CD65252B8AEF887C76EBD37AB0C419462D69164B350CC ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
16:21:48.0144 0x1e90  BTHMODEM - ok
16:21:48.0148 0x1e90  [ FEA8FC81431AD93F44D5FBFBBF096AA7, C0581DF6B2AD24836604B083F4866F93A3F4D9091D382029948A5E6221EDF788 ] BthPan          C:\Windows\System32\drivers\bthpan.sys
16:21:48.0154 0x1e90  BthPan - ok
16:21:48.0178 0x1e90  [ B810B2B39CCA90DC6BF42AF1658AE0D1, D184F927BCFBDE7063A0C9873BF2C174226E1AB5081A7108FCC66210CD117465 ] BTHPORT        C:\Windows\System32\Drivers\BTHport.sys
16:21:48.0197 0x1e90  BTHPORT - ok
16:21:48.0202 0x1e90  [ 043A0F37631BF453F16D478B71320F46, C368296B802984F438852927B8A40EA3F4205724A05828F3173F08EC17228356 ] bthserv        C:\Windows\system32\bthserv.dll
16:21:48.0208 0x1e90  bthserv - ok
16:21:48.0211 0x1e90  [ 52A1B7ECAB4C9EF70FD41241691E09D3, F7A5BFE72D3151E73DD9922A76964C08AC1FDCB8460D9A17DCF8B7969006AD42 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:21:48.0216 0x1e90  BTHUSB - ok
16:21:48.0221 0x1e90  [ 2FA6510E33F7DEFEC03658B74101A9B9, 61C8C8E3F09B427711464C974EE22E1E01C48E10DB54A4EC9901F482FC36C978 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:21:48.0227 0x1e90  cdfs - ok
16:21:48.0234 0x1e90  [ C6796EA22B513E3457514D92DCDB1A3D, 2B893F3950C6B913B934C2089B69F3B0B77F229AE1820907E598455CBB78139C ] cdrom          C:\Windows\System32\drivers\cdrom.sys
16:21:48.0240 0x1e90  cdrom - ok
16:21:48.0247 0x1e90  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] CertPropSvc    C:\Windows\System32\certprop.dll
16:21:48.0253 0x1e90  CertPropSvc - ok
16:21:48.0256 0x1e90  [ BE9936EDD3267FAAFF94A7835867F00B, 3CEEF2377D45ED38C7CD3CE4C746EC5EA7277EFEC728A5438F0EF5F62FC7C859 ] circlass        C:\Windows\System32\drivers\circlass.sys
16:21:48.0261 0x1e90  circlass - ok
16:21:48.0268 0x1e90  [ 8EB7E70C2D348FE2476A2E3F2D585E3D, 2B5D407FACF1D049261026CC552A7C93B028A661B0F4E959815EAE7670054127 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
16:21:48.0277 0x1e90  CLFS - ok
16:21:48.0283 0x1e90  [ EF6EF85DADC3184A10D8F2F7159973CB, 42FCB286CED95A5DEBC5C0C894FCBC4818A2C818BB71087142FB51A08A0BE96B ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
16:21:48.0288 0x1e90  CmBatt - ok
16:21:48.0297 0x1e90  [ 5E5AB950693F2C6D6ACBEE3A74697ED7, 3790A7DD0AC65F47A697A577744FDFA4CC1CA3422884C84E499F97AC91BA84F3 ] CNG            C:\Windows\system32\Drivers\cng.sys
16:21:48.0310 0x1e90  CNG - ok
16:21:48.0314 0x1e90  [ 03AAED827C36F35D70900558B8274905, 8E44A23C6013FFAE7769F99CAA3B1D6288DE00A38937F9056903AC265B503AFA ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
16:21:48.0319 0x1e90  CompositeBus - ok
16:21:48.0321 0x1e90  COMSysApp - ok
16:21:48.0325 0x1e90  [ A1FF7DFBFBE164CF92603C651D304DD2, 470ACE5A75E64FC62C950037201199857E974803625DC73BEDBCF6FA4DDD496C ] condrv          C:\Windows\system32\drivers\condrv.sys
16:21:48.0331 0x1e90  condrv - ok
16:21:48.0337 0x1e90  [ 6324F0D18FB52833BA64BC828E29054C, 04118FA1BDFC512F76E4A81FEF34C78B6BD98429DB1D65123B6802B4A1E30584 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:21:48.0343 0x1e90  CryptSvc - ok
16:21:48.0361 0x1e90  [ 9DBC32A45CFA67074432D2AF6C2832B6, B3B26302961A95EDFD4F994D56B1E5A8452266E0C2161D15C1213BBE376227A2 ] CSC            C:\Windows\system32\drivers\csc.sys
16:21:48.0373 0x1e90  CSC - ok
16:21:48.0392 0x1e90  [ 86079FF8A3B625ABAEB68841D2BF6FE6, 49FF4D458DF8FAB4ECA8CAD9BBF88C929C8B9AB7F063938A6A332B31F2C0F8EB ] CscService      C:\Windows\System32\cscsvc.dll
16:21:48.0406 0x1e90  CscService - ok
16:21:48.0415 0x1e90  [ 51D43B57EA8EFFE5CB1E27E01C100A2F, 68995F291422F2C5A2C9C4C673272754E3AC49ED53D6197675EB9E19028163C5 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
16:21:48.0423 0x1e90  CTAudSvcService - detected UnsignedFile.Multi.Generic ( 1 )
16:21:50.0975 0x1e90  Detect skipped due to KSN trusted
16:21:50.0975 0x1e90  CTAudSvcService - ok
16:21:51.0005 0x1e90  [ A2D4288A7412D0D6AEA3490FB7D26BC8, 6FF5AAABA159E93E01FE6F5861D07C040DD4808597B85107E426F013DFAFE5AC ] cthda          C:\Windows\system32\drivers\cthda.sys
16:21:51.0035 0x1e90  cthda - ok
16:21:51.0047 0x1e90  [ 39DFCFD2C32A7A4F5E3F9C77389F3BE1, 81C06CA42A8E1D495017019E41DE1A5B1DEA450D41BDDFB131EA33E11B60337B ] CtHdaSvc        C:\Windows\sysWow64\CtHdaSvc.exe
16:21:51.0056 0x1e90  CtHdaSvc - ok
16:21:51.0058 0x1e90  [ 823702E03DBBADD5488992122EC86D7C, 8EFB9E871EEAD1A2CAE945356C8EC90B52845772BFAC02ACAFA0F8E5CEBB9C40 ] cthdb          C:\Windows\system32\DRIVERS\cthdb.sys
16:21:51.0062 0x1e90  cthdb - ok
16:21:51.0068 0x1e90  [ 35D1B1D879926DA06B740547428A45B7, 467915863EAFF1F5C8BFFB3C3FAF6CAAC8E621EFBF399B796F420C7443B3B022 ] ctxusbm        C:\Windows\system32\DRIVERS\ctxusbm.sys
16:21:51.0074 0x1e90  ctxusbm - ok
16:21:51.0077 0x1e90  [ 389C998C64319CD97625B0550E52ECFA, DD0EDDD9C8412F78D2D2B648D67DA887C3040E05DF29F48F71299CB68FDDD0F8 ] dam            C:\Windows\system32\drivers\dam.sys
16:21:51.0082 0x1e90  dam - ok
16:21:51.0084 0x1e90  dbupdate - ok
16:21:51.0084 0x1e90  dbupdatem - ok
16:21:51.0105 0x1e90  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:21:51.0121 0x1e90  DcomLaunch - ok
16:21:51.0130 0x1e90  [ EDB72F4A46C39452D1A5414F7D26454A, 0B2F863F4119DC88A22CC97C0A136C88A0127CB026751303B045F7322A8972F6 ] dcrypt          C:\Windows\system32\drivers\dcrypt.sys
16:21:51.0139 0x1e90  dcrypt - ok
16:21:51.0153 0x1e90  [ 95E1ABFB27F8A62ED764805775F0D2F3, 692865DA60C93481E01592883678B2C51FD9AC9A835DFB00A8E3F2DFEE7AB0ED ] defragsvc      C:\Windows\System32\defragsvc.dll
16:21:51.0164 0x1e90  defragsvc - ok
16:21:51.0180 0x1e90  [ 8C65D844F8B4484A71E220F13A48A3E5, BB09E997839984562CA2E96826578B712DD05EC9C18106AA00B8DB084BF78EE7 ] Desura Install Service C:\Program Files (x86)\Common Files\Desura\desura_service.exe
16:21:51.0200 0x1e90  Desura Install Service - ok
16:21:51.0213 0x1e90  [ FF086DEF5995558CCB1B5AAC2110195D, CED52FF01F9247BFDAFC5C7EFC538F8638146ED715574A422496EE0F846CB079 ] DeviceAssociationService C:\Windows\system32\das.dll
16:21:51.0222 0x1e90  DeviceAssociationService - ok
16:21:51.0230 0x1e90  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] DeviceInstall  C:\Windows\system32\umpnpmgr.dll
16:21:51.0236 0x1e90  DeviceInstall - ok
16:21:51.0242 0x1e90  [ A03F362C5557E238CBFA914689C77248, BAD0A1124E6A384C15028FBE121ADF650F7716442555AD3737B9EA1F58A69246 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
16:21:51.0248 0x1e90  Dfsc - ok
16:21:51.0252 0x1e90  [ 73BDD44A6088916964945886F9025409, 8E2ECC9AAEF3C6EBA2E61D25F657FDFCC72AB517CC4FD5FFF992E1F9EB942662 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
16:21:51.0256 0x1e90  dg_ssudbus - ok
16:21:51.0268 0x1e90  [ 3EEAADA3125431980E5804ED7143458A, 381E12C83E3211C255B321D35536F4049D67E31061F8D82155E4D4509E97F43D ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:21:51.0278 0x1e90  Dhcp - ok
16:21:51.0299 0x1e90  [ 21EDAD8188372C912B7BB9B1C6CB0D38, 4A102745DE8A2A82D2C069B30503BF9FF2312A035A82854F84EF9C27E3533CEE ] DiagTrack      C:\Windows\system32\diagtrack.dll
16:21:51.0324 0x1e90  DiagTrack - ok
16:21:51.0358 0x1e90  [ 2A312D761AE650B1BF1296733E872AAC, A05BB3B3BF2DA68599E593BB4367774A74141DE327092C77BCDA3C0F36C8D6AD ] DirMngr        m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
16:21:51.0364 0x1e90  DirMngr - detected UnsignedFile.Multi.Generic ( 1 )
16:21:54.0803 0x1e90  Detect skipped due to KSN trusted
16:21:54.0803 0x1e90  DirMngr - ok
16:21:54.0811 0x1e90  [ 4D40C9B33F738797CF50E77CB7C53E85, 7BA341342A47DEB15B51971C97A5237ACD8BDAD9033F63DF0000892BE43F8E13 ] disk            C:\Windows\system32\drivers\disk.sys
16:21:54.0817 0x1e90  disk - ok
16:21:54.0820 0x1e90  [ EB70A894708D1BC176AFD690FF06085F, 0DD2A97F5E1B38D1F7C0D44E50F09EA222B18B3B074CC9C8CD25A7526CB1A112 ] dmvsc          C:\Windows\System32\drivers\dmvsc.sys
16:21:54.0825 0x1e90  dmvsc - ok
16:21:54.0830 0x1e90  [ E9AE4FAE83FB38A2962F9032B24CEB3C, CC7D2D8C97CB779791613D76D6E4AF5D628C948C28BAC584C3C7F6A5A6036FBA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:21:54.0838 0x1e90  Dnscache - ok
16:21:54.0846 0x1e90  [ 811EACBCC7C51A03AE11F13CC27B2AB6, FAB94F84950FFB7D3649BAFB8D96D43B880D7FDE8D5B879472AE26C4BC4203B0 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:21:54.0854 0x1e90  dot3svc - ok
16:21:54.0862 0x1e90  [ B99CB575986789A93A683DCF292A43A1, 6ACEA31C723B74003E106FC8303542FCC6DBC4952B6B523F6590D006BE57238D ] DPS            C:\Windows\system32\dps.dll
16:21:54.0869 0x1e90  DPS - ok
16:21:54.0872 0x1e90  [ 00C594D5A1DBD22AD8B2902B9F6EFF94, 2920D62B5F7C49A8AFA80FCAD1E834BBAA670AEBDD7E6F21F0496D1D3CCB4E90 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:21:54.0876 0x1e90  drmkaud - ok
16:21:54.0884 0x1e90  [ 263625A4F616538EB867B6306A6590DB, 2A064720C247EAA3446EFDCC9E01D84CBA875905D78DFED0FBD62D1EE422D416 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
16:21:54.0892 0x1e90  DsmSvc - ok
16:21:54.0897 0x1e90  [ FD2C67871FE7BCD81622857B2BDA5CB8, E5A4F712DEA37C203F154997821F38942B9AED06D2990A905C34FAD68DC76B26 ] dvblink_tuner  C:\Windows\system32\drivers\dvblink_tuner.sys
16:21:54.0904 0x1e90  dvblink_tuner - ok
16:21:54.0945 0x1e90  [ E1BB0B6F00F470B451AB45EA13EBA0B3, 3A2FC2175B69A5EB98D6C2D563DBFDCB320647AB87A14E47FAE800423DCACDAB ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:21:54.0970 0x1e90  DXGKrnl - ok
16:21:54.0973 0x1e90  EagleX64 - ok
16:21:54.0977 0x1e90  [ E253530BD5EDE28F1FF6AF93C4D8034D, 787A70C3E946348F066FB8EB81FCE60157217D93FD78ADC631B5835E8D76A253 ] Eaphost        C:\Windows\System32\eapsvc.dll
16:21:54.0983 0x1e90  Eaphost - ok
16:21:55.0050 0x1e90  [ 114BCFDF367FF37C3F1B0A96AF542E4D, D385BC1D91BC1406091C8C3691C07A90BD60EDE05B1384E5AA3506FCB909C857 ] ebdrv          C:\Windows\system32\drivers\evbda.sys
16:21:55.0137 0x1e90  ebdrv - ok
16:21:55.0143 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] EFS            C:\Windows\System32\lsass.exe
16:21:55.0151 0x1e90  EFS - ok
16:21:55.0157 0x1e90  [ 43531A5993380CC5113242C29D265FD9, EE0076D96F7F3CF29884AC7A67C08A429115A7201354A1FB5DE45FD63ABB4960 ] EhStorClass    C:\Windows\system32\drivers\EhStorClass.sys
16:21:55.0162 0x1e90  EhStorClass - ok
16:21:55.0168 0x1e90  [ 6F8E738A9505A388B1157FDDE7B3101B, 3696CA634102B41EEA11EB9DCA0B24439D8636AED4A7190C138C5E64A2EFB514 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
16:21:55.0174 0x1e90  EhStorTcgDrv - ok
16:21:55.0177 0x1e90  [ BDD265EEB37DF5953A547FE412E2472F, 17EB4FD54D62207937F8CA7454837DBF1EEC867AEDAF201FC2E839A3ED357F4F ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
16:21:55.0181 0x1e90  ElbyCDIO - ok
16:21:55.0183 0x1e90  [ 12B914E8AF6DC6948C54A1FC2C6F4581, CA7EB8CBD374900DB051C6C8A1E3BAC4B35BB56CCD654E86374C96B93F6BA45D ] EMET_Service    C:\Program Files (x86)\EMET 5.2\EMET_Service.exe
16:21:55.0188 0x1e90  EMET_Service - ok
16:21:55.0190 0x1e90  [ DFFFAE1442BA4076E18EED5E406FA0D3, 329FC6FB8D14BEACDBE2A5D4C496EDEA485E838B1DF27566E278F8F8E0D8E82E ] ErrDev          C:\Windows\System32\drivers\errdev.sys
16:21:55.0195 0x1e90  ErrDev - ok
16:21:55.0212 0x1e90  [ F00C593994D57C75273F820653440536, 2DC986D9890EC907405FB2045E6F55ACC384169B45F0B56CCB1A953CF71D9A5D ] EventSystem    C:\Windows\system32\es.dll
16:21:55.0224 0x1e90  EventSystem - ok
16:21:55.0234 0x1e90  [ 7729D294A555C7AEB281ED8E4D0E01E4, 7269E79D72CCE477AC108294D0DDFB59CF533B03C587599C5AB0507C43A0B6D4 ] exfat          C:\Windows\system32\drivers\exfat.sys
16:21:55.0244 0x1e90  exfat - ok
16:21:55.0255 0x1e90  [ 7C4E0D5900B2A1D11EDD626D6DDB937B, 732F310F8F6016C56F432A81636B13CE0124A802FE8DD91287B618EED22C9A1D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:21:55.0262 0x1e90  fastfat - ok
16:21:55.0279 0x1e90  [ 304B6AEC4639A7CCCCF544C6BA6177B2, B75CDD52FD3890B3008E06C503945D1E36478F0EC5E067C8DBC2822D7935D24B ] Fax            C:\Windows\system32\fxssvc.exe
16:21:55.0292 0x1e90  Fax - ok
16:21:55.0295 0x1e90  [ 5D8402613E778B3BD45E687A8372710B, EE9EA10805168D309A609B9019AEC5961EE46D18207B5E0EA2DE4064A5770AF8 ] fdc            C:\Windows\System32\drivers\fdc.sys
16:21:55.0300 0x1e90  fdc - ok
16:21:55.0303 0x1e90  [ 020D2F29009F893ADEFF4405B4B44565, 9F8501064C72933D1442DA00E70392B30D0207EB7D60F50E6648FF363799E6F1 ] fdPHost        C:\Windows\system32\fdPHost.dll
16:21:55.0309 0x1e90  fdPHost - ok
16:21:55.0312 0x1e90  [ E80D2EDD2F88B6E20076A0A4F5A5A245, E3CD6E0BE152B22E8A7340EFFD10CCDB1B632CD3EDF487E83F697D2E22A7D594 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:21:55.0318 0x1e90  FDResPub - ok
16:21:55.0323 0x1e90  [ 47AB7D16EDE434B934AA4D661456C2D5, D375A92FB3E4BB0A8DA5270DACC888E53FB9F514516039FE6DAE4D4EF6B9A970 ] fhsvc          C:\Windows\system32\fhsvc.dll
16:21:55.0330 0x1e90  fhsvc - ok
16:21:55.0334 0x1e90  [ BCFD8B149B3ADF92D0DB1E909CAF0265, 002B085C131473642450176B4B8359F3E5B04350AFB659B9C0F9EB587D1181E7 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:21:55.0339 0x1e90  FileInfo - ok
16:21:55.0342 0x1e90  [ A1A66C4FDAFD6B0289523232AFB7D8AF, 0F5832F626BB62190D5F3A088CE6E048D8A400CCF9EA527F06973CAD96D3A81C ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:21:55.0350 0x1e90  Filetrace - ok
16:21:55.0437 0x1e90  [ 78CD0E0DE02981654B8B60F95D791298, 234B0228D712949EA09701C0319FD260203F091B9A9EAA4160F6F58C47BA4A7E ] FileZilla Server m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
16:21:55.0451 0x1e90  FileZilla Server - ok
16:21:55.0457 0x1e90  [ BE743083CF7063C486A4398E3AEFE59A, 85796D89943DD6FE3932C1ED6CF01470C1B4DFD243C390B07055FFDA3C231551 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
16:21:55.0462 0x1e90  flpydisk - ok
16:21:55.0472 0x1e90  [ C1FB505A73FA2E9019D32444AB33B75A, 765F0635C18295855CA4C0394192E8B94BA2EA1C4D74F86B720358ABA019FFAA ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:21:55.0481 0x1e90  FltMgr - ok
16:21:55.0501 0x1e90  [ 1E93CBB75D167CDF85501A8C790097A8, C9E5DD090C94E7855939CE1F416460DB408EFF897C2CD52E0D52A734D8ED18B7 ] FontCache      C:\Windows\system32\FntCache.dll
16:21:55.0523 0x1e90  FontCache - ok
16:21:55.0527 0x1e90  [ 1C52387BF5A127F5F3BFB31288F30D93, 90D13F60170CD74304F3036A90D596AA3E1E134455A780310BDF67AC7815F2E7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:21:55.0531 0x1e90  FontCache3.0.0.0 - ok
16:21:55.0535 0x1e90  [ A7C31B168F371E8E6796219F23E354DB, C51C9BF568F1E96CBBE57D2432B38F93F40520086DDB6AAAAC48CBCD1691B441 ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
16:21:55.0539 0x1e90  FsDepends - ok
16:21:55.0542 0x1e90  [ 09F460AFEDCA03F3BF6E07D1CCC9AC42, B832091BC9B2C2FE38A4BCA132ABB58251E851F21EC6F39636E73777AB9A5791 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:21:55.0546 0x1e90  Fs_Rec - ok
16:21:55.0561 0x1e90  [ F152D55E497E12256290C43B31C7D0CE, FFC54B14CCFBC1548948C07FB3866E40A11D0C05AC352BD000E71CEF053F6A6E ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:21:55.0573 0x1e90  fvevol - ok
16:21:55.0576 0x1e90  [ 9591D0B9351ED489EAFD9D1CE52A8015, AC64C236C3AE545FCE8ED44A4A87FB86265A453BA60026EC9A4DE2B631E99996 ] FxPPM          C:\Windows\System32\drivers\fxppm.sys
16:21:55.0581 0x1e90  FxPPM - ok
16:21:55.0585 0x1e90  [ FC3EF65EE20D39F8749C2218DBA681CA, 12980F1DE99B25E6920A33556F3ABDA5EC9BFE4757BE602130B5E939D8D25CE3 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:21:55.0592 0x1e90  gagp30kx - ok
16:21:55.0603 0x1e90  [ 898F20847EFAFA91EB8936D39A9B6F7D, 6BE43ADC7094016B555623F474D70E091751628C0A19A9C2D6C706B0487795D7 ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
16:21:55.0617 0x1e90  Garmin Device Interaction Service - ok
16:21:55.0621 0x1e90  [ 3F6F2BEF3880C4CC9A381EE227DA0BBD, 26E7BD7DB254125904911B1E751710C645C770AAB089442678D7ACFC2CDEDB0E ] GDKBBlocker    C:\Windows\system32\drivers\GDKBBlocker64.sys
16:21:55.0626 0x1e90  GDKBBlocker - ok
16:21:55.0629 0x1e90  [ 0BF5CAD281E25F1418E5B8875DC5ADD1, 0929AD8437DD78234553D8B2CDF0D6838FD54ACDE1918AFEBE48684EB32A07A3 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
16:21:55.0634 0x1e90  gencounter - ok
16:21:56.0185 0x1e90  [ 75E7CCDA9A215B77100500DB56286F87, F6218D556333D5B0C55DD6E23322D61C3749A7621638FFD0AFF3992569C24494 ] GlassWire      M:\Program Files (x86)\GlassWire\GWCtlSrv.exe
16:21:56.0416 0x1e90  GlassWire - ok
16:21:56.0428 0x1e90  [ 8DF1254093B5C354CE725EB6B9B0DE19, DE6C5661CC076DA44B8A5D044FDB7280EDCF38D322A98C14FDC82E25586B3014 ] GPIOClx0101    C:\Windows\system32\Drivers\msgpioclx.sys
16:21:56.0434 0x1e90  GPIOClx0101 - ok
16:21:56.0471 0x1e90  [ 0D03F87D4FF4ADBAF8336DD80548155A, BC10CFA88EA2F41A8D96CB810B7953A4C168B79273A3E804A9F020F49AB58CD3 ] gpsvc          C:\Windows\System32\gpsvc.dll
16:21:56.0493 0x1e90  gpsvc - ok
16:21:56.0496 0x1e90  GPUZ - ok
16:21:56.0498 0x1e90  [ 77621A3DF170D246DC744CD0767BFAB3, 08BA4984D8B19337A34E4A2BBCE4AD681FDE09D02A6C421A16F5A717AA12CD84 ] gwdrv          C:\Windows\system32\DRIVERS\gwdrv.sys
16:21:56.0502 0x1e90  gwdrv - ok
16:21:56.0511 0x1e90  [ 56F69F7C25FB67C970997D7066DBC593, 83E03A82237DCC5BCB3E722ACECACEF3510CAA619F33E0D7C4D902A482E90418 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:21:56.0521 0x1e90  HdAudAddService - ok
16:21:56.0525 0x1e90  [ D4B7ED39C7900384D9E5C1283F1E7926, F93F98858067B40F1C071EAD0F8E85442A78B95342BC692AF4D726540634923F ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
16:21:56.0530 0x1e90  HDAudBus - ok
16:21:56.0532 0x1e90  [ 10A70BC1871CD955D85CD88372724906, 2480A74854D0A89FF028EE9BA41224D4B2F9B0863066BFC43097920794FEE08D ] HidBatt        C:\Windows\System32\drivers\HidBatt.sys
16:21:56.0537 0x1e90  HidBatt - ok
16:21:56.0540 0x1e90  [ 42F88B57CAE42FC10059C887B3FCFCEA, 9363AA2B8E839A6935A7C6A36C491938DF78024886DCCE6D29CB18E1D6A6D806 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
16:21:56.0546 0x1e90  HidBth - ok
16:21:56.0549 0x1e90  [ C241A8BAFBBFC90176EA0F5240EACC17, 571E20B87818618BE9179986177D55739A240F04D1F740B3C1B7809B9427B767 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
16:21:56.0554 0x1e90  hidi2c - ok
16:21:56.0558 0x1e90  [ 9BDDEE26255421017E161CCB9D5EDA95, B766FD5E31708F29384F69418FC33C4BCC6E3064AA553D5B1D30EE0B8B1BFB40 ] HidIr          C:\Windows\System32\drivers\hidir.sys
16:21:56.0565 0x1e90  HidIr - ok
16:21:56.0568 0x1e90  [ EA85B5093DF7B5C3E80362B053740AE2, 1D4251385402A2ADEE8FA1642F54180304F88337DA74989BDE44025ABB145FE5 ] hidserv        C:\Windows\system32\hidserv.dll
16:21:56.0573 0x1e90  hidserv - ok
16:21:56.0575 0x1e90  [ 8DB8EAB9D0C6A5DF0BDCADEA239220B4, EDA23E6909EB83E5E148816DFB16CC29EA01BD6BD2F73AA46B3D820B85FB9C83 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
16:21:56.0580 0x1e90  HidUsb - ok
16:21:56.0584 0x1e90  [ 93C4315F47F8D635C6DB0DF49FCE10EE, 70C52B8927D54ACD23F27948780B522974250FD5CD81AA9801C3F158C402889F ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:21:56.0591 0x1e90  hkmsvc - ok
16:21:56.0598 0x1e90  [ AC49522ED106BD4B545D6614D71C2445, 40BD738A301170378ECFC031635EB04E2F812B676376CADDD6607ECABEC9255F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:21:56.0606 0x1e90  HomeGroupListener - ok
16:21:56.0618 0x1e90  [ 99932E30CE0283B73BB6E5019E150394, 1F88C2F56A7B8E1F75E6359281F418F9661DA4FB7B7D7B14FA7F718B15D4DCE0 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:21:56.0628 0x1e90  HomeGroupProvider - ok
16:21:56.0634 0x1e90  [ A6AACEA4C785789BDA5912AD1FEDA80D, D197012A5DA6AB3F76FF298336DF0CF027C07ECC71267BAEF5912DE12893E096 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:21:56.0640 0x1e90  HpSAMD - ok
16:21:56.0642 0x1e90  [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64        C:\Windows\System32\Drivers\ANDROIDUSB.sys
16:21:56.0650 0x1e90  HTCAND64 - ok
16:21:56.0654 0x1e90  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
16:21:56.0657 0x1e90  htcnprot - ok
16:21:56.0671 0x1e90  [ E87A6D3B8FECD5B93BC0CFBB48C27970, 55C49B6F3822450447C082B40A263F3370694DB53AD0018ADEB911E4A9F65A88 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:21:56.0690 0x1e90  HTTP - ok
16:21:56.0693 0x1e90  [ 90656C0B3864804B090434EFC582404F, BDB60050B729AACB9E009AC7129BEBD6298BBD8A9DB14B817D02E8E13669BD6E ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:21:56.0697 0x1e90  hwpolicy - ok
16:21:56.0699 0x1e90  [ 6D6F9E3BF0484967E52F7E846BFF1CA1, C982966BDE6A3E6773D9441ADA7A3B08D13511DFC68D04DF303248B942423F38 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
16:21:56.0703 0x1e90  hyperkbd - ok
16:21:56.0706 0x1e90  [ 907C870F8C31F8DDD6F090857B46AB25, 308664A31717383D06185875E76C6612407A9F04E7DB28404F574A5706C6715D ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
16:21:56.0711 0x1e90  HyperVideo - ok
16:21:56.0716 0x1e90  [ 49EE0AE9E5B64FFBBD06D55C4984B598, 8866627F9241B24A59C81D8BCC67A4DCA87576F589599BA291D0E323F679EB4D ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
16:21:56.0722 0x1e90  i8042prt - ok
16:21:56.0724 0x1e90  [ 5D90E32E36CE5D4C535D17CE08AEAF05, 976A463343E8C8308AFBE9E64DF56C430D2241DE002430D00318AB065EB72E4A ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
16:21:56.0727 0x1e90  iaLPSSi_GPIO - ok
16:21:56.0733 0x1e90  [ DD05E7E80F52ADE9AEB292819920F32C, E71AB6A50B0F90C8F94569CE89F66F915A0A4A00D4AC091B2E5E750D88CFC334 ] iaLPSSi_I2C    C:\Windows\System32\drivers\iaLPSSi_I2C.sys
16:21:56.0740 0x1e90  iaLPSSi_I2C - ok
16:21:56.0761 0x1e90  [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA        C:\Windows\system32\drivers\iaStorA.sys
16:21:56.0772 0x1e90  iaStorA - ok
16:21:56.0792 0x1e90  [ 08BFE413B0B4AA8DFA4B5684CE06D3DC, 95DEEBB203E12EE6E191F5247A74C04AEC0E16DE981FADDC4D6C42EE41D8D079 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
16:21:56.0814 0x1e90  iaStorAV - ok
16:21:56.0819 0x1e90  [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:21:56.0822 0x1e90  IAStorDataMgrSvc - ok
16:21:56.0838 0x1e90  [ A2200C3033FA4EF249FC096A7A7D02A2, 5819F5C2020DE2EEE339B0C08CD4B1E3490EAFBBEA1277CE649DB5A5150986B0 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
16:21:56.0858 0x1e90  iaStorV - ok
16:21:56.0863 0x1e90  [ D9A9FFC89F61CAD4AD9EF31FBB17E634, F81184889B30DA8947F22A9C9ED5C542295ED70F0A1C27D1C91BAC21F4BCD987 ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
16:21:56.0870 0x1e90  ICCS - ok
16:21:56.0871 0x1e90  IEEtwCollectorService - ok
16:21:56.0946 0x1e90  iked - ok
16:21:56.0962 0x1e90  [ 1EF41003FADB93DC4170803D70C63A9E, D2B6D51ECE5820EE071176331C6FE5B825255FDD83F1F3136D549648101EC1F3 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:21:56.0981 0x1e90  IKEEXT - ok
16:21:57.0134 0x1e90  [ CC2521C1BE66E922196431B77F765178, 07106F575F715F761E01D3788053CBA6E53DD8390CE79BD4F6FC2BCDDC34C982 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:21:57.0295 0x1e90  IntcAzAudAddService - ok
16:21:57.0312 0x1e90  [ 9A6DEB5DDF7E29728F6FEA5092AFA3F2, 21C47A0490EBA302657EF30C560E4AF83777685FFE126DCCAC310163C47401D1 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
16:21:57.0329 0x1e90  Intel(R) Capability Licensing Service TCP IP Interface - ok
16:21:57.0332 0x1e90  [ 4E448FCFFD00E8D657CD9E48D3E47157, 4A958CF0BF8DAEAE5E008500BA67CE89B21388592811274331EE39CAC1043A00 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:21:57.0336 0x1e90  intelide - ok
16:21:57.0340 0x1e90  [ 7AA01AB1C110916825E6E1389F1B9AF2, E2885955AFA0908E194B1BC364C9582249B2B2AFFF93F17F3414F55B1E5F2C42 ] intelpep        C:\Windows\system32\drivers\intelpep.sys
16:21:57.0344 0x1e90  intelpep - ok
16:21:57.0350 0x1e90  [ 47E74A8E53C7C24DCE38311E1451C1D9, 79B06E37A552C8A847404D4C572CDB8CF525354D8AE3BEBC06892B7C3B330761 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
16:21:57.0356 0x1e90  intelppm - ok
16:21:57.0362 0x1e90  [ 9DB76D7F9E4E53EFE5DD8C53DE837514, 07BA4EDA9BE9139A689A2C3EFC1D1A4F3D1216625ED145F313398292A2CD5703 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:57.0369 0x1e90  IpFilterDriver - ok
16:21:57.0395 0x1e90  [ A5800036E4EA06697A34742A24ACFBE1, BA67060526E9213000B4206F86A74F904999AD7018EFCBE4FE9708650DA9D973 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:21:57.0412 0x1e90  iphlpsvc - ok
16:21:57.0416 0x1e90  [ 9C096BF5E10CA8BFA56F32522A89FAF1, 6C1151160799338DA351C7237AB049926C6C15F24F5E154BBF5929B4A96C0B8D ] IPMIDRV        C:\Windows\System32\drivers\IPMIDrv.sys
16:21:57.0422 0x1e90  IPMIDRV - ok
16:21:57.0429 0x1e90  [ B7342B3C58E91107F6E946A93D9D4EFD, D5DA3C02C5C5A343785745EF6983CC9B5FBD3FB8D49FE9B450523E50212D1A32 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
16:21:57.0435 0x1e90  IPNAT - ok
16:21:57.0436 0x1e90  ipsecd - ok
16:21:57.0439 0x1e90  [ AE44C526AB5F8A487D941CEB57B10C97, A783A2EAF7A6FF450FB3F189A5930036FA60D125C42171AC44B6FE2E3DBD6F7A ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:21:57.0445 0x1e90  IRENUM - ok
16:21:57.0447 0x1e90  [ 8AFEEA3955AA43616A60F133B1D25F21, E99359A4F1D653790133F145CF7C9F97399FD75C5E135AA7E5F989BB660789AF ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:21:57.0452 0x1e90  isapnp - ok
16:21:57.0461 0x1e90  [ D90AB68D0FAC9F357F663670FDBB511E, A82AAA5DF1B38EFBDCF834535A0C520D1BB2D7A4A906C18CFDD22BCF16BDB97D ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
16:21:57.0469 0x1e90  iScsiPrt - ok
16:21:57.0472 0x1e90  [ 1ECC1A421B0AEBF9A6934451FBFD7848, 1A8DDEC42831C12760CF27FA02EDD06D5CCE25A606E2DECB7D8487B5961B11AC ] ISCT            C:\Windows\System32\drivers\ISCTD64.sys
16:21:57.0476 0x1e90  ISCT - ok
16:21:57.0481 0x1e90  [ EC62720A72C1ACD6AB638C0D7D10F431, CB1DC7A7E2247C11D4F40041F889786CD20E0C5CF6EEDFC320F8E9646E974C07 ] iumsvc          C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
16:21:57.0486 0x1e90  iumsvc - ok
16:21:57.0491 0x1e90  [ CA295D3E5032DDF8A3CBD1A256E646FA, 03879D331AE446FCF25D0193805A5E0C17764439B5B8FE1D684DDB96B1A358C9 ] jhi_service    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
16:21:57.0497 0x1e90  jhi_service - ok
16:21:57.0500 0x1e90  [ 5917AFE4A3F695A54B99C1849C8207FE, DD57638966F2F0387DCF9DA4BBAEE3CDD8CC6F1A2D49581A0374D46A565BED4F ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
16:21:57.0505 0x1e90  kbdclass - ok
16:21:57.0508 0x1e90  [ 8CD840A062F6BDF41DDE3ACB96164B72, AEAE867F3557C1CE6B931E19D7144A3BD3CBABD81B1542667680D54FC24DEBE1 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
16:21:57.0513 0x1e90  kbdhid - ok
16:21:57.0516 0x1e90  [ DB7A09BC90DF20F44F16F8B0F9ED3491, 2DF5E042284D61368A5801B2557351B2C4B1044AA6F966DF4DDCE7B453D1B9AE ] kbldfltr        C:\Windows\system32\drivers\kbldfltr.sys
16:21:57.0520 0x1e90  kbldfltr - ok
16:21:57.0522 0x1e90  [ 813871C7D402A05F2E3A7075F9584A05, FF0C2F87EB083F8CE74C679D80C845CDFBFBBC70BE818F899F3336BBB54A3FFB ] kdnic          C:\Windows\system32\DRIVERS\kdnic.sys
16:21:57.0526 0x1e90  kdnic - ok
16:21:57.0529 0x1e90  [ A23E2A41E729E7752347670BFED12A54, 8E349AE4B7193B8422F1BA6BA516DF2B2451D23DDD20CA11CE43204EE0DBBCBA ] Ke2200          C:\Windows\system32\DRIVERS\e22w8x64.sys
16:21:57.0534 0x1e90  Ke2200 - ok
16:21:57.0537 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] KeyIso          C:\Windows\system32\lsass.exe
16:21:57.0542 0x1e90  KeyIso - ok
16:21:57.0548 0x1e90  [ A6A4F8CFE0796A691789F02423F1281B, B0BF411A627F890D1B6E11D5CD4A75E2A5655FBCDF8AEA639A17F310AE679737 ] Killer Service V2 C:\Program Files\Killer Networking\Network Manager\KillerService.exe
16:21:57.0555 0x1e90  Killer Service V2 - detected UnsignedFile.Multi.Generic ( 1 )
16:21:59.0896 0x1e90  Killer Service V2 ( UnsignedFile.Multi.Generic ) - warning
16:22:02.0449 0x1e90  [ 4E829B18D5BAEC29893792A3C671A847, 64C3B99F53A9D1ACA802B46B09E820AD210B667D5A1CD0ADAF1F12944B15B52E ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:22:02.0454 0x1e90  KSecDD - ok
16:22:02.0459 0x1e90  [ 46711F40D0F9E63F786ED23F9BD5215E, 1FBC5101D843E5B43184C98B3D9AF3015C9409EEA6C7BB01B143FD08D4946FC0 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
16:22:02.0466 0x1e90  KSecPkg - ok
16:22:02.0469 0x1e90  [ 11AFB527AA370B1DAFD5C36F35F6D45F, 757AD234284467ADB826F7CA0251F58D48866B91995BC867DEA4BAF676947163 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
16:22:02.0473 0x1e90  ksthunk - ok
16:22:02.0484 0x1e90  [ C1591A66028C71147A3E2EAB0B1CCB7E, 82F3D5DCC1614398A144D9791E4BAA814DBA9112677341FD57D5E9834CEDEB41 ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:22:02.0493 0x1e90  KtmRm - ok
16:22:02.0504 0x1e90  [ CA2828DDE4B09FEFFDB7CE68B3D8D00A, B514792FF1EF36C678BB51644A1C420105D5E2CD6DD5A89A3FB252D08277A40C ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:22:02.0513 0x1e90  LanmanServer - ok
16:22:02.0523 0x1e90  [ 3DBD9100745F9B8506B8FEC6FE6CCDE3, C3EF2856A1680AFDE133887E48946CF9CAB6755C3BDC07F0326965DCD4096F62 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:22:02.0533 0x1e90  LanmanWorkstation - ok
16:22:02.0543 0x1e90  [ 8B9F3796EC1762CF255BDB324E5529C8, F73D6BEF19BE20AEB18DA82CB63E9D8B50ACBBE4ED9B646EF0C9F598F6B81F94 ] lfsvc          C:\Windows\System32\GeofenceMonitorService.dll
16:22:02.0554 0x1e90  lfsvc - ok
16:22:02.0557 0x1e90  [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum      C:\Windows\system32\drivers\LGBusEnum.sys
16:22:02.0562 0x1e90  LGBusEnum - ok
16:22:02.0565 0x1e90  [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
16:22:02.0568 0x1e90  LGCoreTemp - ok
16:22:02.0571 0x1e90  [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore    C:\Windows\system32\drivers\LGJoyXlCore.sys
16:22:02.0578 0x1e90  LGJoyXlCore - ok
16:22:02.0582 0x1e90  [ 94AF1384A67B9FCF5651E70BC9D4C526, 9C025F7BBB5BBE9DAF3DEF2F6385CE77C8F413912C4D16930814F6D19B62B367 ] LGSHidFilt      C:\Windows\system32\DRIVERS\LGSHidFilt.Sys
16:22:02.0587 0x1e90  LGSHidFilt - ok
16:22:02.0590 0x1e90  [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
16:22:02.0595 0x1e90  LGVirHid - ok
16:22:02.0600 0x1e90  [ C09010B3680860131631F53E8FE7BAD8, 35F2A06D5F29478D22ABDCC20DA893EF9D96504C65594A0CEA674D1C21B04FF8 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:22:02.0607 0x1e90  lltdio - ok
16:22:02.0618 0x1e90  [ DAE98CC96C5EE308BF4EA7B18F226CB8, 7A6CC56BF075010707715AB6608764291E358EDF27C806A025532869004C686B ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:22:02.0627 0x1e90  lltdsvc - ok
16:22:02.0630 0x1e90  [ 1E2662D847B7D9995C65D90D254A7E0F, AFD4063D2071FFCB6B0EAC0715276D986F42326919C86E525DCE12E1109A93E2 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:22:02.0635 0x1e90  lmhosts - ok
16:22:02.0642 0x1e90  [ ED5C8B920F2ACF11A26586B2FA66BF3D, D6F014F0CCAB7EDA38A8CC58F439D2A8CD89195AE84F82E25475CE11CB3883C9 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:22:02.0653 0x1e90  LMS - ok
16:22:02.0658 0x1e90  [ 7E74CE69AEF2F66F037E9000AF1209FB, AF5407AB507EB5F01167D4EFA0B235510F26287159C4594FB3B9CB2D086BDD6E ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
16:22:02.0664 0x1e90  LogiRegistryService - ok
16:22:02.0671 0x1e90  [ C755AE4635457AA2A11F79C0DF857ABC, E03D1ACAC155287291FE1BD0B653953ADC94279A74D0152088D698FAA796460F ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
16:22:02.0680 0x1e90  LSI_SAS - ok
16:22:02.0685 0x1e90  [ ADAC09CBE7A2040B7F68B5E5C9A75141, 7865DA7E91404F3642BC444B97F6B7AA42B9523D5EDD7F6365DA236B8EC3410F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:22:02.0693 0x1e90  LSI_SAS2 - ok
16:22:02.0697 0x1e90  [ 04D1274BB9BBCCF12BD12374002AA191, 4B9618F8D25F2278DE1610A70ACAADB074D171D162C3AF27D464F5DC800A8E60 ] LSI_SAS3        C:\Windows\system32\drivers\lsi_sas3.sys
16:22:02.0705 0x1e90  LSI_SAS3 - ok
16:22:02.0711 0x1e90  [ 327469EEF3833D0C584B7E88A76AEC0C, 3D88B5A2D68F93F01B39C6E3D8D5C7A2A20686EFC756086E66AFFF1BC3019B85 ] LSI_SSS        C:\Windows\system32\drivers\lsi_sss.sys
16:22:02.0720 0x1e90  LSI_SSS - ok
16:22:02.0731 0x1e90  [ 9A7A7E45DAED2E8C2816716D8D28236A, C94787988826E546A8DC752BD6BE4EA7423DC3762B2D371DB297A63F865A95FF ] LSM            C:\Windows\System32\lsm.dll
16:22:02.0745 0x1e90  LSM - ok
16:22:02.0752 0x1e90  [ DDEE191AB32DFC22C6465002ECDF5EE4, 190C3930A8449118F9FEDF43C482837EF1C255E6D67F9651156E66A1E2BC6553 ] luafv          C:\Windows\system32\drivers\luafv.sys
16:22:02.0758 0x1e90  luafv - ok
16:22:02.0761 0x1e90  [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
16:22:02.0764 0x1e90  MBAMProtector - ok
16:22:02.0882 0x1e90  [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService    m:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
16:22:02.0902 0x1e90  MBAMService - ok
16:22:02.0907 0x1e90  [ 85CFE7AB85B43B6B7AC7961AA3983A9F, 4E88B75818FD00C0ABBDF8E02EBFB550A67B46E5E13D3B3DF52611793F7DA0DD ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:22:02.0911 0x1e90  MBAMWebAccessControl - ok
16:22:02.0913 0x1e90  [ 8FF2D95CBA49B405C5DE27039FF0BF35, 03BF7FC7F1C2C76EDB583BA342EA1C325DB8058517744EF2A78529D3938F4DC1 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
16:22:02.0917 0x1e90  MBfilt - ok
16:22:02.0921 0x1e90  [ EB5C03A070F30D64A6DF80E53B22F53F, 12051B6AEBDEE1E28F24364F25A52BA3A6E282ECF86D6290E34BD38E6D4E066D ] megasas        C:\Windows\system32\drivers\megasas.sys
16:22:02.0928 0x1e90  megasas - ok
16:22:02.0949 0x1e90  [ F6F13533196DE7A582D422B0241E4363, B3CD9B08937AFFF12141B38634AF3A56F5AC5FF3EF03941802B9841DEC559469 ] megasr          C:\Windows\system32\drivers\megasr.sys
16:22:02.0977 0x1e90  megasr - ok
16:22:02.0981 0x1e90  [ 1BC9159CF58BABD89419072EA180A8F6, 6C9AB779C2355A341800A8F93AAAF9B19FAFF444CD6A7BD27C63D53F379A75EF ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
16:22:02.0986 0x1e90  MEIx64 - ok
16:22:02.0990 0x1e90  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] MMCSS          C:\Windows\system32\mmcss.dll
16:22:02.0997 0x1e90  MMCSS - ok
16:22:03.0000 0x1e90  [ 8B38C44F69259987C95135C9627E2378, E698B82D4EFFF56D66C7FC9866369BA5736FDBDBE2028CC421C51E70DEA74727 ] Modem          C:\Windows\system32\drivers\modem.sys
16:22:03.0007 0x1e90  Modem - ok
16:22:03.0009 0x1e90  [ 601589000CC90F0DF8DA2CC254A3CCC9, D1238A386C41B6C368D9A44B7C112C943995B5403E2A5B4B7346B266DDB0C5A0 ] monitor        C:\Windows\System32\drivers\monitor.sys
16:22:03.0016 0x1e90  monitor - ok
16:22:03.0019 0x1e90  [ 08374E4E5B8914DE6067CBA99F61E930, CBB1390D6523FC968BEDF78FD13699488621ACB2CD1DF55D1606316090548661 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
16:22:03.0024 0x1e90  mouclass - ok
16:22:03.0028 0x1e90  [ 5FCBAB60598AE119E02B4C27DE6B99EA, 36F30094F700DE41C293047ACB49ED1961DD927BEDAD8DFDAB7023D4D24CB0DE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
16:22:03.0032 0x1e90  mouhid - ok
16:22:03.0036 0x1e90  [ 9A788037D768809DFD677F4BA08A224A, E0686B3318F924E440ADA439D6671D44D3FF97C13D45C2E0A3A7B9E23DA38350 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:22:03.0041 0x1e90  mountmgr - ok
16:22:03.0088 0x1e90  MPlayerWWService - ok
16:22:03.0092 0x1e90  [ 6FC047578785B0435F4E2660946D1ADC, 8AEA5659F01FC2F75160922C69622502DABA39F33CB90D5178DD679A1CDE617D ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:22:03.0097 0x1e90  mpsdrv - ok
16:22:03.0115 0x1e90  [ C18AA14126ADC66478E8E962B2DFAA98, A6F8CE9D88D590DC083253004392572C3BD02C33433CD6C0D9117D2AA7171EEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:22:03.0132 0x1e90  MpsSvc - ok
16:22:03.0136 0x1e90  [ DB32958F0E704EFBF7F15161A569E39F, 8A26448B954F8A16EE9BA72EF47F6C549A75B30BD13FEB5A29EB099A74D8F678 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:22:03.0142 0x1e90  MRxDAV - ok
16:22:03.0150 0x1e90  [ 6FBDF2B1B025A8E6E069234362FFFFB7, CF1AFC088F59AD61037F4C4650F3BAEE7FE37C40B3A27B903475F005410F8155 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:03.0159 0x1e90  mrxsmb - ok
16:22:03.0165 0x1e90  [ BCBD64220AD85C26823453FF1DC3EFBD, 0245E3659E9135B9276F3CCFBEA0CEFFC4F4C0826F6D19B6329057620235F087 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:03.0173 0x1e90  mrxsmb10 - ok
16:22:03.0178 0x1e90  [ 57C2473D501331211D6885FD59F3E44B, 10253703DB32A32291C61B6962A79E374B5DF7DD14A6B6AFD08A99EF26206619 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:03.0185 0x1e90  mrxsmb20 - ok
16:22:03.0190 0x1e90  [ F3C060444777A59FC63D920719E43CCD, 8766A2746E3DFB0749E902F458141269335CA6F0CEDCA3D5F8C204637C19E783 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
16:22:03.0196 0x1e90  MsBridge - ok
16:22:03.0202 0x1e90  [ 915747E010A9414B069173284A9B93F4, 8A335C28FE1EF96DD71485877F2E86155D24B5614ACE05468F4B07E2ACD56331 ] MSDTC          C:\Windows\System32\msdtc.exe
16:22:03.0208 0x1e90  MSDTC - ok
16:22:03.0211 0x1e90  [ D13329FBF8345B28AB30F44CC247DC08, 9C7EC2D4D65E6510EB5B9E61BB0D14F725D7E8FE98D65161C3971E43EF1AB6EB ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:22:03.0217 0x1e90  Msfs - ok
16:22:03.0220 0x1e90  [ C6B474E46F9E543B875981ED3FFE6ADD, E16687E52FB649C23D92159A1F036CB662202C1E58D961EECDAA528AA4FA669A ] msgpiowin32    C:\Windows\System32\drivers\msgpiowin32.sys
16:22:03.0224 0x1e90  msgpiowin32 - ok
16:22:03.0226 0x1e90  [ 65C92EB9D08DB5C69F28C7FFD4E84E31, D709BA4723225321F665B1157A33A4AE230420752308EF535DA9A41CAC164628 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
16:22:03.0231 0x1e90  mshidkmdf - ok
16:22:03.0234 0x1e90  [ 52299F086AC2DAFD100DD5DC4A8614BA, B36BE0FC96798E5EB8C193C318970E3906961E3ABC3BFAAD73138C76D9A95B0B ] mshidumdf      C:\Windows\System32\drivers\mshidumdf.sys
16:22:03.0239 0x1e90  mshidumdf - ok
16:22:03.0267 0x1e90  [ 390EA2F54CBEC1AB7BAA51F3294E37A8, BF996E3205D600D88485B9074D23EBF7456EE64007C664C9238D2BFACBB6D4C7 ] MSIBIOSData_CC  C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe
16:22:03.0301 0x1e90  MSIBIOSData_CC - ok
16:22:03.0352 0x1e90  [ 7B8D56ADE37DB6A66E2DC8E104B5C7D0, E00A42ECF9D24F2CC341DF2AC1974355925731BDCD6E971785EBA9DEC90F1AAB ] MSIClock_CC    C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe
16:22:03.0424 0x1e90  MSIClock_CC - ok
16:22:03.0455 0x1e90  [ 928F8C7A0ADE7E41B4A05A2672FCBFAF, DE29C92B8BAE43EEFB793160BCA7C51889B7ADAC72EF4D4C1570252B8C24DCD7 ] MSICOMM_CC      C:\Program Files (x86)\MSI\Command Center\MSICommService.exe
16:22:03.0495 0x1e90  MSICOMM_CC - ok
16:22:03.0547 0x1e90  [ AFF08249D96D797BF1298EE074D4A1B3, 471FA817A3FB1F5C9D4E54C7AB5FA7C49C051EBAB94C3961F0C2ADFFDE1DDA55 ] MSICPU_CC      C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe
16:22:03.0611 0x1e90  MSICPU_CC - ok
16:22:03.0642 0x1e90  [ 9100DE93D89D3E57A9F585A79C1B70CC, 378FCBAD9ADBE0C268FBDCB68B2FA0265F6A6C200E129A952A58C696AA312EA3 ] MSICTL_CC      C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
16:22:03.0675 0x1e90  MSICTL_CC - ok
16:22:03.0710 0x1e90  [ D7865975915164D09A6D5409D601E174, 36D0067DDE4395A31013929F8F3DBB7F16AD9638F4AB2D12FAA9017BC63265A9 ] MSIDDR_CC      C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
16:22:03.0746 0x1e90  MSIDDR_CC - ok
16:22:03.0751 0x1e90  [ 36D92AF3343C3A3E57FEF11C449AEA4C, ECC85AA1E530DF55B4A4545798219F87F0FCA66DDD2E37BCEF0850D3C9129DD2 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:22:03.0755 0x1e90  msisadrv - ok
16:22:03.0761 0x1e90  [ 4EAEEBAC8CFF4E0D717DFA920BC58A90, A65CB1BB3392B6A04B978348CAC18A414560A6B04A727F22DFC0ADB20DD3AF6B ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:22:03.0767 0x1e90  MSiSCSI - ok
16:22:03.0769 0x1e90  msiserver - ok
16:22:03.0796 0x1e90  [ E83766864194277B13037D80D3A92CC2, D93C793D49CE6B824885D64E80AC91AABFBFBA0AD990BA2950C925948B456DC6 ] MSISMB_CC      C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe
16:22:03.0830 0x1e90  MSISMB_CC - ok
16:22:03.0840 0x1e90  [ E87777FD1ACA88A77E3330FA50B9A3EF, D8BB8F6F3AD7A73380A9134E696F44E0DB786F0708232E5F7C5397028E724622 ] MSISuperIO_CC  C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe
16:22:03.0851 0x1e90  MSISuperIO_CC - ok
16:22:03.0882 0x1e90  [ D784D62BFE153792F341F6C37842D3E0, CF7963BD01A35D1DAE070C96C13B8D35ECCD2389B1035789B14D625EE4BB274A ] MSI_ECOSERVICE  C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
16:22:03.0918 0x1e90  MSI_ECOSERVICE - ok
16:22:03.0941 0x1e90  [ 591591EFF4B05FEC751148BA1FF8B595, 49516EAF3132DD8DB1D0C531E8106BCB585C64A3442A4C6660BE0135C0DC33EC ] MSI_LiveUpdate_Service C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
16:22:03.0970 0x1e90  MSI_LiveUpdate_Service - ok
16:22:03.0975 0x1e90  [ 4C1A0E9B4C6CC09E8C68FD33998013AA, 190ADFCCAE844DB9F807BD9668EB90BE0C9887719DF2820E66D121655AF27614 ] MsKeyboardFilter C:\Windows\System32\KeyboardFilterSvc.dll
16:22:03.0981 0x1e90  MsKeyboardFilter - ok
16:22:03.0983 0x1e90  [ A9BBBD2BAE6142253B9195E949AC2E8D, 599D2952D4E0B0B3E02D91E38A30F4900B1ADA330716B887B156A1CB9A3E6EE9 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:22:03.0989 0x1e90  MSKSSRV - ok
16:22:03.0992 0x1e90  [ 51B3AC0560848CD6D65AC2033E293113, 73A27E88774C6929328E6C9FC9C389F4DF76D4D4D5CBFC4F51651CC308829628 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
16:22:03.0998 0x1e90  MsLldp - ok
16:22:04.0000 0x1e90  [ 7B2128EB875DCBC006E6A913211006D6, 97BBD7FF770741FBFC0F181A609AD0954EA926DA203B742E8F08C89AD8FE476E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:04.0004 0x1e90  MSPCLOCK - ok
16:22:04.0006 0x1e90  [ 1E88171579B218115C7A772F8DE04BD8, B9EAA835D0BF8F9C4DF8403D95EF1400E8AE38F28F9DBA87657DE2129FEF02D2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:22:04.0011 0x1e90  MSPQM - ok
16:22:04.0030 0x1e90  [ BBE2A455053E63BECBF42C2F9B21FAE0, 7C5DF563499DF59DF9895A1581E47ADF5FD54C94ECEF6C886CDB60E5E95A6DAE ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:22:04.0039 0x1e90  MsRPC - ok
16:22:04.0042 0x1e90  [ 8D6B7D515C5CBCDB75B928A0B73C3C5E, 1EB4DC3DD21D2627C78EC3F9931D9E5D033169087E43B5D7C17BF1FF2A0028CD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
16:22:04.0047 0x1e90  mssmbios - ok
16:22:04.0049 0x1e90  [ 115019AE01E0EB9C048530D2928AB4A2, 6E2275E85EACF2D0FC784792E0D72A165589D33CBAB3BCFA8E271CA09566C925 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:22:04.0054 0x1e90  MSTEE - ok
16:22:04.0056 0x1e90  [ 96D604A35070360F0DD4A7A8AF410B5E, F94DD1A3566C7C8D0A76D6E1E2530552A9B7F99C5DA0DE11829325EAB9F8B7ED ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
16:22:04.0061 0x1e90  MTConfig - ok
16:22:04.0067 0x1e90  [ 619CA29326B82372621DB2C0964D8365, 4091F08E266DB45A6E33A4A8B1CE9FA78BB294B3111526AA9E3868620F30AFDF ] Mup            C:\Windows\system32\Drivers\mup.sys
16:22:04.0072 0x1e90  Mup - ok
16:22:04.0076 0x1e90  [ B8C35C94DCB2DFEAF03BB42131F2F77F, F0FCF367CA8F722D6ABCF7F363CD406D890D71452E91C3FC6677B47AD74D6324 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
16:22:04.0082 0x1e90  mvumis - ok
16:22:04.0095 0x1e90  [ 8DF30698BDD9492A9D45A4B94FB4A82A, 26B1B2D7E785E29B8BCB74C467C66AE4EBDD481ACFF36334F3BDF4506B778244 ] napagent        C:\Windows\system32\qagentRT.dll
16:22:04.0106 0x1e90  napagent - ok
16:22:04.0118 0x1e90  [ 008F7CED69FD5B30CBDE1E03C6F36A27, D4ADA7834C470B17A3CD976012DC5A511B32545B9F91D23D09A85722E0B75320 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:22:04.0130 0x1e90  NativeWifiP - ok
16:22:04.0137 0x1e90  [ BFCE1225D10619029E68946929CEB64C, 499F560331FFBA82E3D673B47F027FDAB7BEE4F2CB5B811D69E0218839F6E6A5 ] NcaSvc          C:\Windows\System32\ncasvc.dll
16:22:04.0144 0x1e90  NcaSvc - ok
16:22:04.0150 0x1e90  [ 267C97373110B7AFD3B46DF60B6CBB85, CEBB99F71D47634BB9C04DF2836DF6B47F15B3073FEFC237F85526DF01E4E38B ] NcbService      C:\Windows\System32\ncbservice.dll
16:22:04.0157 0x1e90  NcbService - ok
16:22:04.0160 0x1e90  [ 0813B71EAF097208DC76CE0605B48AF0, A93A2E6A8FB77B58AC4D580E6F8BF307A25BADC9493994F9BE235EBFB0E1DB22 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
16:22:04.0166 0x1e90  NcdAutoSetup - ok
16:22:04.0181 0x1e90  [ 97DC5967F65503213FD1F1B3E4A6F983, 3EC515856C7CE9B30032F963DC04190F66EE62402A819781DC45B7D088C84229 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:22:04.0202 0x1e90  NDIS - ok
16:22:04.0206 0x1e90  [ 8CECC8DA55F3274181FD1EA28AD76664, 188112424CEF97FB926A0FB915260B803555A775DD2E1846725A9C8616300F42 ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
16:22:04.0211 0x1e90  NdisCap - ok
16:22:04.0216 0x1e90  [ 269882812E9A68FFF1AFE1283D428322, 50B99EBC42DA9B46A8C2C28C9BADCF58AE3079535CDD1227D0F5C86291C715FF ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
16:22:04.0222 0x1e90  NdisImPlatform - ok
16:22:04.0224 0x1e90  [ DC1D9F692C2AD84C214584C28501C1F7, 96FC0D1EC48FED963E02648541A2AAC8E72ED00D797EA8E3D0ED02F5EB4816C5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:04.0229 0x1e90  NdisTapi - ok
16:22:04.0232 0x1e90  [ B832B35055BA2B7B4181861FF94D8E59, 2E60E5D503E88D27E35ECFEE265D51328E93A9C7B9B931F86D9CBC947636BB00 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:04.0237 0x1e90  Ndisuio - ok
16:22:04.0239 0x1e90  [ 1F58E48EF75F34C35D8E93A0DC535CFE, D65619A6C4B1747F8B05DA08A44EF0E46B5CC384880E04E4755A2BA6CDB3C4EA ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
16:22:04.0245 0x1e90  NdisVirtualBus - ok
16:22:04.0254 0x1e90  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:04.0262 0x1e90  NdisWan - ok
16:22:04.0270 0x1e90  [ DEC29080202D4F9F17F55E18BCFCC41A, F7E543741B1F4F637A99C40543D6AEC6EBF893F74359BBA769D1F882E0AFB571 ] NdisWanLegacy  C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:04.0281 0x1e90  NdisWanLegacy - ok

CptMw 28.09.2015 15:25
Code:
16:22:04.0284 0x1e90  [ B8F36CBC72FC5C8B8A30AD850165EA8E, 478454B1399700B745265A64EC9C797C66BD0141471200BCF222F5EB15B0F40C ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:22:04.0290 0x1e90  NDProxy - ok
16:22:04.0295 0x1e90  [ 3083926D1CC5B56EA0786527B557DD1B, 3C3F0CA0D43398576DBE8F677B353ADDA7E8F56829874958CE668E31261C1590 ] Ndu            C:\Windows\system32\drivers\Ndu.sys
16:22:04.0301 0x1e90  Ndu - ok
16:22:04.0304 0x1e90  [ 42FF4975D032CAE558AE4BB8448F6E5A, 0B8FACF3382443DED79A8004A6AA14C32471A6A1C6BAA543AA9F3FEC52620A6D ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:22:04.0310 0x1e90  NetBIOS - ok
16:22:04.0322 0x1e90  [ 0217532E19A748F0E5D569307363D5FD, C40C2E7AFA276057E7327A7BB173122689D6CEC9AE443C3850C3F94AF03DFBF5 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
16:22:04.0330 0x1e90  NetBT - ok
16:22:04.0333 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] Netlogon        C:\Windows\system32\lsass.exe
16:22:04.0338 0x1e90  Netlogon - ok
16:22:04.0348 0x1e90  [ 8F074B62E66B6117D9598C62A12069C5, 5FDB19045D3E2F6D0F0C5158AC2ECB0D5404CD2AF7A319755D7E3753CA3B7CF3 ] Netman          C:\Windows\System32\netman.dll
16:22:04.0356 0x1e90  Netman - ok
16:22:04.0371 0x1e90  [ 4A04B1CD5BFB4A978C5F60E86D6C3E45, A946922C1C38ADD3CF9D3B09DDCC301AE4DAC960A081B2F42B32BE1E7095B3FD ] netprofm        C:\Windows\System32\netprofmsvc.dll
16:22:04.0382 0x1e90  netprofm - ok
16:22:04.0389 0x1e90  [ 1092B3190E69E0C5ECBCE90F171DE047, C16106EEFC324EE80E5F659CB71A5DD69FA800D36D829F5B0E6AD3393BD1BAF7 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:04.0395 0x1e90  NetTcpPortSharing - ok
16:22:04.0398 0x1e90  [ D4DCE03870314D3354F3501F9DDD4123, 5BFE8299B3F72B8C39A4965365CBF5BA151024451F02DD872FAD1CC35CF94CEA ] netvsc          C:\Windows\System32\drivers\netvsc63.sys
16:22:04.0404 0x1e90  netvsc - ok
16:22:04.0408 0x1e90  [ FCB80C81BB3C4B6EC9D900F82E2735A8, 176D3F5C28B6BF8CE91BB793AAE381BFAA763AFA221E9E7A02B75CB119A05749 ] NfsClnt        C:\Windows\system32\nfsclnt.exe
16:22:04.0413 0x1e90  NfsClnt - ok
16:22:04.0419 0x1e90  [ 46157CC6A87CA5A063535D70FE145AFA, EAF821C6BA1DCEB3ED00AF69CA8209BAE8401A08D8868BAAAA05A7C8E1F95C4E ] NfsRdr          C:\Windows\system32\drivers\nfsrdr.sys
16:22:04.0428 0x1e90  NfsRdr - ok
16:22:04.0435 0x1e90  [ E94EB2A95D7D016E119C4D6868788831, 3E4A925D23262FBA0A6432DD635FBE94B0CEF76BD9BB323254B66977497FEE2A ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:22:04.0445 0x1e90  NlaSvc - ok
16:22:04.0447 0x1e90  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF            C:\Windows\system32\drivers\npf.sys
16:22:04.0451 0x1e90  NPF - ok
16:22:04.0455 0x1e90  [ 8F44A2F57C9F1A19AC9C6288C10FB351, 310274DDBAC0FE4BE54ECD3B90C97D82A0F9F5CFCA7A35711A36164DE4B94074 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:22:04.0461 0x1e90  Npfs - ok
16:22:04.0463 0x1e90  [ CBDB4F0871C88DF930FC0E8588CA67FC, 7E4AA3EA81A9D532F236FD7896744F07ED07CA9B37A9F18A9778BCCCC67490F2 ] npsvctrig      C:\Windows\System32\drivers\npsvctrig.sys
16:22:04.0468 0x1e90  npsvctrig - ok
16:22:04.0470 0x1e90  [ 0F12A72A753CFD7FB0631EE8D08FE983, 860A96471F6CD90DDA9AB3A48E95CEAD826C87D2FA98A00EF91B61C44A4C8B82 ] nsi            C:\Windows\system32\nsisvc.dll
16:22:04.0476 0x1e90  nsi - ok
16:22:04.0479 0x1e90  [ 0E046FF5823B95326D10CF1B4AF23541, 39D22715003746527AB4BFEDED8C34B695DAF589091AE7F3A2A2C4B8A35675A9 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:22:04.0484 0x1e90  nsiproxy - ok
16:22:04.0529 0x1e90  [ 7F68063A5A0461E02BC860CE0E6BFDDC, 47E9F75D27B97278B74034B7D3951A26B1644911ED321455E08D935731C858DE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:22:04.0561 0x1e90  Ntfs - ok
16:22:04.0565 0x1e90  [ 9638F265B1DDD5DA6ECDF5C0619DCBE6, 3D9E83B189FCF5C3541C62D1F54A0DA0A4E5B62C3243D2989AFC46644056C8E3 ] NTIOLib_ECO    C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys
16:22:04.0568 0x1e90  NTIOLib_ECO - ok
16:22:04.0571 0x1e90  [ 6CCE5BB9C8C2A8293DF2D3B1897941A2, 9254F012009D55F555418FF85F7D93B184AB7CB0E37AECDFDAB62CFE94DEA96B ] NTIOLib_MSIDDR_CC C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys
16:22:04.0574 0x1e90  NTIOLib_MSIDDR_CC - ok
16:22:04.0576 0x1e90  [ EF1B290FC9F0E47CC0B537292BEE5904, DBC07BBC54EBC2D2E576B23A4CE116B3DA988577AD0D96CB7289A6748A60F9EA ] Null            C:\Windows\system32\drivers\Null.sys
16:22:04.0581 0x1e90  Null - ok
16:22:04.0732 0x1e90  [ 9A94B3F0DA75AAB7A5D80535A5841D8C, 91D3797163FC855EA9C70EDFCD2AEE4B3883C4D1DBF4D16762DE9873BFEF1500 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:22:04.0902 0x1e90  nvlddmkm - ok
16:22:04.0921 0x1e90  [ BC6B5942AFF25EBAF62DE43C3807EDF8, CB0FA194084B8C309039D571B5760FDA800E9531B8660C499B4F9977BA5C36D5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:22:04.0930 0x1e90  nvraid - ok
16:22:04.0935 0x1e90  [ 1F43ABFFAC3D6CA356851D517392966E, 6FD7621F67BA94B0E1D8F43BEC2951DBCDEEA1E848BB265AC169E27C01DA68F2 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:22:04.0943 0x1e90  nvstor - ok
16:22:04.0959 0x1e90  [ 7B9B5B31CB5BF1C023F7A0EDC85B9EF0, 20A0F48907AD7ABA21D564D1C10EE49BC0B60BD37812666DD9B3EEF4CA3138AE ] nvsvc          C:\Windows\system32\nvvsvc.exe
16:22:04.0976 0x1e90  nvsvc - ok
16:22:04.0979 0x1e90  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:22:04.0983 0x1e90  nvvad_WaveExtensible - ok
16:22:04.0988 0x1e90  [ 6934A936A7369DFE37B7DBA93F5E5E49, 0900FEEB0CE8D09F0FC60630B5B986034A8BCD3882ED66E47170810C32492892 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:22:04.0996 0x1e90  nv_agp - ok
16:22:05.0079 0x1e90  [ 2874D22292C6348A30124051FDFB87CC, 0973CCDEB666A50C1AB142FAA3AC046C24896D954C68D6F6FD3CEE35FACB67C0 ] OODefragAgent  M:\Program Files\OO Software\Defrag\oodag.exe
16:22:05.0110 0x1e90  OODefragAgent - ok
16:22:05.0125 0x1e90  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:22:05.0134 0x1e90  p2pimsvc - ok
16:22:05.0145 0x1e90  [ FD8F61F0D1F64BBB3D835F39A3F979C9, E5C5F86576488EA7F605E26C06EE5AFB36506A446F60C894D55E0A148BF7F02D ] p2psvc          C:\Windows\system32\p2psvc.dll
16:22:05.0155 0x1e90  p2psvc - ok
16:22:05.0161 0x1e90  [ 764B1121867B2D9B31C491668AC72B2B, 32C04B6FCE1DDD09697B81473A23BDCED8BEEFBCD0D2D58DDC9A11A33C756967 ] Parport        C:\Windows\System32\drivers\parport.sys
16:22:05.0166 0x1e90  Parport - ok
16:22:05.0170 0x1e90  [ BAFF6122CFC9F95CA175AD8C348179A4, 079A912D951DF6A57BC1BDB0D182977EE9592751EC9DDCDA2932BDEDB333850C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:22:05.0175 0x1e90  partmgr - ok
16:22:05.0178 0x1e90  [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
16:22:05.0182 0x1e90  PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
16:22:07.0493 0x1e90  Detect skipped due to KSN trusted
16:22:07.0493 0x1e90  PassThru Service - ok
16:22:07.0565 0x1e90  [ D1F41F0CED2BDD82148D4E5269EE01B9, F15B470B5C0DD5983DE2CF00EC5F2BB7797F332C257447D9CF2BC6A00179134F ] pbfilter        M:\Program Files\PeerBlock\pbfilter.sys
16:22:07.0569 0x1e90  pbfilter - ok
16:22:07.0585 0x1e90  [ ABE95ABE27A8BD9701782BBCD82C9925, AE3BA1E9ECDE692374D8DAC95A8DAA289DD2470E3D8D58EFAD9F83A37F3AC8E5 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:22:07.0597 0x1e90  PcaSvc - ok
16:22:07.0607 0x1e90  [ 91ED124E261EA8FAA1C0FFDF2A71B0C4, 20E41A38067395D03184938983A9BE459717A1941352972DBC28D83D542319EC ] pci            C:\Windows\system32\drivers\pci.sys
16:22:07.0615 0x1e90  pci - ok
16:22:07.0618 0x1e90  [ 346E38FCC6859A727DD28AFAD1F0AFF4, FF3DA26F79B3BC3A5B8A8AA0B9139B9EF70297F4EA1203B1E68FB5A212C3AA58 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:22:07.0623 0x1e90  pciide - ok
16:22:07.0628 0x1e90  [ 4D3BDCC1C7B40C9D7B6AD990E6DEC397, 27A7AF2127B699F4579CB77936F38DC102211E26E5E2947DB808756FE06FC98E ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:22:07.0634 0x1e90  pcmcia - ok
16:22:07.0637 0x1e90  [ BF28771D1436C88BE1D297D3098B0F7D, 5F7630916A76A8CF31289E9C577F522B999C74C39E541CD40E62BD53004BEF74 ] pcw            C:\Windows\system32\drivers\pcw.sys
16:22:07.0642 0x1e90  pcw - ok
16:22:07.0645 0x1e90  [ ED54A75050211DC77F9B98C41E026858, F92FB59ADE88469EAA50E91D43165C68CC32FDE11595A0069FD43103A674FE44 ] pdc            C:\Windows\system32\drivers\pdc.sys
16:22:07.0651 0x1e90  pdc - ok
16:22:07.0673 0x1e90  [ 0ECEE590F2E2EF969FB74A6FC583A1E6, 1C611D9225C863CF32125F684B324C58BDE1942F4F283F5674133200AC505D44 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:22:07.0686 0x1e90  PEAUTH - ok
16:22:07.0748 0x1e90  [ A35EC8F902475350DA31BDF0E1402A91, 5AB43B4BD70B44A62FFD21A9D3CB8D1BC035B6E001DBB1BAC30D6D7A07475D83 ] PeerDistSvc    C:\Windows\system32\peerdistsvc.dll
16:22:07.0780 0x1e90  PeerDistSvc - ok
16:22:07.0792 0x1e90  [ 8E3C640FFF5A963F570233AE99C0FFF3, 3DE978B005BF2E88BA858CE37D9E27BD3584642B8412E22C300A1E739743838A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:22:07.0797 0x1e90  PerfHost - ok
16:22:07.0833 0x1e90  [ 70B39E7241F750A248798CE82C44596D, 54A72199EB277EE586611DCBC21654786FD2196F91D5884C4F531297893CC3EC ] pla            C:\Windows\system32\pla.dll
16:22:07.0857 0x1e90  pla - ok
16:22:07.0864 0x1e90  [ 2C02AFF8383D893F8DBEB07A84F6E77C, 7CC34BAC67E2988E3D16DD6EB6F6785CD2460E3EF7FBD0BD5F86E49793BD473E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:22:07.0870 0x1e90  PlugPlay - ok
16:22:07.0873 0x1e90  [ 4570F8A37D221660F3A09D6F4DD4BA94, 0EA190CFFA53DF9CCA2D53A4EF1BCB837BA3F2489A3AC5BD11F6D6ED811D118E ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
16:22:07.0878 0x1e90  PNRPAutoReg - ok
16:22:07.0891 0x1e90  [ 26657F3B4F39A0E64AF859278B599C4E, 3DD65E0BCEF3045DBA29FB8171CA3FCC9781AED3A1C7A160CF26388CE80A3683 ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
16:22:07.0900 0x1e90  PNRPsvc - ok
16:22:07.0915 0x1e90  [ BDD52AB4AEBB8B1904568DBD0CCB70CB, C3D1DBA349C79B43DCDD9EF5255C5EE973EFB844235B808B5EF9B63A51FF00AA ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:22:07.0924 0x1e90  PolicyAgent - ok
16:22:07.0980 0x1e90  [ C58AE9881CD83BB1662A7E062E11CBD6, 80969EC975C15718DC14136B7E1533FFD3E1530E1A1F6B1411ED3EE0F55016E6 ] PORTMON        M:\Programme\SysinternalsSuite\PORTMSYS.SYS
16:22:07.0982 0x1e90  PORTMON - detected UnsignedFile.Multi.Generic ( 1 )
16:22:09.0645 0x1a58  Object required for P2P: [ 7B9B5B31CB5BF1C023F7A0EDC85B9EF0 ] nvsvc
16:22:10.0289 0x1e90  Detect skipped due to KSN trusted
16:22:10.0289 0x1e90  PORTMON - ok
16:22:10.0295 0x1e90  [ C8DD82C3035E60D671B8CC5DF128D3A9, 6AABF632CBEDA9A7B553BC9134FF100CB6FDC88000D499D2883408FCEDD97576 ] Power          C:\Windows\system32\umpo.dll
16:22:10.0301 0x1e90  Power - ok
16:22:10.0306 0x1e90  [ E075CC071022BD4E9BE7C024717C0E0A, BE65A8C1082AE8DF8C37CA06B2BCC521478AC153EA7388B03F7FAE3913920E75 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:22:10.0316 0x1e90  PptpMiniport - ok
16:22:10.0364 0x1e90  [ 3C96A45CA3403A276B0F045C448EC27B, C0011DB8C5A85817CAF815CC0095EE2C1CDD5964DCD8EAF4C35A2495D6A873CC ] PrintNotify    C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
16:22:10.0415 0x1e90  PrintNotify - ok
16:22:10.0422 0x1e90  [ ECD373F9571C745894367CC2635EA44F, E08B2A1017DAE1BF10B986DAFAD14BDE20D79703E0EF3A8C700A3753908C1392 ] Processor      C:\Windows\System32\drivers\processr.sys
16:22:10.0427 0x1e90  Processor - ok
16:22:10.0432 0x1e90  [ 6E409D818C6B342544EAE741B1422B85, B4ADFB7809FC42C432C984C3AC13FAFD1B7AD53BCC7FB16E86371DE4C829DD1A ] ProfSvc        C:\Windows\system32\profsvc.dll
16:22:10.0440 0x1e90  ProfSvc - ok
16:22:10.0445 0x1e90  [ FC0141B4A5AD6D637D883C1A89FC45C5, DCE8942C02EEDAE7A57707CA60CAC3A8CD6BA68E6571E405CA882D4DD6D69E43 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:22:10.0453 0x1e90  Psched - ok
16:22:10.0462 0x1e90  [ DAA9DEE0A5D5F238C4EE54C2C7FB67C5, 7EC8C603BD92699AC35BDCD294F13BEE90D5C2C195FD93A3F16928BFCF53CA93 ] QWAVE          C:\Windows\system32\qwave.dll
16:22:10.0470 0x1e90  QWAVE - ok
16:22:10.0474 0x1e90  [ 83868EB2924E6BC21A54337C65D614D1, 8D1BE01EBD190231153B867C32120DC8FBFBD32050448A778134D435D76A0B07 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:22:10.0479 0x1e90  QWAVEdrv - ok
16:22:10.0482 0x1e90  [ A8B33F54439997EDB6E3511D92A65CC5, 1EDFC596D24E7785EAD7609D7B3D266BD7C83E62529FA6B8E6CEA8F3AD233EC2 ] RAMDriv        C:\Windows\system32\DRIVERS\ramdriv.sys
16:22:10.0486 0x1e90  RAMDriv - ok
16:22:10.0489 0x1e90  [ B337B1F1E82A83E20A1743E008E25C0F, A2E8AF041B4CAB78AEE28A2147A189FF0F9D2FCEFB167D60FBBA0A787A5A5BE7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:22:10.0494 0x1e90  RasAcd - ok
16:22:10.0497 0x1e90  [ 3EE5097945A7F680E320953271EB2D4F, 0B9F2B458177A654F65C5E862B7C55B35E20271B76D5E20A20F30D3223A1216F ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
16:22:10.0502 0x1e90  RasAgileVpn - ok
16:22:10.0505 0x1e90  [ 044638489B4A5FE5334F46C5314A0826, E06CC2A9EF369794DAD69FBB5AFD1676D4283DDAB2AD5E3EFE454C473F62F955 ] RasAuto        C:\Windows\System32\rasauto.dll
16:22:10.0511 0x1e90  RasAuto - ok
16:22:10.0514 0x1e90  [ 1BD3022FD6E450B00DE560265638FD2A, 3878B443053DFFED62641BE8736891F426C7121EB8C4DB38FF0F218697133A6D ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:10.0520 0x1e90  Rasl2tp - ok
16:22:10.0535 0x1e90  [ F83B38FCD4F69157B3D158433FA149CC, AB103BD3E2B3B134CB355C556DF70BCF0CF4DB11EFF7DB4A9876D5AA43D81293 ] RasMan          C:\Windows\System32\rasmans.dll
16:22:10.0547 0x1e90  RasMan - ok
16:22:10.0552 0x1e90  [ 5247F308C4103CDC4FE12AE1D235800A, E567CD33CA1897D53795E071B7AFBAF98B2C8F725F8BED0BA90F5EF611520E48 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:10.0558 0x1e90  RasPppoe - ok
16:22:10.0562 0x1e90  [ 41F631007A158FEBB67F0E2AD1601BBA, EB5EA7277F4178BC27E55BF850AEBCD84B6BED80B2383CFB29548824AAFED135 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:22:10.0568 0x1e90  RasSstp - ok
16:22:10.0579 0x1e90  [ A1A5E79C0D1352AFDC08328A623DA051, 01546DDE6F1FF159A7EB7F2BF104910445D3D863F1F37DEA695579BA60D84280 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:22:10.0588 0x1e90  rdbss - ok
16:22:10.0591 0x1e90  [ 6B21EBF892CD8CACB71669B35AB5DE32, 0AD8E14FEF16FB2559F5FC8AFBC9D49E4E24F43CF65F480DBF9FAB593269B419 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
16:22:10.0596 0x1e90  rdpbus - ok
16:22:10.0603 0x1e90  [ 680C1DAE268B6FB67FA21B389A8B79EF, 856911F77BDD8830C3D683EBE8AF399FB3A54C7D8D0B34EA37D903377F0A39BD ] RDPDR          C:\Windows\system32\drivers\rdpdr.sys
16:22:10.0611 0x1e90  RDPDR - ok
16:22:10.0615 0x1e90  [ BC8A79C625568DDB7DCA49D0C2741A64, AB0A7ED9EC2282EC0356D27EA4F70515943E41C2112428B787636B8BEC278933 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:22:10.0619 0x1e90  RdpVideoMiniport - ok
16:22:10.0628 0x1e90  [ A26AEC49F318FEE141DDDB2C5F99B3E6, 246AD79FF27E79DEDCB0AAA7C22A8EA6349DEDAC863413A1E378E68FD94C9C4F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:22:10.0635 0x1e90  rdyboost - ok
16:22:10.0651 0x1e90  [ 615DFD97DEA56CE1C3A52185A3038FF8, 707BF5F9FAE478A12656D15013F507CC1335E7B72BD21CA99BB813CB95E37BC0 ] ReFS            C:\Windows\system32\drivers\ReFS.sys
16:22:10.0669 0x1e90  ReFS - ok
16:22:10.0678 0x1e90  [ 0CF7CB56BF2D5E9DBCEE0185CB626FAD, 2BD2E2FB1D2EADD1F70EF55E8523C353F95D4FEB1BAD5017FA4D94F790F27825 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:22:10.0685 0x1e90  RemoteAccess - ok
16:22:10.0690 0x1e90  [ AC8785B53F8436058C90450DA1840AE7, CC1FFC2713910211F8A6AD532DBB9253ACD188CBD784F1BE6613DF382825A3C1 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:22:10.0696 0x1e90  RemoteRegistry - ok
16:22:10.0701 0x1e90  [ DC66AE45816614D2999DCD3834DCCC4E, 1C26225135E851DDD1307F52401DD7055B26B3F3B8FDD693B21042C2896E235A ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
16:22:10.0707 0x1e90  RFCOMM - ok
16:22:10.0711 0x1e90  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
16:22:10.0716 0x1e90  rpcapd - ok
16:22:10.0720 0x1e90  [ 65B9FDE300A6DECC03BA44C4616DCAD6, CAD992982733DD20282A3453DC4E554AE1FC077C35479C0CA4E8BC3A9DCD3BB0 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:22:10.0726 0x1e90  RpcEptMapper - ok
16:22:10.0728 0x1e90  [ A737B433ABAF3F2DCB2BD7B4CC582B26, 3B5706B0CF0969A9F82060FD4DCC745F2D83C066B663FE8A4F0F493B64032C9C ] RpcLocator      C:\Windows\system32\locator.exe
16:22:10.0733 0x1e90  RpcLocator - ok
16:22:10.0755 0x1e90  [ A6F17C299A03BAFEFB9257C462A19E00, EB68967D28355271897166D7B6FD963D1E546D3C24AE1AEAAC561F94357A9345 ] RpcSs          C:\Windows\system32\rpcss.dll
16:22:10.0770 0x1e90  RpcSs - ok
16:22:10.0776 0x1e90  [ D666E0235D51B8C0B26CE9E587AF80E5, AB2D0FC4E702890419BB234E3C646CF90E333B89D172A418294BB95E6CDFBD3E ] RpcXdr          C:\Windows\system32\drivers\rpcxdr.sys
16:22:10.0783 0x1e90  RpcXdr - ok
16:22:10.0787 0x1e90  [ 2D05A5508F4685412F2B89E8C2189ABC, 82F12B4E0E73411A121EFD35FBD3B44CBBC0AE96ACFBB45D8C3C3777E2EA320D ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:22:10.0793 0x1e90  rspndr - ok
16:22:10.0795 0x1e90  [ 1A063730F221B2746FF00457AE17E4F0, 39A3C258CBFE3BC566C63528C9020A3BC9409736AE5289C08A7BA471D8409263 ] s3cap          C:\Windows\System32\drivers\vms3cap.sys
16:22:10.0800 0x1e90  s3cap - ok
16:22:10.0803 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] SamSs          C:\Windows\system32\lsass.exe
16:22:10.0810 0x1e90  SamSs - ok
16:22:10.0960 0x1e90  [ 4752E1DBF5671A941CFA6DFC4C840EB7, FEA249AA3F153398161DA8A43165E5B76C291B690C3DDF5D496099771842E273 ] SbieDrv        m:\Program Files\Sandboxie\SbieDrv.sys
16:22:10.0966 0x1e90  SbieDrv - ok
16:22:11.0044 0x1e90  [ 208D06C26717783E07104F30B9D3F301, 0F020277740B5AC03DC46592896B7B83AE658DAEDD796EDD1109AE4B7C14DF22 ] SbieSvc        m:\Program Files\Sandboxie\SbieSvc.exe
16:22:11.0050 0x1e90  SbieSvc - ok
16:22:11.0055 0x1e90  [ C624A1B32211C3166EDB3F4AB02A30B7, 6B2A4607DB52D74242787ED9DF9067058983D310431D8612D2B0236E6201E681 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:22:11.0061 0x1e90  sbp2port - ok
16:22:11.0067 0x1e90  [ 74A3B67F03877D06B09B1B40C5ED582E, A8FF9BF416F0BF365BFB4E1796859825C811A74B5E54DDDCE8345193BEEBE206 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:22:11.0075 0x1e90  SCardSvr - ok
16:22:11.0080 0x1e90  [ 8B9C4D55B4A536FB01C360DDB9533574, 9B939FE68F6F9C171ED0D91E2CE1E67515295D34EC23606BCDFD097DCC8CFD4A ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
16:22:11.0087 0x1e90  ScDeviceEnum - ok
16:22:11.0090 0x1e90  [ 13BEA6C882D4D877A5A85CA149C86BC1, 8E9BE5C2A36D5881D9985C3A31309FE03966EA13A3541D3C5B542AB67FA0D55F ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:22:11.0095 0x1e90  scfilter - ok
16:22:11.0112 0x1e90  [ 3151A020E03DDE31AAC49F35C5EFB4DB, 5ABB1103009979F86C862357E28F37C2744979F2C99F7CF6ABB4EB1B8416B3F6 ] Schedule        C:\Windows\system32\schedsvc.dll
16:22:11.0132 0x1e90  Schedule - ok
16:22:11.0139 0x1e90  [ 41C0D7B1A6D4AD119BA6AC0487EA5C8E, 516C2B34BA7507D0DA4148B4ABC0A8C36286570D4EA5C60B28647B1249C15018 ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:22:11.0145 0x1e90  SCPolicySvc - ok
16:22:11.0151 0x1e90  [ C54B6B2170BF628FD42F799A66956D75, BCF460A124CAA6F1F1A9A7BCBDCC2D5E39B0404D96B7C9FFAC806E041782B91E ] sdbus          C:\Windows\System32\drivers\sdbus.sys
16:22:11.0159 0x1e90  sdbus - ok
16:22:11.0165 0x1e90  [ 0B1E929D11A8E358106955603FAC65E8, A5EC91BFC0873EC6AB1D0DB4E91654BD35339BD680E7E82DA2DC64996B4AE515 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
16:22:11.0171 0x1e90  sdstor - ok
16:22:11.0173 0x1e90  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:22:11.0180 0x1e90  secdrv - ok
16:22:11.0184 0x1e90  [ BA24CEA7152239F42ECD04AFB7C89D24, A2A11EABB0C283772B74667C7544B61BEB1B9745FBF065E831542129EB585AFA ] seclogon        C:\Windows\system32\seclogon.dll
16:22:11.0190 0x1e90  seclogon - ok
16:22:11.0194 0x1e90  [ 81FE9A81EDF8016816C9E91FBFBF7D35, 87FB92A3D15F312F0B9C423EF851061A944B013E5668D8C9A441B4DC0EB690AF ] SENS            C:\Windows\System32\sens.dll
16:22:11.0201 0x1e90  SENS - ok
16:22:11.0209 0x1e90  [ 6E4012AE67F09F867EF620C8D5524C0B, 63933E51F8E413E63481369CE2F9FD224560550FBD3BD2B4573E9F4AD88708A2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:22:11.0216 0x1e90  SensrSvc - ok
16:22:11.0220 0x1e90  [ DB2FF24CE0BDD15FE75870AFE312BA89, 7DB0D978C92CD0A0A81F7AB46FE323B4929CEA01585B0F330921E6DFA7DE1B85 ] SerCx          C:\Windows\system32\drivers\SerCx.sys
16:22:11.0228 0x1e90  SerCx - ok
16:22:11.0233 0x1e90  [ 0044B31F93946D5D41982314381FE431, 95B8A94BA9EF770F29ACD5B23D447EC2B6CF1CB3D0030343BA1550AC31F6E2A5 ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
16:22:11.0239 0x1e90  SerCx2 - ok
16:22:11.0241 0x1e90  [ 3CD600C089C1251BEEB4CD4CD5164F9E, D9F81951B4454B24E821E33ACA53A851A61F3135E8EC6FBE6761A1A3E1CDCBE2 ] Serenum        C:\Windows\System32\drivers\serenum.sys
16:22:11.0246 0x1e90  Serenum - ok
16:22:11.0251 0x1e90  [ D864381BC9C725FAB01D94C060660166, 132FED95222BBE3B0B25B3F1F0EFC5903D04564BD047BA4D2042AD51E3FDA724 ] Serial          C:\Windows\System32\drivers\serial.sys
16:22:11.0256 0x1e90  Serial - ok
16:22:11.0259 0x1e90  [ 148195AE95D9BC7375A08846439FDAC1, 3A2F78FD18AA7A6D659921E19335E943894530874AC5AB5E7219CEF28FA54F7A ] sermouse        C:\Windows\System32\drivers\sermouse.sys
16:22:11.0264 0x1e90  sermouse - ok
16:22:11.0276 0x1e90  [ 3A2F1A7472C3B7CC9B89C8516C726488, 9BCBBAC10C900EA7B30822B463A77EE5067F217C4B490857A09E5277983CB89B ] SessionEnv      C:\Windows\system32\sessenv.dll
16:22:11.0287 0x1e90  SessionEnv - ok
16:22:11.0289 0x1e90  [ 472B7A5AC181C050888DB454663DD764, C950A8615D57BFD455E18880398350642B2E1D6B951EC9754FD8D429F3418835 ] sfloppy        C:\Windows\System32\drivers\sfloppy.sys
16:22:11.0294 0x1e90  sfloppy - ok
16:22:11.0308 0x1e90  [ 8081FF3DAE8159FE8956B09BC29CE983, AC0F305AEE8B1AB2E1275F1D33EC1D2F3E23F234F831BD9D41F415A94A19D3AB ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:22:11.0320 0x1e90  SharedAccess - ok
16:22:11.0339 0x1e90  [ 7FD9A61A3523A61FC135D61D6E160314, 409E1CF7A62FD90CBC31AEAFBB7230B02DBEC6CFCA2D266D221A7643FAEBA13B ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:22:11.0357 0x1e90  ShellHWDetection - ok
16:22:11.0361 0x1e90  [ 2F518D13DD6F3053837FE606F1A2EA1F, 64109296CE95BD233525688A350D575CF97B9464659AA07CF78B307B6ADBC835 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:22:11.0366 0x1e90  SiSRaid2 - ok
16:22:11.0369 0x1e90  [ 1AC9A200A9C49C4508F04AAFFCA34A3F, 972BCB2A39169155F74111FAC74ACCD8F50E34EADCF087833B0980827627BBF4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:22:11.0377 0x1e90  SiSRaid4 - ok
16:22:11.0380 0x1e90  [ 3C84DCCE5B322F745A75CA8BA3A0F6B3, 1FB94A8A1C63D6FDB82E28ED5B696B3CB1F64183A89A3B5153B266C292CB7815 ] smphost        C:\Windows\System32\smphost.dll
16:22:11.0385 0x1e90  smphost - ok
16:22:11.0389 0x1e90  [ D0EB0DF8C603BBA084351A92732B1CBE, E24ED8F78EF41C1BC17386AE4BBCE0DC892C5B89B12C03FC9FB61D359B13F1B4 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:22:11.0394 0x1e90  SNMPTRAP - ok
16:22:11.0407 0x1e90  [ D24B1945ED1F9C96DA786DBBF1E983CE, B46CB0B72B7A3DF94A46B8D65E38535C5F8E72A55CF2DC48EFA1F9A0108691C4 ] spaceport      C:\Windows\system32\drivers\spaceport.sys
16:22:11.0416 0x1e90  spaceport - ok
16:22:11.0420 0x1e90  [ F337BE11071818FC3F5DC2940B6BDE34, D5CFF00E5DF37045F71AEE101AC9B270EBB29F372F404757B58600E9966C7E4D ] SpbCx          C:\Windows\system32\drivers\SpbCx.sys
16:22:11.0425 0x1e90  SpbCx - ok
16:22:11.0439 0x1e90  [ 2E3976C857D7230EC8D2B2276E688255, C0A6A84369CB3E709A6FFEBED2B38AB62D731B79D052D6D6FA8EF855BC428778 ] Spooler        C:\Windows\System32\spoolsv.exe
16:22:11.0454 0x1e90  Spooler - ok
16:22:11.0533 0x1e90  [ 46549AF7CB672BC8138264CC4100E9F8, 6434249FADB07A033FD40C37DF2B775CF0617CF0C3E7C170F2984BD3CE423794 ] sppsvc          C:\Windows\system32\sppsvc.exe
16:22:11.0639 0x1e90  sppsvc - ok
16:22:11.0657 0x1e90  [ 6416E79A58A8FCC33A447A4DDDD3BF04, 839E3107ACCD520C309BD6C8324DF7A8EB724EAD442AB1F1CACB0D83F84BE488 ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:22:11.0669 0x1e90  srv - ok
16:22:11.0686 0x1e90  [ 00D8AC8E3053290BDE6EA2FB6810D2FC, 957FEF84CBBAE71829529AE99A1B24F52D7831BD666442D0132FBB825409A75D ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:22:11.0699 0x1e90  srv2 - ok
16:22:11.0707 0x1e90  [ D047CD668E6277FD80F0C613946F034C, BD0209E7FD89F9295D4DE48C9652DF2A2990277C16AFA473B96704B1CBD2F338 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:22:11.0714 0x1e90  srvnet - ok
16:22:11.0722 0x1e90  [ CF6C3037839CF78421A94F9060C2886F, CA98C180AE03F5BE8FEFFBA75BD98DEE2AD4FA975E1EF83215C9CD2476946811 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:22:11.0730 0x1e90  SSDPSRV - ok
16:22:11.0732 0x1e90  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
16:22:11.0735 0x1e90  SSPORT - ok
16:22:11.0741 0x1e90  [ 198A737DBA666F4808D62E9A8277A6B7, 90B6E5E2ACE95D850C913A3A1DA1F966C44955C530004C228FA93B2A536F5C27 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:22:11.0747 0x1e90  SstpSvc - ok
16:22:11.0752 0x1e90  [ 5252D7BC56E5E0ED715AEA8FE173A455, 1408B3E98B35A449434718777EE70595F0D306197A428279C6281D2F1953F259 ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
16:22:11.0758 0x1e90  ssudmdm - ok
16:22:11.0769 0x1e90  [ CE21C361EAA587AC778AD7422FFC3E84, AE8DB90661E67BDAB1A6E75341DEF27DF0FDA1765576D1260EC1384419628CE5 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:22:11.0783 0x1e90  Steam Client Service - ok
16:22:11.0786 0x1e90  [ 366DEA74BBA65B362BCCFC6FC2ADFD8B, 4D28122AB9D8DAB724021E6513B4474BD34FCEDF47769B1D27AC7551FCA002F8 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:22:11.0790 0x1e90  stexstor - ok
16:22:11.0793 0x1e90  [ 8F3C0CCF27CFFE89424F30E9FB3381AB, 74E54541B4A16DC97098428E1715A27557BAB97E05AF346F88958580199C1541 ] StillCam        C:\Windows\System32\drivers\serscan.sys
16:22:11.0798 0x1e90  StillCam - ok
16:22:11.0813 0x1e90  [ 63E9CE568CF1192771A5F0460DE7D2B9, C27B21FD2C14AD41A59EF62EB8AC95C08EB13CCB1CEECD8378B8CDD4DC352E69 ] stisvc          C:\Windows\System32\wiaservc.dll
16:22:11.0826 0x1e90  stisvc - ok
16:22:11.0831 0x1e90  [ 0ED2E318ABB68C1A35A8B8038BDB4C90, 5C3ABC245F4BCFE64E646D9C0E2F5E211244956C84D03084C71FF6A7E0CDED30 ] storahci        C:\Windows\system32\drivers\storahci.sys
16:22:11.0840 0x1e90  storahci - ok
16:22:11.0843 0x1e90  [ 8B9486B64E5FC17FB9CC04CA10B77A34, C1EAC9D27DC83E4C56B890D97988C3CCFAE3877309610601F2E3FFFE97686D43 ] storflt        C:\Windows\system32\drivers\vmstorfl.sys
16:22:11.0848 0x1e90  storflt - ok
16:22:11.0850 0x1e90  [ 6B06E2D11E604BE2B1A406C4CB3B90DE, 2DDEA1568A85AD64FCE5D10D348304FCD9BE6E96C2313353EF70A2933306D188 ] stornvme        C:\Windows\system32\drivers\stornvme.sys
16:22:11.0855 0x1e90  stornvme - ok
16:22:11.0858 0x1e90  [ A45F5AC9D8069D0EC66E3CA73103073B, 996788F1C58E016E8E5CF3FD1D220A3C40AFFD6C21361A34636415DB12E0D381 ] StorSvc        C:\Windows\system32\storsvc.dll
16:22:11.0864 0x1e90  StorSvc - ok
16:22:11.0867 0x1e90  [ 548759755BC73DAD663250239D7E0B9F, D31A05A8CE800B539420B6E545F1F4BF6E4B02EAF8366DE89CAF13A83C6CA48D ] storvsc        C:\Windows\system32\drivers\storvsc.sys
16:22:11.0872 0x1e90  storvsc - ok
16:22:11.0875 0x1e90  [ 7D123389FCD97D84881BA9C07012BA0C, 044442D8FCFE7935A025602F817C726576BA1C515CB594C4320A8AC6D8DA8F41 ] storvsp        C:\Windows\System32\drivers\storvsp.sys
16:22:11.0880 0x1e90  storvsp - ok
16:22:11.0883 0x1e90  [ E395BE02F80A79A6CF973BA38DBB8135, 4C6F85B0EB8E7725BA720F9742561D229726C0D7C17505D1E79F19A5626F6325 ] svsvc          C:\Windows\system32\svsvc.dll
16:22:11.0888 0x1e90  svsvc - ok
16:22:11.0890 0x1e90  [ 65454187E0F8B6C0DCECB0287D06EC43, 87550000CF5B3C1DF3E69633934AFE8554AE40B6638F190D3185AD63F1D7A2EE ] swenum          C:\Windows\System32\drivers\swenum.sys
16:22:11.0894 0x1e90  swenum - ok
16:22:11.0912 0x1e90  [ 1C71D72D4997A284128FBEE770726330, 21682BDE74A1108FED1124FB1EA35A03CBFA94ABE1B89CC0FADB4DD82596C43E ] swprv          C:\Windows\System32\swprv.dll
16:22:11.0927 0x1e90  swprv - ok
16:22:11.0986 0x1e90  [ 6843FF634C373DE7F150E144054ABE1C, 33CA8155A32A174B446FDE08F3F57A69DC928F3BFCBEE1C1DA569BACB541975C ] Synergy        M:\Program Files\Synergy\synergyd.exe
16:22:11.0993 0x1e90  Synergy - detected UnsignedFile.Multi.Generic ( 1 )
16:22:12.0093 0x1a58  Object send P2P result: true
16:22:14.0298 0x1e90  Detect skipped due to KSN trusted
16:22:14.0299 0x1e90  Synergy - ok
16:22:14.0302 0x1e90  [ 25F0DA8E7F26416FDB5D77592B5C1A8B, 99E7ACA2FA0E3D98BA30947F7E7A59662D36048D9EB83E5BA04D643033B84DB5 ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
16:22:14.0307 0x1e90  Synth3dVsc - ok
16:22:14.0324 0x1e90  [ 7E85DB0463AD2403AE84AD162B162279, 996C42ECAFC6E24C623068AFAFCC0A2612526333AF9315F7536C6D40C2570632 ] SysMain        C:\Windows\system32\sysmain.dll
16:22:14.0345 0x1e90  SysMain - ok
16:22:14.0352 0x1e90  [ D73DBBB96CEE90C2856164AAD8543425, D11ADB5D4C5DD355314CA656D375D0062CAE7462E866F94F1B26D5803F65DCB2 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
16:22:14.0360 0x1e90  SystemEventsBroker - ok
16:22:14.0364 0x1e90  [ D6A71B95ACF71ACA63B67232059F1BCD, C5CEC032E7AB507500D1CC7A4E65DA6322412C798201A9D770CBDE892E50DFC8 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:22:14.0371 0x1e90  TabletInputService - ok
16:22:14.0382 0x1e90  [ 5A5BAB1CA9621E73E25EE4744B67CDA6, 479EBD7BAE1E2AD431153FDC016742F7A8D824716EAB1A4CA87EBBD21D61DECD ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:22:14.0390 0x1e90  TapiSrv - ok
16:22:14.0421 0x1e90  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:22:14.0468 0x1e90  Tcpip - ok
16:22:14.0500 0x1e90  [ 746DDF7D59AB8D721C88D48434597E8D, 78BDBAB8D1E86A11804FEB19B355C0FAD04ACE8DD4BDDFDADCE5461E259BCE82 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:22:14.0550 0x1e90  TCPIP6 - ok
16:22:14.0554 0x1e90  [ 41CF802064F72E55F50CA0A221FD36D4, 70ABCDF9E96611E8C83042C581575E26649FE479475E8E118CD3FF6CB1C84C3F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:22:14.0561 0x1e90  tcpipreg - ok
16:22:14.0567 0x1e90  [ FFF28F9F6823EB1756C60F1649560BBF, 208DFF8BF0329D0D4761C7E31527AEED7FF5F3C36C5005953D01477F35408D5C ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:22:14.0573 0x1e90  tdx - ok
16:22:14.0643 0x1e90  [ CFC9B7B465283378D374D5E380D5D244, 5E66A62C6A6272B65181F116031AA80E8DCEDA3B7E2C1130DD631347DF644D79 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
16:22:14.0731 0x1e90  TeamViewer - ok
16:22:14.0737 0x1e90  [ 232D185D2337F141311D0CF1983E1431, 02EB56D3F26174AF1741C1A444CE30DE84D5BAF583C1A52C7A953BCC52445547 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
16:22:14.0742 0x1e90  terminpt - ok
16:22:14.0768 0x1e90  [ C50997E282576DA492EBA66B059D4196, EBD793CB396F9503376207FA60353F5672DEDB620C8E01C8D6AE0030B3B03339 ] TermService    C:\Windows\System32\termsrv.dll
16:22:14.0786 0x1e90  TermService - ok
16:22:14.0790 0x1e90  [ 2180DBCE75B914E5E5BBFFFAAE97AA21, 8000AECC8855903DB50ABA7E304396D1FCEAE8DC9ADD4FC50275CF24B4D914DE ] Themes          C:\Windows\system32\themeservice.dll
16:22:14.0796 0x1e90  Themes - ok
16:22:14.0799 0x1e90  [ 4C5179DB61B9E14BEC15CDC4B152B2E9, 9048BEC7AD6A3F4B640E99B1F0365AC9A46740B188758FBB2C160EF30AD6E64B ] THREADORDER    C:\Windows\system32\mmcss.dll
16:22:14.0805 0x1e90  THREADORDER - ok
16:22:14.0815 0x1e90  [ B5ED9CC61798C7D44BD535D40B89EFB5, 1BDCEAA9AF2096381870D92129C748F4EE06A1167ABA9367B9DD43BAF27E3F5B ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
16:22:14.0822 0x1e90  TimeBroker - ok
16:22:14.0828 0x1e90  [ 82F909359600D3603FE852DB7F135626, 2EB2BB9D81AC9A2E432B2628E296B7B21F1C82EAE8009300EEF1B8596A9F418D ] TPM            C:\Windows\system32\drivers\tpm.sys
16:22:14.0834 0x1e90  TPM - ok
16:22:14.0839 0x1e90  [ 884113C2BB703FE806C8608B75F34831, 24DE5750CA4363455412BABB0B1FAB08497153E8F158ED44958F100410F93506 ] TrkWks          C:\Windows\System32\trkwks.dll
16:22:14.0845 0x1e90  TrkWks - ok
16:22:14.0853 0x1e90  [ 370A6907DDF79532A39319492B1FA38A, 46AECC5160F04FC3FFE4D37B404CCBBD1C5DC1501C2CEEE8284FF544DBDF10F8 ] truecrypt      C:\Windows\system32\drivers\truecrypt.sys
16:22:14.0862 0x1e90  truecrypt - ok
16:22:14.0865 0x1e90  [ 44A94FB4C76528D2382FFE04B05827C3, B0BCDF7CD1D65E61A9061D539D83527A89B69583958F8A26C6BF9766C1B61E0C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:22:14.0871 0x1e90  TrustedInstaller - ok
16:22:14.0874 0x1e90  [ BF8F54CA37E9C9D6582C31C5761F8C93, 337C566792F6FB9B7FD5D1D4384B767CFE4CF5DBB2E4688CCC36CBB018A0DD0F ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:22:14.0879 0x1e90  TsUsbFlt - ok
16:22:14.0883 0x1e90  [ 20185BEB7512EDE4EFECDFA148AC9F99, 6F539478493C0F87F3DDF67A4A6D4D41E9474EEF21434E856350CE149A34EA9F ] TsUsbGD        C:\Windows\System32\drivers\TsUsbGD.sys
16:22:14.0888 0x1e90  TsUsbGD - ok
16:22:14.0892 0x1e90  [ 4A445D5E44CD996D18E128EF321D54B2, 7B5F504F34B0CBBD1D4B0F3634F707F4876D6B14B41EEEB09AEAA4BDDC75FDDD ] tsusbhub        C:\Windows\System32\drivers\tsusbhub.sys
16:22:14.0898 0x1e90  tsusbhub - ok
16:22:14.0903 0x1e90  [ C8E0E78B5D284C2FF59BDFFDAF997242, BA1576C491A1246EF9866762426D110F4570F9DB42A68C174943C7D5020FE3E2 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:22:14.0910 0x1e90  tunnel - ok
16:22:14.0913 0x1e90  [ F6EEAD052943B5A3104C1405BB856C54, FE422813E6C1012E9F392EFF2AE4C6D3A4DBD9CB2BD5E6A5CAB57D4E89A29468 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:22:14.0918 0x1e90  uagp35 - ok
16:22:14.0922 0x1e90  [ FE6067B1FD4E63650C667B33D080565B, 2C330ED00E49BA55E25564230E0DFB8A35F2B5320EB18D4AF7CAACFA9A449044 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
16:22:14.0927 0x1e90  UASPStor - ok
16:22:14.0934 0x1e90  [ 807F8CF3E973305FC435C61CBBEE2A49, 43CDEAC2BFC5091C11DFC0E7F7171AF9A598AE56CB056C3CF382AE7807F79EF0 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
16:22:14.0940 0x1e90  UCX01000 - ok
16:22:14.0946 0x1e90  [ C61EAF8E1E4B2F62BA4FDF457440B2C6, 961F76A789925234AC27F56AAE34556FA06088D71580B42C24B0BC209EAFD67E ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:22:14.0954 0x1e90  udfs - ok
16:22:14.0976 0x1e90  [ CA26ECD9524C558A3E633F4CCE54617B, 8039FA9013DAEBD0F3A7708AEC3143DA6CDA6CA544ABE40425B40B7F41B90F20 ] UDST7000BDA    C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys
16:22:15.0000 0x1e90  UDST7000BDA - ok
16:22:15.0003 0x1e90  [ B066AC204336D85F19BF881B8B450391, E533B038EC6E72798C8C2250218B3577671BE4DB21C062E81FC87735C22BAD77 ] UDST7000HID    C:\Windows\System32\drivers\TerraTecUsbHid.sys
16:22:15.0006 0x1e90  UDST7000HID - ok
16:22:15.0008 0x1e90  [ 9578691F297E1B1F519970FE6D47CB21, 080C352AAF22A16A4F3C4AB4DCEA5BFA656457C73F735CEBA30516FDACCF6301 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
16:22:15.0013 0x1e90  UEFI - ok
16:22:15.0017 0x1e90  [ A867F0F978EE64C87FADC3B100869EE4, 2686BE85F963D0D0BB275E92E5B543280D8742CF10772303E3189D0719B6A277 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:22:15.0023 0x1e90  UI0Detect - ok
16:22:15.0025 0x1e90  [ 5EAB5117DDB24FC4D39E6FFFCF1837B9, 2BC709240867F161E94BE6625A04F478EAAA3EEE7BC7C37ED0DFA9EEA5928E98 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:22:15.0031 0x1e90  uliagpkx - ok
16:22:15.0034 0x1e90  [ DA34C39A18E60E7C3FA0630566408034, 2F162504214053894C72760D9933D01DBF3578609FE5E2376C3272818599FE32 ] umbus          C:\Windows\System32\drivers\umbus.sys
16:22:15.0039 0x1e90  umbus - ok
16:22:15.0041 0x1e90  [ AE8294875E5446E359B1E8035D40C05E, AE0357BAB47C07C3576BC76951CD258C009BC5A1B93259D2122A841BD9CDA8FA ] UmPass          C:\Windows\System32\drivers\umpass.sys
16:22:15.0046 0x1e90  UmPass - ok
16:22:15.0055 0x1e90  [ A023F267A262D5DA6CE1436D9C5E8FD9, 92AD7AF91184C244A7E392F49663143193A80D5D81114546A00F18227DE31D23 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:22:15.0064 0x1e90  UmRdpService - ok
16:22:15.0066 0x1e90  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 c:\Program Files\Unlocker\UnlockerDriver5.sys
16:22:15.0069 0x1e90  UnlockerDriver5 - ok
16:22:15.0082 0x1e90  [ C98493DD8E6A50154FAC75C15E1C36BB, CECD1C826C8F7AF05468871BF6A0ACDBB6B0202F4F87F48C6D367E5BD699E800 ] upnphost        C:\Windows\System32\upnphost.dll
16:22:15.0093 0x1e90  upnphost - ok
16:22:15.0099 0x1e90  [ FF78D053A05E5A394F4E3C1816CC65A8, 5DAE02414271231F5FDBB751AFEB99874779B467947020815D4AE54432D4269D ] usbccgp        C:\Windows\System32\drivers\usbccgp.sys
16:22:15.0105 0x1e90  usbccgp - ok
16:22:15.0109 0x1e90  [ 0139248F6B95CF0D837B5B46A2722D40, 38E3E704E0364F07732DB418AEBD126B040FB3CDB7D78EA36E8605D50D528A80 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
16:22:15.0114 0x1e90  usbcir - ok
16:22:15.0118 0x1e90  [ 48BA326A3DBA5B5BEB5F2777F4618696, B9EC8155F11A3A7644BD9DC8910681B46AE44AE3BF53F052DF50E9C5555E3229 ] usbehci        C:\Windows\System32\drivers\usbehci.sys
16:22:15.0124 0x1e90  usbehci - ok
16:22:15.0136 0x1e90  [ FEF0BC107812B36849741C3211BA6B60, B3EF738BE1E6B6027F29C9713CD3F367EA067D2BE46580AFBC0FB58046EF6BBD ] usbhub          C:\Windows\System32\drivers\usbhub.sys
16:22:15.0146 0x1e90  usbhub - ok
16:22:15.0157 0x1e90  [ 95B0179BDA907252025DEEA183699FB3, A6BDFB93EE9418A83407024204A41640A08638C60E2BE75C249D102601DC1D80 ] USBHUB3        C:\Windows\System32\drivers\UsbHub3.sys
16:22:15.0168 0x1e90  USBHUB3 - ok
16:22:15.0172 0x1e90  [ 3019097FB6C985EF24C058090FF3BDBD, 24AC518D34E338D94BF3D5B3F72E53F8A1369BAA7F32FEA3EDBCF928C4FF1D17 ] usbohci        C:\Windows\System32\drivers\usbohci.sys
16:22:15.0176 0x1e90  usbohci - ok
16:22:15.0179 0x1e90  [ 4D655E3B684BE9B0F7FFD8A2935C348C, 3A7FC1748C5AEA8CFE0E7C22ADC77E3DCA475455FC16D9C6A5C16EB5E949A516 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
16:22:15.0184 0x1e90  usbprint - ok
16:22:15.0189 0x1e90  [ 66732C13628BDB1AB0D6FD46027327C2, B582C0F348D8F79419CA5A58F10CA151E06D7CA3BE162344CADA46D9D7FED97C ] USBSTOR        C:\Windows\System32\drivers\USBSTOR.SYS
16:22:15.0195 0x1e90  USBSTOR - ok
16:22:15.0198 0x1e90  [ 064260B3A5868AC894A4943543BC7AB7, D3534E98B34C4AC9A430D7E0AB301A0E5E1511E3117C2FEA392636B0DE2C38E2 ] usbuhci        C:\Windows\System32\drivers\usbuhci.sys
16:22:15.0203 0x1e90  usbuhci - ok
16:22:15.0210 0x1e90  [ 44603DA5A87FB491EF59C889EBBB4DDB, 59AA9B6B0B5D66F9312CD3F999D0D9F12F1A2C5D230365AD7287CD71FD86961C ] USBXHCI        C:\Windows\System32\drivers\USBXHCI.SYS
16:22:15.0219 0x1e90  USBXHCI - ok
16:22:15.0305 0x1e90  [ 470295FBBFB97EF104AA5AE409802165, 2BA34D54A68A5EE862EF7075A8FF4042546C85C6984C6F75B3ADEB1932287B30 ] uvnc_service    m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe
16:22:15.0335 0x1e90  uvnc_service - ok
16:22:15.0341 0x1e90  [ 382100E75B6F4668AEAEF228C6CEFFAD, 9C7229F10F11D18E1FED6395391A46225A84B421034B9AB6F81AF7430FDC556F ] VaultSvc        C:\Windows\system32\lsass.exe
16:22:15.0346 0x1e90  VaultSvc - ok
16:22:15.0359 0x1e90  [ FA778992885636644FAE843E479A6774, C43789E3500F7B20D3AA234F806EEDC77C29AD71289FA1ADA6B2527978CC58A8 ] VBoxDrv        C:\Windows\system32\DRIVERS\VBoxDrv.sys
16:22:15.0376 0x1e90  VBoxDrv - ok
16:22:15.0380 0x1e90  [ 63A1DDA8A5B1229A9F7A301EF9385909, D9053B0E311C34DC5ECAEFB34B8522F34C0627FFC547B0271313F570F20B9BF8 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys
16:22:15.0384 0x1e90  VBoxNetAdp - ok
16:22:15.0387 0x1e90  VBoxNetFlt - ok
16:22:15.0391 0x1e90  [ 5269C8EAA3499A3D371BEA543955540F, 4E02FC198F1F4E202989628657658C5354C4F9B2CA37A49425C7A617A8DD85A2 ] VBoxNetLwf      C:\Windows\system32\DRIVERS\VBoxNetLwf.sys
16:22:15.0396 0x1e90  VBoxNetLwf - ok
16:22:15.0399 0x1e90  [ 7CA9F135666CE16742547271CD399557, 3BEAD11758DE731600088D2A5F0FAA6C38719DCC8B101F4B2BFDF3C0067C0751 ] VBoxUSB        C:\Windows\System32\Drivers\VBoxUSB.sys
16:22:15.0404 0x1e90  VBoxUSB - ok
16:22:15.0408 0x1e90  [ 38450E440C613D0C88FD29716E159F68, 797DB2242E5AC2D126130E295B4AF832A394AAC43F0E21811CC94EE8A009C479 ] VBoxUSBMon      C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
16:22:15.0413 0x1e90  VBoxUSBMon - ok
16:22:15.0416 0x1e90  [ FEB26E3B8345A7E8D62F945C4AE86562, 3AAFE87C402FC8E92542DFE60EC9540559863065F88D429A16D7B1BF829223FF ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:22:15.0421 0x1e90  vdrvroot - ok
16:22:15.0448 0x1e90  [ 8A4D808D1EC7C1C47B2C8BF488A9A07A, 63C07312ADB6F8A8BDE93361C30AC63DAB4DE1141AF54630EEF11E54B0BF983D ] vds            C:\Windows\System32\vds.exe
16:22:15.0474 0x1e90  vds - ok
16:22:15.0479 0x1e90  [ 7DDDC7BA58D226706553921D16C68E18, 8BAE0C47E7DA7E510254B485F091FC96124EA334845A09986901EE55E6C2C525 ] veracrypt      C:\Windows\system32\drivers\veracrypt.sys
16:22:15.0486 0x1e90  veracrypt - ok
16:22:15.0491 0x1e90  [ A026EDEAA5EECAE0B08E2748B616D4BD, 2525A54DC7F49DDFBB999C22BF3FAB6D9E9F70C0806E58D81E90AC59F9F46089 ] VerifierExt    C:\Windows\system32\drivers\VerifierExt.sys
16:22:15.0498 0x1e90  VerifierExt - ok
16:22:15.0500 0x1e90  [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt            C:\Windows\system32\DRIVERS\vfilter.sys
16:22:15.0505 0x1e90  vflt - ok
16:22:15.0520 0x1e90  [ F6ECFD6128A16A4851CFE98D4E01B011, C349893E8D7FB9B510A3FAD040F70C3C72B0ACDD5F6EB336951849F9E953717D ] vhdmp          C:\Windows\System32\drivers\vhdmp.sys
16:22:15.0535 0x1e90  vhdmp - ok
16:22:15.0539 0x1e90  [ 06D38968028E9AB19DE9B618C7B6D199, 62022297A47F440D1C82CA0B0E57C0C8E9D5033D83DD3B40492B218DF65EBF68 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:22:15.0542 0x1e90  viaide - ok
16:22:15.0548 0x1e90  [ 3CE922E34DB12D9F3C0EA856BC09687C, E50A1885FBC775E49614989ECFEA4ACBBDDA16AF459CC5361EED9E23CC7CD42C ] Vid            C:\Windows\System32\drivers\Vid.sys
16:22:15.0555 0x1e90  Vid - ok
16:22:15.0558 0x1e90  [ 511AD3FF957A0127E6BD336FF6F89C38, 55325BFD0857A1204F7F6F8ED8C91C07B0E20A50402105708E7365ECD9E25A21 ] vmbus          C:\Windows\system32\drivers\vmbus.sys
16:22:15.0564 0x1e90  vmbus - ok
16:22:15.0566 0x1e90  [ DA40BEA0A863CE768C940CA9723BF81F, 567C0C3F422325635808B0CF76E05D3B6187F96845C33F85F92F98C9FE53A5B8 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
16:22:15.0571 0x1e90  VMBusHID - ok
16:22:15.0576 0x1e90  [ 68F8C26DEA2D42E8DEC0778943433C80, 81E8F9D62815F94952CEEABD0689473CC330F7890F66872DCD35A43C06ED33CD ] vmbusr          C:\Windows\System32\drivers\vmbusr.sys
16:22:15.0584 0x1e90  vmbusr - ok
16:22:15.0597 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicguestinterface C:\Windows\System32\ICSvc.dll
16:22:15.0609 0x1e90  vmicguestinterface - ok
16:22:15.0625 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicheartbeat  C:\Windows\System32\ICSvc.dll
16:22:15.0639 0x1e90  vmicheartbeat - ok
16:22:15.0654 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
16:22:15.0670 0x1e90  vmickvpexchange - ok
16:22:15.0684 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicrdv        C:\Windows\System32\ICSvc.dll
16:22:15.0698 0x1e90  vmicrdv - ok
16:22:15.0712 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
16:22:15.0724 0x1e90  vmicshutdown - ok
16:22:15.0737 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmictimesync    C:\Windows\System32\ICSvc.dll
16:22:15.0747 0x1e90  vmictimesync - ok
16:22:15.0761 0x1e90  [ C42C38E15C0DC39D4B0BDF34F733E468, 7264680C44FA68BB1FC0A490FE3988AFDE19892295F7458943D8CBEE6C01D4F0 ] vmicvss        C:\Windows\System32\ICSvc.dll
16:22:15.0772 0x1e90  vmicvss - ok
16:22:15.0775 0x1e90  [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet            C:\Windows\system32\DRIVERS\virtualnet.sys
16:22:15.0779 0x1e90  vnet - ok
16:22:15.0784 0x1e90  [ 55D7D963DE85162F1C49721E502F9744, 5AD34D6DB707EF3E5242BD8CA67B21D6258EE7E7FC477D5227BD15500AE7F45F ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:22:15.0789 0x1e90  volmgr - ok
16:22:15.0799 0x1e90  [ CCB9E901F7254BF96D28EB1B0E5329B7, F0E3CA4EFA544CDAEF4092284CF3EC7DF07F806A770285E281816457AD8813F5 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:22:15.0808 0x1e90  volmgrx - ok
16:22:15.0818 0x1e90  [ 64CA2B4A49A8EAF495E435623ECCE7DB, 81151F295A54DE2B8B88C7F48C86BF58CDFF96F98493509C06D6F41484594386 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:22:15.0827 0x1e90  volsnap - ok
16:22:15.0830 0x1e90  [ EF31713EE4C7CCFE4049F7E7F15645A2, 35D198D3F1061E19A7EF89FA1E75377049CD6BCA9702F8076B9F95BB8737E0D4 ] vpci            C:\Windows\System32\drivers\vpci.sys
16:22:15.0835 0x1e90  vpci - ok
16:22:15.0838 0x1e90  [ ADBE96C33D1A5BB1BBAF90B4BC84F523, 6E9C9ED3D51E4B6E494D42ECA6F824AD86D676C12C39BBE6B8BD96366BCB02DA ] vpcivsp        C:\Windows\System32\drivers\vpcivsp.sys
16:22:15.0844 0x1e90  vpcivsp - ok
16:22:15.0849 0x1e90  [ 4539F45F9F4C9757A86A56C949421E07, DEC362314B2C66414F39354AFE79C02B18BF4EEF90787FB58307F6EB62237E2C ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
16:22:15.0858 0x1e90  vsmraid - ok
16:22:15.0881 0x1e90  [ 3B7F9612439EA47151EC5EAB232C1C3F, CA08CCB14CB46512F72E2C20454242B18BC57E34C55B42A37B7EC27B79242CDC ] VSS            C:\Windows\system32\vssvc.exe
16:22:15.0904 0x1e90  VSS - ok
16:22:15.0912 0x1e90  [ 0849B7260F26FE05EA56DED0672E2F4B, 7EAC0E7988F45CB4133A15932955B7B03CE715C967A3BAC9999D81543EBCAEC5 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
16:22:15.0922 0x1e90  VSTXRAID - ok
16:22:15.0925 0x1e90  [ BE970C369E43B509C1EDA2B8FA7CECB0, 18951F2AA842A0795AA79A4E164EE925A35E6270EBE4C4CDB19D0A891830E383 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:22:15.0930 0x1e90  vwifibus - ok
16:22:15.0941 0x1e90  [ DC821E811EFBB65CDD77FBB8B6ECA385, B7C8AACDF81DBA298F2F384983D36B269876C31F0398D89BF9070217A069B96F ] W32Time        C:\Windows\system32\w32time.dll
16:22:15.0952 0x1e90  W32Time - ok
16:22:15.0956 0x1e90  [ 0910AB9ED404C1434E2D0376C2AD5D8B, 62585CA5F1375BDA440D28D5DF1ADDC9DE3DDFA196D49BBFF3456A5A09EE1C6B ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
16:22:15.0961 0x1e90  WacomPen - ok
16:22:15.0964 0x1e90  [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:22:15.0969 0x1e90  WANARP - ok
16:22:15.0971 0x1e90  [ 23006D660C0E54BF1CE8253E15F5E995, 4FA7ED2F6B29BACBE2BB43C79FC8231C4C59F27C79AB09DB07BBFE36B35689E5 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:22:15.0976 0x1e90  Wanarpv6 - ok
16:22:16.0011 0x1e90  [ A81988DCC4FA440AA88B84CA452F5E22, 3573AAA09971E8ADB6FEFA778E02B2D8EE5E4249267CF37A524D9F019CC836FB ] wbengine        C:\Windows\system32\wbengine.exe
16:22:16.0035 0x1e90  wbengine - ok
16:22:16.0048 0x1e90  [ 0F1DFA2FED73FA78B8C3CDE332A870F6, 1089F6F585F5350D349A640EBD3117832DF6B3657EB6667CB00AE217E04ACA17 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:22:16.0059 0x1e90  WbioSrvc - ok
16:22:16.0070 0x1e90  [ 0EAEC313B24837613621B4A2536ED382, 61C194ED7FA7D65BBE61A546D5FCA52F52AB08324E084D3EC23C9706E9BF0175 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
16:22:16.0080 0x1e90  Wcmsvc - ok
16:22:16.0090 0x1e90  [ F6B4C2280FF7C7156AC8A4687B9DA35E, 1899D584D7469BB49355D84080051E2575B033E6312009D9C6C1DD3F7F9AA4C5 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:22:16.0100 0x1e90  wcncsvc - ok
16:22:16.0104 0x1e90  [ B7BF1D783F5B2484E8CE1C0C78257F16, 468601199FCCF63DBAE86EE6B8825EA85B2A1EE177413353FFA2CC9CA5249FCD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:22:16.0110 0x1e90  WcsPlugInService - ok
16:22:16.0113 0x1e90  [ 81285DDC994F03379DB46419300B2DCB, 98D3622E11F375718AEA1DE3B5F0104DDAB4F96B6D4C19788C14F7B338A6F235 ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
16:22:16.0117 0x1e90  WdBoot - ok
16:22:16.0136 0x1e90  [ CB6C63FF8342B467E2EF76E98D5B934D, BE017CE91E3BAB293DE6ECF143797CCE3F33CC63024437472B4E38C6961AD884 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:22:16.0150 0x1e90  Wdf01000 - ok
16:22:16.0156 0x1e90  [ 26B8FED3F3B85F5F0C4BD03FD00B9941, 7F94FE7954498223B33C025258DB588A3AC9FF25C58EEAD204514FD20652FE40 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
16:22:16.0164 0x1e90  WdFilter - ok
16:22:16.0168 0x1e90  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:22:16.0175 0x1e90  WdiServiceHost - ok
16:22:16.0179 0x1e90  [ F581F9C9D6953FABFA24E67105F0B614, 5A7BB72523D1C53BBE68700537D7AE0D150BC7E4B8227A916B2E29EE4CA267A9 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:22:16.0186 0x1e90  WdiSystemHost - ok
16:22:16.0190 0x1e90  [ CE67080F00E0AF32755096CEA6430ABA, 0E5D626F9F76C0BC63B2D246AD66D9CBF7D92F34B56398417BCFD0C331DBD282 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
16:22:16.0195 0x1e90  WdNisDrv - ok
16:22:16.0197 0x1e90  WdNisSvc - ok
16:22:16.0202 0x1e90  [ 40F83492DB9ABBA59773A45FB487C8B2, 0D0DE0B0C9B929FEFD2674CCF17F5F2FC4B16EAB8E1981BBCE51B0305FD7D75E ] WebClient      C:\Windows\System32\webclnt.dll
16:22:16.0209 0x1e90  WebClient - ok
16:22:16.0215 0x1e90  [ 384E1D04FE20845B2559D292F17A9FA1, AD3B0B2B2219691AC30FEEC8AFDB3BBB74B51BB7D02038AE2B4DEA514E245315 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:22:16.0222 0x1e90  Wecsvc - ok
16:22:16.0226 0x1e90  [ 455014F4E48B67EBE0F032E2B0E06BF2, A36435784A034B27056A0E606683A20C69F1B0AB2B6BAEDEAEAA190F6287CAEF ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
16:22:16.0232 0x1e90  WEPHOSTSVC - ok
16:22:16.0235 0x1e90  [ F13DBA57CEA9B7074B95EDCA6AD2635E, 1D9BA4841EF1343A5D9096B5FE27FC65DC1901D6683DD13516171638549666B5 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:22:16.0242 0x1e90  wercplsupport - ok
16:22:16.0248 0x1e90  [ FD7E58B6AA3EABF2D12B9762A20E11E4, 4C5E2E246C5C70074866BB3DBC2AAF483ECE4345004CCB8D1FE285047268685D ] WerSvc          C:\Windows\System32\WerSvc.dll
16:22:16.0255 0x1e90  WerSvc - ok
16:22:16.0259 0x1e90  [ 715ABA3DD164D06457A2A3C92F6EA9D5, E6F8269D2FFC4A548B65724C0A3F53756ED15E47229861FBD40B656EE40FE166 ] WFPLWFS        C:\Windows\system32\DRIVERS\wfplwfs.sys
16:22:16.0265 0x1e90  WFPLWFS - ok
16:22:16.0269 0x1e90  [ 8C840E1FD7584E74BD0CC1EA581EC187, 148E534A94B4882E7396B13FABE17407802292E7890713540080D03D5629C81D ] WiaRpc          C:\Windows\System32\wiarpc.dll
16:22:16.0275 0x1e90  WiaRpc - ok
16:22:16.0277 0x1e90  [ 5F66B7BB330AA80067FC66149A692620, 92C5D7115A168A23108B65EEEB5FBA8FA43D781855355792596D2419160263C2 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:22:16.0282 0x1e90  WIMMount - ok
16:22:16.0283 0x1e90  WinDefend - ok
16:22:16.0307 0x1e90  [ 10DAD6A7FC617A221313BD584E3C3A00, F139B878668ECF38FE59831E8595A207D5CEEE76C6FFDA8C9F735435E601A763 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
16:22:16.0322 0x1e90  WinHttpAutoProxySvc - ok
16:22:16.0332 0x1e90  [ FC8BD690321216C32BB58B035B6D5674, D61698DB19D9DB2593B60B6BA13F7B7735667206F41D751D507135469D6D3CDD ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:22:16.0340 0x1e90  Winmgmt - ok
16:22:16.0407 0x1e90  [ 75436315AA383CF527695C6D49D0CA59, E3D55F2ACBD45D4D031FA6CA799394459C89BE50FF6ADE4FE36F2CAB2D2E63D0 ] WinRM          C:\Windows\system32\WsmSvc.dll
16:22:16.0445 0x1e90  WinRM - ok
16:22:16.0453 0x1e90  [ AC263C2F66405589528995AA41040599, 81B46E551D6130A2C3D113EC3B563CEDB5A06BB340986C0E03136CE5BE729481 ] WinUsb          C:\Windows\System32\drivers\WinUsb.sys
16:22:16.0459 0x1e90  WinUsb - ok
16:22:16.0491 0x1e90  [ DC079BA8390089E4EBCA63D27EEA3ECB, 4D549217A68292E2B16C09FD9F84317011EE54A2DAF4E2AB85554267DF0D3249 ] WlanSvc        C:\Windows\System32\wlansvc.dll
16:22:16.0514 0x1e90  WlanSvc - ok
16:22:16.0564 0x1e90  [ 06BF5897949A8F24893F792E876B71F5, 9D3719492A86BF52A56E2EA798FD6FDB5862A03F6D360FCC4B0CEA9BE9792AE4 ] wlidsvc        C:\Windows\system32\wlidsvc.dll
16:22:16.0588 0x1e90  wlidsvc - ok
16:22:16.0591 0x1e90  [ 2834D9D3B4F554A39C72F00EA3F0E128, D10124343C67FE9A0B711AD569BB8080495FCEA0ECEF9AC3F3FBD6865F436A44 ] WmiAcpi        C:\Windows\System32\drivers\wmiacpi.sys
16:22:16.0595 0x1e90  WmiAcpi - ok
16:22:16.0603 0x1e90  [ B96F7A1236C3F21212DE2C40A3DDB005, 5A29EBB6DA036E303611EB1304192655021405BB05452FD37886DDE604FF0D9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:22:16.0610 0x1e90  wmiApSrv - ok
16:22:16.0613 0x1e90  [ 92C6184E6F62D542B8DCDC93BD73CB7E, CFC98601730ADEE4802C55C07B6DFF6037E3EECC818802A698448C68819F5308 ] wod0205        C:\Windows\system32\DRIVERS\wod0205.sys
16:22:16.0616 0x1e90  wod0205 - ok
16:22:16.0620 0x1e90  [ 7FC5667DF73D4B04AA457CC3A4180E09, CB7B014945DCA16B6D120DBE0E5876C4C867A4ACD3C3536AEADC14B908613D4E ] Wof            C:\Windows\system32\drivers\Wof.sys
16:22:16.0627 0x1e90  Wof - ok
16:22:16.0665 0x1e90  [ 588040D595BBF0856CA1ADD941A8ED17, CBC92BB5453FE1BEA6F33239B7CE884F312559591383408EA5F95A006156C5D3 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
16:22:16.0697 0x1e90  workfolderssvc - ok
16:22:16.0701 0x1e90  [ A2468CC3509394A33C4C32F99563D845, 62690C7D41F382DF74B8F4B942647842858E37DE35FF2DE028192E4D09ABB2C5 ] wpcfltr        C:\Windows\system32\DRIVERS\wpcfltr.sys
16:22:16.0706 0x1e90  wpcfltr - ok
16:22:16.0708 0x1e90  [ 19F4DF69876DA7E9C4965351560FE6B7, 127247A7964F55EE3AF842D25120F5ACD387632BEE2BF3D28FAC05840CEA19BA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:22:16.0714 0x1e90  WPCSvc - ok
16:22:16.0719 0x1e90  [ 2ADE11F3D84709C5F6781E4C59F11683, F003C43396CF8FCF44EAB87583650DB4D2A233322D28D6A78D1694945D9073BB ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:22:16.0726 0x1e90  WPDBusEnum - ok
16:22:16.0729 0x1e90  [ 9F2904B55F6CECCD1A8D986B5CE2609A, E19ED4DD3CEF3A22C058FC324824604FB3FC98A029C94E6C2A3389F938D680B6 ] WpdUpFltr      C:\Windows\system32\drivers\WpdUpFltr.sys
16:22:16.0733 0x1e90  WpdUpFltr - ok
16:22:16.0736 0x1e90  [ AE072B0339D0A18E455DC21666CAD572, AB1DAEA25E2C7AD610818D4B4783F6D4190D85EBB3963BBAD410E8CEA7899EDB ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:22:16.0742 0x1e90  ws2ifsl - ok
16:22:16.0748 0x1e90  [ 5596C0960ED6ED7494BF2A55DE428684, C95CF09A657F37F421CC80E16F2F95B8EC59A8D5D48F104551155EAC8E53DCB2 ] wscsvc          C:\Windows\System32\wscsvc.dll
16:22:16.0755 0x1e90  wscsvc - ok
16:22:16.0757 0x1e90  [ F586F3F1BF962FE9AE4316E0D896B22F, 8D0AD48D79294567123D943D0F5B6D5A32D7A82B129A24DC821D3095AFAA100B ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
16:22:16.0762 0x1e90  WSDPrintDevice - ok
16:22:16.0765 0x1e90  [ 58035FD3369879E02D65989C44D27450, B9245DB5C17F7CE94FAA20AB4B0D06A4DFB6133C6E82343758CDC713EB64DFEF ] WSDScan        C:\Windows\system32\DRIVERS\WSDScan.sys
16:22:16.0770 0x1e90  WSDScan - ok
16:22:16.0771 0x1e90  WSearch - ok
16:22:16.0848 0x1e90  [ 6B2D71124C1EA86B74412F414C42431D, 078CC6C9667EF6BDA3E6900BC26A5A5B030CAA66928A6BBB7B7DC43C5C199EDC ] WSService      C:\Windows\System32\WSService.dll
16:22:16.0906 0x1e90  WSService - ok
16:22:16.0958 0x1e90  [ 3F726FF7B1ACC7D5E89940EA5BFF0E61, DF84486870C677B30985005A909CFDF8446BD566F601A295FF29F258E1D1AFF4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:22:17.0008 0x1e90  wuauserv - ok
16:22:17.0015 0x1e90  [ 481286719402E4BAEFEA0604AB1B5113, F3CF65DF2AB39F79AE4C1335831408418E40726706E0242677E8B96B0FAD988F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:22:17.0021 0x1e90  WudfPf - ok
16:22:17.0028 0x1e90  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0035 0x1e90  WUDFRd - ok
16:22:17.0040 0x1e90  [ 51D28F7F1F888DDCF2C67DCF3B79A5D3, 74FF2936AFCEB9A36175D5B00EB91A5AD614B52BE3FB3FA9B994A025A484D2B7 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:22:17.0047 0x1e90  wudfsvc - ok
16:22:17.0054 0x1e90  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdFs      C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0061 0x1e90  WUDFWpdFs - ok
16:22:17.0068 0x1e90  [ D7B4859227B02BCC1055B279A63C937F, 82C99844CC596C2723523B1B98573488FF23337947B78AA04BA21E58394BB751 ] WUDFWpdMtp      C:\Windows\System32\drivers\WUDFRd.sys
16:22:17.0075 0x1e90  WUDFWpdMtp - ok
16:22:17.0089 0x1e90  [ A0900F8F628B5AF6841414EB3CF11E50, 8A531F2472FF4B4D895D469D28C215C834ECADBEF539894B8F3F606079A86184 ] WwanSvc        C:\Windows\System32\wwansvc.dll
16:22:17.0101 0x1e90  WwanSvc - ok
16:22:17.0104 0x1e90  [ AAAF81690C24E2F1EE59F1B2AED5B632, 446AE85300FCB1CDEBFF2BDD69F6B322922F40EB688EF152F853B3AB6F4D4A6A ] xb1usb          C:\Windows\System32\drivers\xb1usb.sys
16:22:17.0110 0x1e90  xb1usb - ok
16:22:17.0116 0x1e90  [ A0F661902AFCAAD77CC2ED3894927A10, 0DCD860F7F4029EBFE1F409BA23CC8BAA55BC22084C81940FF170B665E4804BD ] xusb22          C:\Windows\System32\drivers\xusb22.sys
16:22:17.0124 0x1e90  xusb22 - ok
16:22:17.0128 0x1e90  ================ Scan global ===============================
16:22:17.0130 0x1e90  [ 05B08C20B8428ECE088CB5635696A48D, 471642A2D0E5C3BB235962FC8D86A49AC30D7DDE80B97E348425BBFCDE4DCDC3 ] C:\Windows\system32\basesrv.dll
16:22:17.0137 0x1e90  [ EAB311B0A7A8EA0346F14F08D4BC8F46, 11168E4074679F8A69DA714C0ABD0C68BA49D171B379343F14783C9C563202CA ] C:\Windows\system32\winsrv.dll
16:22:17.0142 0x1e90  [ 3600ED7EA8AED849E20700551C0BD63B, 4A8C346C1646E80B58EF93F87F915A41E05CA2E993BB1C96955AE62A0669AF66 ] C:\Windows\system32\sxssrv.dll
16:22:17.0150 0x1e90  [ E0C7813A97CA7947FF5C18A8F3B61A45, 083BB4F3B20419C87DB656F1465E5F782ACDE76838CDE6207F26AAD035C69DE0 ] C:\Windows\system32\services.exe
16:22:17.0155 0x1e90  [ Global ] - ok
16:22:17.0155 0x1e90  ================ Scan MBR ==================================
16:22:17.0156 0x1e90  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:22:17.0223 0x1e90  \Device\Harddisk0\DR0 - ok
16:22:17.0245 0x1e90  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:22:17.0297 0x1e90  \Device\Harddisk1\DR1 - ok
16:22:17.0326 0x1e90  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
16:22:17.0394 0x1e90  \Device\Harddisk2\DR2 - ok
16:22:17.0406 0x1e90  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR3
16:22:17.0445 0x1e90  \Device\Harddisk3\DR3 - ok
16:22:17.0448 0x1e90  [ 0792F22BCC85CFD3B28324561FFFCABB ] \Device\Harddisk4\DR4
16:22:18.0355 0x1e90  \Device\Harddisk4\DR4 - ok
16:22:18.0355 0x1e90  ================ Scan VBR ==================================
16:22:18.0357 0x1e90  [ 22F7F4CC84FB7CEB9172DC9EAD8ABF16 ] \Device\Harddisk0\DR0\Partition1
16:22:18.0358 0x1e90  \Device\Harddisk0\DR0\Partition1 - ok
16:22:18.0359 0x1e90  [ 51638DFEA3FE416F2474CC8EB3736E73 ] \Device\Harddisk0\DR0\Partition2
16:22:18.0360 0x1e90  \Device\Harddisk0\DR0\Partition2 - ok
16:22:18.0361 0x1e90  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition1
16:22:18.0361 0x1e90  \Device\Harddisk1\DR1\Partition1 - ok
16:22:18.0393 0x1e90  [ 620224330BF335CC7447E5359D5DCD54 ] \Device\Harddisk1\DR1\Partition2
16:22:18.0471 0x1e90  \Device\Harddisk1\DR1\Partition2 - ok
16:22:18.0473 0x1e90  [ 577BE45835808EE0C021E3E996B5CC92 ] \Device\Harddisk2\DR2\Partition1
16:22:18.0473 0x1e90  \Device\Harddisk2\DR2\Partition1 - ok
16:22:18.0474 0x1e90  [ 876B3EA45D7E68593A9AADB52E3D6126 ] \Device\Harddisk3\DR3\Partition1
16:22:18.0475 0x1e90  \Device\Harddisk3\DR3\Partition1 - ok
16:22:18.0477 0x1e90  [ AB7DC4E148530D70F87AED2630FB343E ] \Device\Harddisk4\DR4\Partition1
16:22:18.0478 0x1e90  \Device\Harddisk4\DR4\Partition1 - ok
16:22:18.0478 0x1e90  ================ Scan generic autorun ======================
16:22:18.0481 0x1e90  [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
16:22:18.0483 0x1e90  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
16:22:20.0790 0x1e90  Detect skipped due to KSN trusted
16:22:20.0790 0x1e90  IAStorIcon - ok
16:22:21.0036 0x1e90  [ E1026B2975D308D43E896A108C92F1BD, 562903C88BC3CBD86E9A813001C72576181F2470286040240BAC92E5BF1F1583 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
16:22:21.0299 0x1e90  RTHDVCPL - ok
16:22:21.0499 0x1e90  [ D187A411C9C34F80B4D3AAB97CDB3C0A, 9406914A72D09B0090A263D03AD0E3006C3A30EDBEF0B87C062010AEF2D86B75 ] C:\Program Files\Logitech Gaming Software\LCore.exe
16:22:21.0721 0x1e90  Launch LCore - ok
16:22:21.0738 0x1e90  [ B1964E8776FD7633F149788F5B2A71CB, E30AC137B9DC2D3456499E0BB3B1955D2E0F7FFDB11E7A290A9DA25C76F4FAF8 ] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
16:22:21.0747 0x1e90  CDAServer - ok
16:22:21.0747 0x1e90  OODefragTray - ok
16:22:21.0818 0x1e90  [ DE91AA01B01FF8F5837C46EF0B51B57F, C896865F9C0613286C01AA3183D37B25C324D64963A2B1EE0CFA91100822D086 ] m:\Program Files\Greenshot\Greenshot.exe
16:22:21.0828 0x1e90  Greenshot - detected UnsignedFile.Multi.Generic ( 1 )
16:22:24.0138 0x1e90  Detect skipped due to KSN trusted
16:22:24.0138 0x1e90  Greenshot - ok
16:22:24.0143 0x1e90  [ 5917DC01B9AC1FD64136D4691FFC7987, 8AAB5E31A4F4056843EC0896BF3F0A91604FF39F4AD439F64D2E882E72511A98 ] C:\Program Files\Classic Shell\ClassicStartMenu.exe
16:22:24.0149 0x1e90  Classic Start Menu - ok
16:22:24.0182 0x1e90  [ E38338CC40DBFE16540EC767BF65E4A2, 8BA91F90E92F1F06129930ABB6A9280AF9C33B05D13BF91A3F1185A639D3DE78 ] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
16:22:24.0223 0x1e90  KeePass 2 PreLoad - ok
16:22:24.0241 0x1e90  [ 7389FE13F97605BFC1C18E6073BD3BE2, 5EC5BDD2AEFBC40FB55CA9BD623DCD5A79028657E2555839D04F9859D36DF03D ] C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
16:22:24.0257 0x1e90  Sound Blaster Z-Series Control Panel - detected UnsignedFile.Multi.Generic ( 1 )
16:22:26.0609 0x1e90  Detect skipped due to KSN trusted
16:22:26.0609 0x1e90  Sound Blaster Z-Series Control Panel - ok
16:22:26.0614 0x1e90  CitrixReceiver - ok
16:22:26.0627 0x1e90  [ 5DAB9A0A2D2B4C7DBB5FD381CB2C2B0D, 67A9661B2AC5CFF9DCB3D0B76D617742B93190E6DE4D501565D4FC2E9993934C ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
16:22:26.0638 0x1e90  ConnectionCenter - ok
16:22:26.0644 0x1e90  [ F590FFAF1A12C4B4BE1BCCA29CCB10A2, 8F73820E7107AABD7A5F402D02D786725650311368F96024C92BB2F200BA2AEF ] C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
16:22:26.0650 0x1e90  Redirector - ok
16:22:26.0681 0x1e90  [ 92186E427B216F010C5886A618801CF7, D2B652C692A38B29CBF66B6264CE7EF9A155E968744DD642D519D240E83B5CC7 ] C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe
16:22:26.0700 0x1e90  GDataUsbProtection - ok
16:22:26.0702 0x1e90  Dropbox - ok
16:22:26.0714 0x1e90  [ 9A37A8184FF394645C224DEC24B8E1BB, 07303575847EEF9A60E9C8AA89A5139E58EB909184D799310A869662EDF294FC ] C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe
16:22:26.0728 0x1e90  Command Center - ok
16:22:26.0738 0x1e90  [ 9AC10DF42CC1E811BB8608A0B609A7D0, 8337D83D40E5FA5A38109F3C4E6AF217AA4D112E9174FC2E5662A0DE77249F63 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
16:22:26.0750 0x1e90  SunJavaUpdateSched - ok
16:22:26.0886 0x1e90  [ D8AC78CDEC4EDC534EA0056D894CF004, 5809123847DE8CAA4CC657D9157C4D14751500625BCDDEB40088AE77290D7795 ] C:\Program Files (x86)\MSI\Live Update\Live Update.exe
16:22:27.0043 0x1e90  Live Update - ok
16:22:27.0152 0x1e90  [ 1C6A812AB0AF2CC2BF5E42722BDDB20E, FA5719BF1D11C5F04D7B3FDA911D23BF3213C53D53D35A3FB1952156515CB935 ] M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
16:22:27.0160 0x1e90  7 Taskbar Tweaker - detected UnsignedFile.Multi.Generic ( 1 )
16:22:29.0466 0x1e90  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - warning
16:22:31.0871 0x1e90  [ 630B417FD7F878A4398D16FBD3F46690, 7B5A8866D72749C9F9576CD2EDBD66F3EB5CC8AF20FE979EB6D3D87495E473B1 ] m:\Program Files (x86)\ClamWin\bin\ClamTray.exe
16:22:31.0874 0x1e90  ClamWin - detected UnsignedFile.Multi.Generic ( 1 )
16:22:34.0184 0x1e90  Detect skipped due to KSN trusted
16:22:34.0184 0x1e90  ClamWin - ok
16:22:34.0338 0x1e90  [ 9DA1393F5C9350A3CFB039B6EB71A28F, 21DBC6ACFFBDEDAEB97690B83068B054DA9C3C117DF47135CFAA06E91916DBA8 ] m:\Program Files\Sandboxie\SbieCtrl.exe
16:22:34.0352 0x1e90  SandboxieControl - ok
16:22:34.0361 0x1e90  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
16:22:34.0365 0x1e90  Google Update - ok
16:22:34.0541 0x1e90  [ 3570C7B35F9EB00BE68025CD10149640, 0FA72D4FC79D5D37177660A5A511A2D294C27FB3FF029F52720702321A4A7161 ] M:\Program Files (x86)\ownCloud\owncloud.exe
16:22:34.0563 0x1e90  ownCloud - detected UnsignedFile.Multi.Generic ( 1 )
16:22:36.0873 0x1e90  Detect skipped due to KSN trusted
16:22:36.0873 0x1e90  ownCloud - ok
16:22:36.0969 0x1e90  [ 28097821DE2D52E8B259E8D977DE229F, EAA3345F502ED0EB7DC02189F19F2648C6D1E79750AED0F968E5D33614861642 ] m:\Program Files\Ditto\Ditto.exe
16:22:37.0001 0x1e90  Ditto - detected UnsignedFile.Multi.Generic ( 1 )
16:22:39.0308 0x1e90  Detect skipped due to KSN trusted
16:22:39.0308 0x1e90  Ditto - ok
16:22:39.0368 0x1e90  [ 236D0DE39B72766935297687460324F7, 5E59F9B6227A22E7BE84B0A02A95A420DD5DC07704AE4337CA1131DF393A4B73 ] M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe
16:22:39.0404 0x1e90  LoxCONTROL - detected UnsignedFile.Multi.Generic ( 1 )
16:22:41.0711 0x1e90  Detect skipped due to KSN trusted
16:22:41.0711 0x1e90  LoxCONTROL - ok
16:22:41.0730 0x1e90  [ 44A9229022A519ED45294A1934C05EEC, 6DEF0DB5F9B50E9B0AFEE1CF50066BEB4FB7E15E2DC829A499509925660D6992 ] C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe
16:22:41.0748 0x1e90  f.lux - ok
16:22:41.0759 0x1e90  [ F06C73D0AC21EA0D62E825AD047F778C, 01F3FE2D6A5C7C3007897F34AEBDB74B8EF3CEB6523F8CC5AF246FC4B44FBB5D ] C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
16:22:41.0768 0x1e90  Clam Sentinel - detected UnsignedFile.Multi.Generic ( 1 )
16:22:44.0083 0x1e90  Detect skipped due to KSN trusted
16:22:44.0083 0x1e90  Clam Sentinel - ok
16:22:44.0101 0x1e90  [ F5164E5D119C2892168B46D4C8FA16A7, D355DC94FF04AEB6160F496F92F5F864A1E5C6B909BFD341B79A358CE72B280E ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
16:22:44.0125 0x1e90  GarminExpressTrayApp - ok
16:22:44.0957 0x1e90  [ 0BD96060678C1EC603E0DE78BFC4327A, 6E6D1BD58AFDCB3C75D29AC8A8D25137B7EDBBC5214DD76EEE13DC05078FC959 ] M:\Program Files (x86)\GlassWire\glasswire.exe
16:22:45.0638 0x1e90  GlassWire - ok
16:22:45.0663 0x1e90  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
16:22:45.0679 0x1e90  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
16:22:47.0987 0x1e90  Detect skipped due to KSN trusted
16:22:47.0987 0x1e90  SpybotPostWindows10UpgradeReInstall - ok
16:22:47.0987 0x1e90  Waiting for KSN requests completion. In queue: 3
16:22:48.0988 0x1e90  Waiting for KSN requests completion. In queue: 3
16:22:49.0988 0x1e90  Waiting for KSN requests completion. In queue: 3
16:22:50.0995 0x1e90  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.8.207.0 ), 0x60100 ( disabled : updated )
16:22:50.0996 0x1e90  Win FW state via NFP2: disabled ( trusted )
16:22:53.0315 0x1e90  ============================================================
16:22:53.0315 0x1e90  Scan finished
16:22:53.0315 0x1e90  ============================================================
16:22:53.0318 0x0bcc  Detected object count: 2
16:22:53.0318 0x0bcc  Actual detected object count: 2
16:23:35.0156 0x0bcc  Killer Service V2 ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:35.0156 0x0bcc  Killer Service V2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:35.0156 0x0bcc  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - skipped by user
16:23:35.0156 0x0bcc  7 Taskbar Tweaker ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:23:39.0588 0x1ef8  Deinitialize success

schrauber 29.09.2015 12:10
MBAM updaten, scannen, Funde löschen.

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

CptMw 29.09.2015 12:40
Vielen Dank an der Stelle schon mal für deine Hilfe.

MBAM hat nichts gefunden (Full Scan)

Code:
# AdwCleaner v5.009 - Bericht erstellt am 29/09/2015 um 13:27:59
# Aktualisiert am 27/09/2015 von Xplode
# Datenbank : 2015-09-27.1 [Server]
# Betriebssystem : Windows 8.1 Enterprise  (x64)
# Benutzername : mongole - MONGOMACHINE-8
# Gestartet von : C:\Users\mongole\Desktop\AdwCleaner_5.009.exe
# Option : Löschen
# Unterstützung : hxxp://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****

[-] Ordner Gelöscht : C:\Users\mongole\AppData\Roaming\pdfforge

***** [ Dateien ] *****


***** [ Verknüpfungen ] *****


***** [ Geplante Tasks ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKCU\Software\distromatic
[!] Schlüssel Nicht Gelöscht : [x64] HKCU\Software\distromatic

***** [ Internetbrowser ] *****

[-] [C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.requestpolicy.allowedOriginsToDestinations", "amazon.caimages-amazon.com amazon.cassl-images-amazon.com amazon.co.ukimages-amazon.com amazon.co.ukssl-images-amazon.com amazon[...]
[-] [C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\prefs.js] [Preference] Gelöscht : user_pref("extensions.trackmenot.searchEngines", "aol,bing,yahoo,google");
[-] [C:\Users\mongole\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [Search Provider] Gelöscht : isohunt.us

*************************

:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1586 Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.3 (09.21.2015:1)
OS: Windows 8.1 Enterprise x64
Ran by mongole on 29.09.2015 at 13:33:47,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Windows\SysWOW64\REN86DC.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\RENDC0C.tmp
Successfully deleted: [File] C:\Windows\SysWOW64\RENE5DA.tmp



~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(default)
Successfully deleted: [Folder] C:\Users\mongole\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Windows\system32\tasks\update





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.09.2015 at 13:36:30,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
Ran by mongole (administrator) on MONGOMACHINE-8 (29-09-2015 13:38:59)
Running from C:\Users\mongole\Desktop
Loaded Profiles: mongole (Available Profiles: mongole)
Platform: Windows 8.1 Enterprise (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7637208 2014-07-15] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [14862456 2015-09-01] (Logitech Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [OODefragTray] => M:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [Greenshot] => m:\Program Files\Greenshot\Greenshot.exe [540672 2015-04-19] (Greenshot)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2715536 2015-04-10] (Dominik Reichl)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [407904 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-11-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-05] (G Data Software AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [39175960 2015-08-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [830416 2015-08-03] (MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11328464 2015-09-11] (Micro-Star INT'L CO., LTD.)
HKLM\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKLM-x32\...\Command Processor: "C:\Program Files (x86)\clink\0.4.2\clink" inject --profile "~\clink" <======= ATTENTION
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [7 Taskbar Tweaker] => M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [380416 2015-08-22] (RaMMicHaeL)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ClamWin] => m:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SandboxieControl] => m:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Google Update] => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ownCloud] => M:\Program Files (x86)\ownCloud\owncloud.exe [1748494 2015-09-01] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Ditto] => m:\Program Files\Ditto\Ditto.exe [1975808 2015-01-10] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [LoxCONTROL] => M:\Program Files (x86)\Loxone\LoxoneConfig\LoxCONTROL.exe [1865176 2014-05-07] (Loxone Electronics GmbH)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [f.lux] => C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Clam Sentinel] => C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe [737280 2014-07-18] (Andrea Russo - Italy)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GlassWire] => M:\Program Files (x86)\GlassWire\glasswire.exe [12771872 2015-07-30] (SecureMix LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {00fc8422-4518-11e4-8264-0015833d0a57} - "Z:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {07a2f1dc-dbb6-11e4-8291-97d8e33ee520} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0b248c5f-c9bc-11e4-8290-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3130-6b70-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31a4-6b70-11e4-8273-0015833d0a57} - "J:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31c9-6b70-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3228-6b70-11e4-8273-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {14df6a04-0a84-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {162e6353-bf1e-11e4-828f-0015833d0a57} - "Q:\BvsC_Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {18bfff98-a6b1-11e4-8284-e65431e47091} - "R:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2df4f224-5338-11e5-82b8-c975e38b645c} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2f6767ba-72b0-11e4-8277-0015833d0a57} - "P:\start.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab32722-d8e7-11e4-8291-97d8e33ee520} - "H:\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab327eb-d8e7-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab328a3-d8e7-11e4-8291-97d8e33ee520} - "L:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4fc9a4b0-580a-11e5-82ba-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {60881c93-86fc-11e4-827e-9f3555d7a4f3} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4753-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4891-b3df-11e4-828e-a9ce0c2de137} - "P:\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {714b828f-4260-11e5-82b7-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b7399-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b75e7-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b9426-7812-11e4-827d-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042a8e-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042bc2-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83043e48-617d-11e4-8273-0015833d0a57} - "J:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {830440a0-617d-11e4-8273-0015833d0a57} - "K:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83044447-617d-11e4-8273-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {89f42221-ff1a-11e4-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aada012-a252-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aadaf0b-a252-11e4-8284-e65431e47091} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a4fef4da-5e67-11e5-82ba-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a9a16c7d-0027-11e5-82a0-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b22c0533-6397-11e5-82bc-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b39f8cc0-1d22-11e5-82a9-0015833d0a57} - "O:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225db12-d660-11e4-8291-97d8e33ee520} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225e732-d660-11e4-8291-97d8e33ee520} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc266ba8-80b9-11e4-827d-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dfac2b46-37c5-11e5-82b2-0015833d0a57} - "P:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e0617187-c45c-11e4-828f-0015833d0a57} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e06176a3-c45c-11e4-828f-0015833d0a57} - "R:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e06e4-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e0808-b393-11e4-828e-a9ce0c2de137} - "H:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e7b61e58-9e1a-11e4-8284-e65431e47091} - "Q:\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [{BF6DA836-4385-488D-8F01-89E886CAD41D}] => "B:\Killer_Network_Drivers_(driver_only)_1.1.50.1073\Killer\setup.exe"
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [  OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCErrorShared] -> {0960F091-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCSyncShared] -> {0960F095-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [  OCWarningShared] -> {0960F097-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud\shellext\OCOverlays_x64.dll [2015-06-19] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BtProx.lnk [2015-03-29]
ShortcutTarget: BtProx.lnk -> C:\Program Files (x86)\BtProx\btprox.exe (BtProx)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Duplicati.lnk [2014-10-19]
ShortcutTarget: Duplicati.lnk -> M:\Program Files\Duplicati\Duplicati.exe (HexaD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2015-09-07]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk [2014-12-16]
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk [2014-09-23]
ShortcutTarget: VirtuaWin.lnk -> C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeZautocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{8F5EDCF9-F14F-4A0C-AEB1-5860B2A385C0}: [NameServer] 192.168.100.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-29] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-29] (Oracle Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll [2014-01-23] (EJIE Technology)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> m:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-06-27] (FreeDownloadManager.ORG)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2014-11-27] (Citrix Systems, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-29] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2014-11-27] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=3 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=9 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - m:\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: Free Download Manager plugin - m:\Program Files (x86)\Free Download Manager\Firefox\Extension [2014-09-25]
StartMenuInternet: FIREFOX.EXE - m:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
S2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-07-25] (Dropbox, Inc.)
S2 DirMngr; m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
S2 EMET_Service; C:\Program Files (x86)\EMET 5.2\EMET_Service.exe [22680 2015-03-11] (Microsoft Corporation)
S3 FileZilla Server; m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [794584 2015-06-12] (FileZilla Project)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)
S2 GlassWire; M:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7438880 2015-07-30] (SecureMix LLC)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
S3 iked; m:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel(R) Corporation)
S3 ipsecd; m:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-04-09] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
S2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [402432 2015-07-07] (Rivet Networks) [File not signed]
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [192120 2015-09-01] (Logitech Inc.)
S3 MBAMService; m:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MSIBIOSData_CC; C:\Program Files (x86)\MSI\Command Center\BIOSData\MSIBIOSDataService.exe [2106832 2015-06-29] (MSI)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4045264 2015-08-03] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2123216 2015-07-08] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4177360 2015-07-07] (MSI)
S2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2002896 2015-07-28] (MSI)
S2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2284496 2015-07-30] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2072528 2015-06-29] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [599504 2015-07-28] (MSI)
S2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
S2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1768912 2015-09-11] (Micro-Star INT'L CO., LTD.)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100352 2014-09-25] (Microsoft Corporation)
S3 OODefragAgent; M:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
S3 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S2 SbieSvc; m:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 Synergy; M:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S2 uvnc_service; m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [1979136 2015-05-28] (UltraVNC)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S3 MPlayerWWService; "M:\Programme\mplayer\tools\MPlayerWWService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-04-28] (SlySoft, Inc.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [118320 2015-06-19] (Rivet Networks, LLC.)
R3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
S3 dvblink_tuner; C:\Windows\system32\drivers\dvblink_tuner.sys [78184 2013-10-24] (DVBLogic)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2015-03-04] (G Data Software AG)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [126512 2015-03-18] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-11] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2014-09-25] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 pbfilter; M:\Program Files\PeerBlock\pbfilter.sys [22600 2014-01-14] ()
S3 PORTMON; M:\Programme\SysinternalsSuite\PORTMSYS.SYS [28656 2015-07-11] (Systems Internals) [File not signed]
R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [81912 2012-12-27] (Micro-Star Int'l Co., Ltd.)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2014-09-25] (Microsoft Corporation)
R3 SbieDrv; m:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 UDST7000BDA; C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys [917160 2012-08-20] (TerraTec Electronic GmbH.)
S3 UDST7000HID; C:\Windows\System32\drivers\TerraTecUsbHid.sys [26408 2012-08-20] (TerraTec Electronic GmbH.)
U5 UnlockerDriver5; c:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [115208 2015-05-13] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [192344 2015-07-25] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-27] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 13:38 - 2015-09-29 13:39 - 00037925 _____ C:\Users\mongole\Desktop\FRST.txt
2015-09-29 13:38 - 2015-09-29 13:38 - 02192384 _____ (Farbar) C:\Users\mongole\Desktop\FRST64.exe
2015-09-29 13:36 - 2015-09-29 13:36 - 00001029 _____ C:\Users\mongole\Desktop\JRT.txt
2015-09-29 13:32 - 2015-09-29 13:32 - 00001686 _____ C:\Users\mongole\Desktop\tb.txt
2015-09-29 13:32 - 2015-09-29 13:32 - 00000021 _____ C:\Windows\S.dirmngr
2015-09-29 13:32 - 2015-09-29 13:32 - 00000000 ____D C:\Users\mongole\Desktop\Neuer Ordner
2015-09-29 13:27 - 2015-09-29 13:26 - 01798976 _____ (Malwarebytes) C:\Users\mongole\Desktop\JRT.exe
2015-09-29 13:23 - 2015-09-29 13:23 - 01670656 _____ C:\Users\mongole\Desktop\AdwCleaner_5.009.exe
2015-09-28 16:19 - 2015-09-28 16:18 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\mongole\Desktop\tdsskiller.exe
2015-09-27 12:00 - 2015-09-27 12:05 - 00000040 ___SH C:\ProgramData\.zreglib
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\ProgramData\SlySoft
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2015-09-27 11:57 - 2015-09-27 11:57 - 00000000 ____D C:\Program Files (x86)\SlySoft
2015-09-27 05:17 - 2015-09-27 05:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2015-09-27 03:09 - 2015-09-27 03:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-09-26 04:25 - 2015-09-26 04:25 - 00000000 ___RD C:\Sandbox
2015-09-26 02:57 - 2015-09-26 02:57 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-25 23:38 - 2015-09-29 13:39 - 00000000 ____D C:\FRST
2015-09-25 22:38 - 2015-09-25 22:38 - 00000445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA.lnk
2015-09-25 22:38 - 2015-09-25 22:38 - 00000000 ____D C:\Users\mongole\AppData\Roaming\F3247B3C-E835-478E-8AA4-F9949F685480
2015-09-25 16:05 - 2015-08-22 15:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-25 16:05 - 2015-08-22 15:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-25 16:05 - 2015-08-10 20:15 - 01084928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-09-25 16:05 - 2015-08-10 20:15 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-09-25 16:05 - 2015-08-10 20:06 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 19:49 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-09-25 16:05 - 2015-08-10 18:56 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-09-25 16:05 - 2015-08-10 18:46 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-09-25 16:05 - 2015-08-07 23:41 - 07460168 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-25 16:05 - 2015-08-07 23:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-25 16:05 - 2015-08-07 23:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-25 16:05 - 2015-08-07 16:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-25 16:05 - 2015-08-06 21:15 - 01658544 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-09-25 16:05 - 2015-08-06 21:15 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-25 16:05 - 2015-08-06 21:15 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-09-25 16:05 - 2015-08-06 19:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-09-25 16:05 - 2015-08-06 18:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2015-09-25 16:05 - 2015-08-06 18:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-09-25 16:05 - 2015-07-16 20:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll
2015-09-23 21:06 - 2015-09-23 21:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\FRITZ!
2015-09-23 21:04 - 2015-09-23 21:04 - 00000726 _____ C:\Users\Public\Desktop\FRITZ!fax.lnk
2015-09-23 21:04 - 2015-09-23 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!
2015-09-23 21:04 - 2006-02-23 12:16 - 00047616 _____ (TODO: <Company name>) C:\Windows\system32\AvmColorFax.dll
2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ C:\Windows\system32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:53 - 00043520 _____ (TODO: <Company name>) C:\Windows\system32\AvmFax.dll
2015-09-23 21:04 - 2006-02-22 10:51 - 00027136 _____ (AVM Berlin GmbH) C:\Windows\system32\FriDru64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ C:\Windows\system32\FritzPort64.dll
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\ISDNWatch
2015-09-23 21:03 - 2015-09-23 21:03 - 00000000 ____D C:\ProgramData\FRITZ!fax für FRITZ!Box
2015-09-23 20:58 - 2015-09-23 20:58 - 00000174 _____ C:\Windows\setup.log
2015-09-22 20:35 - 2015-09-14 02:29 - 42840368 _____ C:\Windows\system32\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 37819000 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 22525560 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 16637528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 14936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 13660648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12514824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 12185344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 11096696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-09-22 20:35 - 2015-09-14 02:29 - 03530608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 03116160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02940024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 02627192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01558832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435598.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01105976 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01074808 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 01064056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00986232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00944760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00943712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00879000 _____ C:\Windows\system32\nvmcumd.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00512904 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00421544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00408184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00364152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-09-22 20:35 - 2015-09-14 02:29 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-09-17 16:50 - 2015-09-17 16:50 - 00000000 ____D C:\Users\mongole\AppData\Roaming\XnView
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\Users\mongole\AppData\Roaming\TagScanner
2015-09-16 18:58 - 2015-09-16 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TagScanner
2015-09-15 23:24 - 2015-09-15 23:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-09-15 23:24 - 2015-06-04 10:36 - 00115592 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-09-15 04:12 - 2015-09-15 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-09-12 03:14 - 2015-09-12 03:14 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-09-12 03:14 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2015-09-11 20:08 - 2015-09-11 20:08 - 00000711 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hatred.lnk
2015-09-11 01:21 - 2015-09-27 03:09 - 00000000 ____D C:\Users\mongole\AppData\Roaming\IrfanView
2015-09-11 00:21 - 2015-09-29 13:32 - 00002766 _____ C:\Windows\setupact.log
2015-09-11 00:21 - 2015-09-11 00:21 - 00000000 _____ C:\Windows\setuperr.log
2015-09-10 22:18 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\start
2015-09-10 21:44 - 2015-09-10 22:18 - 00000018 _____ C:\Users\mongole\stop
2015-09-10 21:05 - 2015-09-14 02:29 - 14635600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01898288 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435582.dll
2015-09-10 21:05 - 2015-08-25 20:46 - 01558648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435582.dll
2015-09-10 20:57 - 2015-09-03 04:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-10 20:57 - 2015-09-03 04:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-10 20:57 - 2015-09-02 20:48 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-10 20:57 - 2015-09-02 19:09 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-10 20:57 - 2015-09-02 04:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 20:57 - 2015-09-02 04:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 20:57 - 2015-09-02 04:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-10 20:57 - 2015-09-02 04:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 20:57 - 2015-08-27 04:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-10 20:57 - 2015-08-26 20:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-10 20:57 - 2015-08-26 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-10 20:57 - 2015-08-26 16:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-10 20:57 - 2015-08-26 16:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-10 20:57 - 2015-08-26 16:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-10 20:57 - 2015-08-26 16:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-10 20:57 - 2015-08-22 20:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-10 20:57 - 2015-08-22 19:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-10 20:57 - 2015-08-22 19:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-10 20:57 - 2015-08-22 19:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-10 20:57 - 2015-08-22 19:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-10 20:57 - 2015-08-22 18:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-10 20:57 - 2015-08-22 18:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-10 20:57 - 2015-08-22 18:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-10 20:57 - 2015-08-22 18:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-10 20:57 - 2015-08-22 18:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-10 20:57 - 2015-08-22 18:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-10 20:57 - 2015-08-22 18:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-10 20:57 - 2015-08-22 18:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-10 20:57 - 2015-08-22 18:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-10 20:57 - 2015-08-22 18:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-10 20:57 - 2015-08-22 18:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-10 20:57 - 2015-08-22 18:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-10 20:57 - 2015-08-22 17:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-10 20:57 - 2015-08-22 17:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-10 20:57 - 2015-08-03 23:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-10 20:57 - 2015-08-01 16:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-10 20:57 - 2015-08-01 05:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-10 20:57 - 2015-08-01 05:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 20:57 - 2015-08-01 05:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-10 20:57 - 2015-08-01 05:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-10 20:57 - 2015-07-30 19:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-10 20:57 - 2015-07-30 18:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-10 20:57 - 2015-07-22 16:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-10 20:57 - 2015-07-22 16:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-10 20:57 - 2015-07-22 16:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-10 20:57 - 2015-07-18 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-10 20:57 - 2015-07-18 20:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-10 20:57 - 2015-07-18 20:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-07 01:18 - 2015-09-07 01:18 - 00002801 _____ C:\Users\Public\Desktop\Killer Network Manager.lnk
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killer Networking
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\ProgramData\Killer
2015-09-07 01:18 - 2015-09-07 01:18 - 00000000 ____D C:\Program Files\Killer Networking
2015-09-05 17:51 - 2015-09-05 17:51 - 00000722 _____ C:\Users\mongole\Desktop\Act of Aggression.lnk
2015-09-05 17:51 - 2015-09-05 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Act of Aggression
2015-09-04 21:10 - 2015-09-04 21:12 - 00000000 ____D C:\Users\mongole\Documents\b1-keys
2015-09-04 21:10 - 2015-09-04 21:10 - 00000000 ____D C:\Users\mongole\b1-keys
2015-09-02 14:25 - 2015-09-02 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 13:36 - 2015-09-02 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.0
2015-08-30 19:57 - 2015-08-30 19:57 - 00000665 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2015-08-30 19:57 - 2015-08-30 19:57 - 00000000 ____D C:\Program Files (x86)\WinPcap

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-29 13:38 - 2014-10-17 18:44 - 00002452 _____ C:\Users\mongole\Desktop\Google Chrome Canary.lnk
2015-09-29 13:38 - 2014-10-17 18:44 - 00001158 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job
2015-09-29 13:38 - 2014-09-21 21:26 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3859236888-2619314948-3413747170-1001
2015-09-29 13:37 - 2014-09-22 15:08 - 00763218 _____ C:\Windows\system32\perfh007.dat
2015-09-29 13:37 - 2014-09-22 15:08 - 00159364 _____ C:\Windows\system32\perfc007.dat
2015-09-29 13:37 - 2014-03-18 12:01 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-29 13:35 - 2014-09-26 00:20 - 00006469 _____ C:\Windows\SysWOW64\Gms.log
2015-09-29 13:35 - 2014-09-21 21:21 - 00000000 ____D C:\Users\mongole
2015-09-29 13:33 - 2015-07-25 19:36 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-09-29 13:33 - 2014-10-26 01:01 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Ditto
2015-09-29 13:33 - 2014-09-24 22:03 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Dropbox
2015-09-29 13:33 - 2014-09-21 21:27 - 01090976 _____ C:\Windows\WindowsUpdate.log
2015-09-29 13:33 - 2014-09-21 21:21 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2015-09-29 13:32 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 13:29 - 2014-03-18 11:51 - 00086172 _____ C:\Windows\PFRO.log
2015-09-29 13:27 - 2015-06-15 21:31 - 00000000 ____D C:\AdwCleaner
2015-09-29 13:27 - 2014-10-12 20:02 - 00000000 ____D C:\Users\mongole\AppData\Roaming\qBittorrent
2015-09-29 13:27 - 2014-09-23 01:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\HexChat
2015-09-29 13:27 - 2014-09-22 15:20 - 00000000 ____D C:\Users\mongole\AppData\Roaming\KeePass
2015-09-29 13:26 - 2014-09-22 21:43 - 00000000 ____D C:\Users\mongole\AppData\Roaming\.purple
2015-09-29 04:41 - 2015-07-25 19:36 - 00001246 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-09-29 04:37 - 2014-10-17 18:44 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job
2015-09-29 03:13 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2015-09-28 20:42 - 2015-02-08 19:27 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-28 20:42 - 2015-02-08 19:27 - 00001047 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-28 20:42 - 2015-02-08 19:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-28 19:01 - 2014-10-02 21:17 - 00001780 _____ C:\Windows\Sandboxie.ini
2015-09-28 11:30 - 2014-10-31 13:52 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-27 05:17 - 2014-09-22 22:22 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2015-09-27 00:19 - 2014-09-22 22:51 - 00000000 ____D C:\Users\mongole\AppData\Roaming\gnupg
2015-09-26 22:31 - 2015-03-16 21:35 - 00000000 ____D C:\Program Files\Pale Moon
2015-09-26 12:47 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2015-09-25 23:40 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\McAfee
2015-09-25 23:30 - 2014-09-22 15:18 - 00070702 _____ C:\Users\mongole\Desktop\main.kdbx
2015-09-25 23:27 - 2015-04-25 06:20 - 00000000 ____D C:\Program Files\stinger
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ConEmu
2015-09-25 22:48 - 2014-09-22 21:39 - 00000000 ____D C:\Program Files\ConEmu
2015-09-25 16:55 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-25 16:05 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-25 01:47 - 2014-09-25 15:33 - 00000000 ____D C:\Users\mongole\AppData\Roaming\foobar2000
2015-09-24 22:58 - 2014-10-05 20:45 - 00000000 ____D C:\Users\mongole\AppData\Roaming\vlc
2015-09-24 20:29 - 2014-09-22 23:04 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-09-24 20:27 - 2014-09-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-09-24 20:27 - 2014-09-22 23:04 - 00006223 _____ C:\Windows\LkmdfCoInst.log
2015-09-24 20:27 - 2014-09-22 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-09-23 21:03 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Help
2015-09-22 20:35 - 2014-09-24 01:32 - 00000000 ____D C:\Temp
2015-09-22 20:35 - 2014-09-22 15:15 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-22 20:34 - 2014-09-26 00:16 - 00000000 ____D C:\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2015-09-22 20:34 - 2014-09-26 00:12 - 00000000 ____D C:\Program Files (x86)\MSI
2015-09-15 04:32 - 2014-10-17 18:44 - 00004108 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA
2015-09-15 04:32 - 2014-10-17 18:44 - 00003728 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core
2015-09-15 04:12 - 2014-09-22 23:59 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2015-09-15 04:12 - 2014-09-22 23:59 - 00001906 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2015-09-15 04:12 - 2014-09-22 23:59 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-09-15 04:12 - 2014-09-21 21:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-15 03:18 - 2013-08-22 17:38 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 03:18 - 2013-08-22 17:38 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 02:29 - 2015-02-21 21:30 - 18543736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-09-14 02:29 - 2014-11-17 00:00 - 15513208 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 17082928 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00105080 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-09-14 02:29 - 2014-09-22 15:15 - 00033079 _____ C:\Windows\system32\nvinfo.pb
2015-09-14 00:09 - 2014-09-22 15:15 - 06884984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 03496056 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 02558584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00937776 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-09-14 00:09 - 2014-09-22 15:15 - 00385144 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-09-14 00:09 - 2014-09-22 15:15 - 00062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-09-11 14:17 - 2014-09-22 15:15 - 05231082 _____ C:\Windows\system32\nvcoproc.bin
2015-09-11 01:00 - 2014-10-24 23:29 - 00000038 _____ C:\Users\mongole\.lesshst
2015-09-11 00:23 - 2014-10-19 23:36 - 00000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ownCloud.lnk
2015-09-10 21:08 - 2013-08-22 16:44 - 00409384 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-10 21:07 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-10 21:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-10 20:58 - 2014-03-18 11:43 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-08 22:55 - 2014-09-22 21:36 - 00001771 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FossaMail.lnk
2015-09-08 22:55 - 2014-09-22 21:36 - 00000000 ____D C:\Program Files\FossaMail
2015-09-06 00:52 - 2015-06-22 22:15 - 00000992 _____ C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-09-05 20:14 - 2014-09-25 20:49 - 00000000 ____D C:\Users\mongole\Documents\My Games
2015-09-05 17:38 - 2014-10-24 23:35 - 00000000 ____D C:\Users\mongole\.VirtualBox
2015-09-05 09:16 - 2014-11-16 20:05 - 00000600 _____ C:\Users\mongole\AppData\Roaming\winscp.rnd
2015-09-04 19:49 - 2015-01-11 17:43 - 00034426 _____ C:\Users\mongole\Documents\default.xdb
2015-09-02 14:25 - 2015-07-25 19:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-08-31 23:15 - 2014-09-26 01:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPU-Z

==================== Files in the root of some directories =======

2014-11-16 20:05 - 2015-09-05 09:16 - 0000600 _____ () C:\Users\mongole\AppData\Roaming\winscp.rnd
2014-09-24 04:01 - 2014-10-28 08:45 - 0005632 _____ () C:\Users\mongole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-22 14:53 - 2015-04-12 14:56 - 0000000 _____ () C:\Users\mongole\AppData\Local\Driver_LOM_8161Present.flag
2015-03-01 01:39 - 2015-03-01 01:39 - 0000000 ___SH () C:\Users\mongole\AppData\Local\LumaEmu
2014-11-24 20:59 - 2015-09-28 20:56 - 0000600 _____ () C:\Users\mongole\AppData\Local\PUTTY.RND
2014-09-26 12:29 - 2015-02-18 01:23 - 0007600 _____ () C:\Users\mongole\AppData\Local\resmon.resmoncfg
2014-10-13 07:21 - 2014-10-13 07:21 - 0004222 _____ () C:\Users\mongole\AppData\Local\Shrew Soft VPN.7z
2015-09-27 12:00 - 2015-09-27 12:05 - 0000040 ___SH () C:\ProgramData\.zreglib

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-23 02:12

==================== End of FRST.txt ============================

CptMw 29.09.2015 12:41
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
Ran by mongole (2015-09-29 13:39:15)
Running from C:\Users\mongole\Desktop
Windows 8.1 Enterprise (X64) (2014-09-21 19:21:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3859236888-2619314948-3413747170-500 - Administrator - Disabled)
Guest (S-1-5-21-3859236888-2619314948-3413747170-501 - Limited - Disabled)
mongole (S-1-5-21-3859236888-2619314948-3413747170-1001 - Administrator - Enabled) => C:\Users\mongole

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.0 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7 Taskbar Tweaker) (Version: 5.0 - RaMMicHaeL)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version:  - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Act of Aggression (HKLM-x32\...\Act of Aggression_is1) (Version:  - )
Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden
ADBGUI6 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\979922cacf20f967) (Version: 6.0.1.22 - URGERO.ORG)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.8 - Sereby Corporation)
Among The Sleep (HKLM-x32\...\Among The Sleep_is1) (Version:  - )
And Yet It Moves (HKLM-x32\...\Steam App 18700) (Version:  - Broken Rules)
Angry IP Scanner (HKLM-x32\...\Angry IP Scanner) (Version: 3.3.3 - Angry IP Scanner)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.4.0 - SlySoft)
Areca (HKLM-x32\...\Areca) (Version:  - )
ARK: Survival Evolved (HKLM-x32\...\Steam App 346110) (Version:  - Studio Wildcard)
Assassins Creed Unity (HKLM-x32\...\QXNzYXNzaW5zQ3JlZWRVbml0eQ==_is1) (Version: 1 - )
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version:  - AVM Berlin)
AxCrypt 1.7.3156.0 (HKLM\...\{8B49CDB9-824C-44D6-A5D3-D0235D3030B8}) (Version: 1.7.3156.0 - Axantum Software AB)
Battle vs. Chess (HKLM-x32\...\Battle vs. Chess_is1) (Version: 1.0 - Zuxxez Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Bitcoin Core (32-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (32-bit)) (Version: 0.10.1 - Bitcoin Core project)
Bitcoin Core (64-bit) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Bitcoin Core (64-bit)) (Version: 0.11.0 - Bitcoin Core project)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.8 - BleachBit)
Bloodsports TV (HKLM-x32\...\Bloodsports TV_is1) (Version:  - )
Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BtProx (HKLM-x32\...\BtProx) (Version:  - Uri Kogan)
Call of Duty - Advanced Warfare (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version:  - )
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Citrix AppCenter (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Citrix AppCenter) (Version: 1.0 - Delivered by Citrix)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.2.0.10 - Citrix Systems, Inc.)
Citrix Terminalserver (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@TS.Citrix Terminalserver) (Version: 1.0 - Delivered by Citrix)
Clam Sentinel 1.22 (HKLM-x32\...\{060FE577-1BDF-4330-ACCA-B6760AB07191}_is1) (Version:  - Andrea Russo - Italy)
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Clink v0.4.2 (HKLM-x32\...\clink_0.4.2) (Version: 0.4.2 - Martin Ridgers)
Closure (HKLM-x32\...\Steam App 72000) (Version:  - Eyebrow Interactive)
Clover 3.0 (HKLM-x32\...\Clover) (Version: 3.0 - EJIE Technology)
cmd (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.cmd) (Version: 1.0 - Delivered by Citrix)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
ConEmu (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.ConEmu) (Version: 1.0 - Delivered by Citrix)
ConEmu 150913.x64 (HKLM\...\{FE293547-3E5B-4E1F-B9A8-724C4881CA22}) (Version: 11.150.9130 - ConEmu-Maximus5)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CPUID CPU-Z 1.73 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DBOX2 Image-Flashing-Assistent 3.1 (HKLM-x32\...\DBOX2 Image-Flashing-Assistent_is1) (Version:  - Hallenberg.com)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
DEAD OR ALIVE 5 Last Round (HKLM-x32\...\REVBRE9SQUxJVkU1TGFzdFJvdW5k_is1) (Version: 1 - )
Dead Rising 3 (HKLM-x32\...\Dead Rising 3_is1) (Version:  - )
Depth (HKLM-x32\...\Steam App 274940) (Version:  - Digital Confectioners)
Desura (HKLM-x32\...\Desura) (Version: 100.59 - Desura)
DigiTweet (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\7d5aa0ba8fedecb4) (Version: 1.0.0.59 - Digiflare Inc.)
DiskCryptor 1.1 (HKLM\...\DiskCryptor_is1) (Version: 1.1 - hxxp://diskcryptor.net/)
DiskInternals Linux Reader (HKLM-x32\...\DiskInternals Linux Reader) (Version: 2.2 - DiskInternals Research)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
DS Storage Manager 10 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.DS Storage Manager 10) (Version: 1.0 - Delivered by Citrix)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Duke Nukem 3D: Megaton Edition (HKLM-x32\...\Steam App 225140) (Version:  - 3D Realms)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version:  - Trendy Entertainment)
Duplicati (x64) (HKLM\...\{77BA8977-0BA6-4A83-A741-1DFAD23A6B23}) (Version: 1.3.4 - HexaD)
Dying Light (HKLM-x32\...\Dying Light_is1) (Version:  - )
Dying Light Update v1.4.0 (HKLM-x32\...\RHlpbmdMaWdodA==_is1) (Version: 1 - )
Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
EMET 5.2 (HKLM-x32\...\{F4DCB44D-F072-43A1-B4A5-57619C7B22D2}) (Version: 5.2 - Microsoft Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Flux) (Version:  - )
Fahrenheit Indigo Prophecy Remastered (HKLM-x32\...\Fahrenheit Indigo Prophecy Remastered_is1) (Version:  - )
Far Cry 4 (HKLM-x32\...\Far Cry 4_is1) (Version:  - )
Far Cry 4 Valley of the Yeti Addon (HKLM-x32\...\RmFyQ3J5NA==_is1) (Version: 1 - )
FileZilla Client 3.12.0.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\FileZilla Client) (Version: 3.12.0.2 - Tim Kosse)
FileZilla Server (HKLM-x32\...\FileZilla Server) (Version: beta 0.9.53 - FileZilla Project)
Firefox (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Firefox) (Version: 1.0 - Delivered by Citrix)
FlatOut: Ultimate Carnage (HKLM-x32\...\Steam App 12360) (Version:  - Bugbear Entertainment)
foobar2000 v1.3.8 (HKLM-x32\...\foobar2000) (Version: 1.3.8 - Peter Pawlowski)
FORCED (HKLM-x32\...\Steam App 249990) (Version:  - BetaDwarf)
FossaMail 25.1.7 (x64 en-US) (HKLM\...\FossaMail 25.1.7 (x64 en-US)) (Version: 25.1.7 - Mozilla)
Free Download Manager 3.9.6 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
FTPRush 2.1.8 (HKLM-x32\...\FTP Rush_is1) (Version: 2.1.8 - wftpserver.com)
G DATA USB KEYBOARD GUARD (HKLM-x32\...\{D8CBD59F-B29D-4E38-9D66-DEAEAB473FA9}) (Version: 1.1.0.4 - G DATA Software AG)
Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geometry Dash (HKLM-x32\...\R2VvbWV0cnlEYXNo_is1) (Version: 1 - )
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.21 - SecureMix LLC)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome Canary (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Google Chrome SxS) (Version: 47.0.2522.1 - Google Inc.)
Gow (HKLM-x32\...\Gow) (Version:  - )
Gpg4win (2.2.4) (HKLM-x32\...\GPG4Win) (Version: 2.2.4 - The Gpg4win Project)
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
Greenshot 1.2.6.7 (HKLM\...\Greenshot_is1) (Version: 1.2.6.7 - Greenshot)
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\1207665733_is1) (Version: 2.0.0.1 - GOG.com)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Halite (HKLM\...\{A6E8D850-4C28-4C6F-8B69-1109D0709F29}) (Version: 0.4.02 - BinaryNotions.com)
HandBrake 0.10.2 (HKLM-x32\...\HandBrake) (Version: 0.10.2 - )
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
HashCheck Shell Extension (x86-64) (HKLM\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
Hatred Survival Addon (HKLM-x32\...\SGF0cmVk_is1) (Version: 1 - )
HexChat (HKLM\...\HexChat_is1) (Version: 2.10.2 - HexChat)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - EKO Software)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.16.0.001 - HTC Corporation)
i2pd version 0.2.1 (HKLM\...\i2pd_is1) (Version: 0.2.1 - )
iNFekt NFO Viewer (HKLM\...\{B1AC8E6A-6C47-4B6D-A853-B4BF5C83421C}_is1) (Version: 0.9.5 - syndicode)
InfraRecorder 0.53 (x64 edition) (HKLM\...\{2C22EA92-CB30-4932-0053-000001000000}) (Version: 0.53.00.00 - Christian Kindahl)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{84A2B59B-6A7B-4C01-8592-15C9BFE6AC36}) (Version: 2.4.3 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
IrfanView 64 (remove only) (HKLM\...\IrfanView) (Version: 4.40 - Irfan Skiljan)
Jamestown (HKLM-x32\...\Steam App 94200) (Version:  - Final Form Games)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Jitsi (HKLM\...\{1069D709-EDA7-472D-A5EE-97C8E3E398AB}) (Version: 2.8.5426 - Jitsi)
JSignPdf 1.6.1 (HKLM-x32\...\JSignPdf_is1) (Version: 1.6.1 - Josef Cacek)
KeePass Password Safe 2.29 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.29 - Dominik Reichl)
Killer Bandwidth Control Filter Driver (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.54.1095 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.54.1095 - Qualcomm Atheros)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LibreOffice 5.0.1.2 (HKLM\...\{A18CF6D8-7CE1-46F2-85B9-D87B7197B2F6}) (Version: 5.0.1.2 - The Document Foundation)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.8.6.2 - Hermann Schinagl)
Logitech Gaming Software 8.72 (HKLM\...\Logitech Gaming Software) (Version: 8.72.107 - Logitech Inc.)
Loxone Config (HKLM-x32\...\LoxoneConfig_is1) (Version: 6.3 - Loxone Electronics GmbH)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MediaInfo 0.7.77 (HKLM\...\MediaInfo) (Version: 0.7.77 - MediaArea.net)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.2 (HKLM-x32\...\{06C90FCC-4C95-4142-A0AF-D3A4C12882DE}_is1) (Version: 1.2 - Sam Rodberg)
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Firefox 40.0.3 (x86 de) (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 1.0.1.00 - MSI)
MSI ECO Center (HKLM-x32\...\{1E55202F-4D31-498A-8F72-97DCBA9F2866}_is1) (Version: 1.0.0.35 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.008 - MSI)
Mumble 1.3.0 (HKLM\...\{006B90FD-7E67-4908-A718-9B87B875DD04}) (Version: 1.3.0 - The Mumble team)
My Game Long Name (HKLM\...\UDK-348e5299-f952-4ecf-bb48-70a2184543c0) (Version:  - Epic Games, Inc.)
Namecoin 0.3.80 (HKLM-x32\...\Namecoin_is1) (Version:  - )
Next Car Game Sneak Peek 2.0 (HKLM-x32\...\Steam App 272860) (Version:  - Bugbear)
Next Car Game: Wreckfest (HKLM-x32\...\Steam App 228380) (Version:  - Bugbear)
Nidhogg (HKLM-x32\...\Steam App 94400) (Version:  - Messhof)
Nmap 6.47 (HKLM-x32\...\Nmap) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8 - Notepad++ Team)
NVIDIA Grafiktreiber 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
O&O Defrag Professional (HKLM\...\{46CD29D7-580C-4E2E-8469-BD7F7CB1CCF8}) (Version: 18.0.39 - O&O Software GmbH)
Oddworld - New 'n' Tasty (HKLM-x32\...\1424782569_is1) (Version: 2.0.0.1 - GOG.com)
OlliOlli (HKLM-x32\...\T2xsaU9sbGk=_is1) (Version: 1 - )
Online Plug-in (x32 Version: 14.2.0.10 - Citrix Systems, Inc.) Hidden
Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)
Orcs Must Die! 2 (HKLM-x32\...\Steam App 201790) (Version:  - Robot Entertainment)
Ori and the Blind Forest (HKLM-x32\...\Ori and the Blind Forest_is1) (Version:  - )
ownCloud (HKLM-x32\...\ownCloud) (Version: 2.0.1.5446 - ownCloud)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
Pale Moon 25.7.0 (x64 en-US) (HKLM\...\Pale Moon 25.7.0 (x64 en-US)) (Version: 25.7.0 - Moonchild Productions)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PDF-XChange Viewer (HKLM\...\{9ED333F8-3E6C-4A38-BAFA-728454121CDA}) (Version: 2.5.312.1 - Tracker Software Products (Canada) Ltd.)
PeaZip 5.7.0 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Peerunity (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Peerunity) (Version: 0.1.0.0 - Peerunity project)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com)
PNGGauntlet (HKLM-x32\...\{B2D251E2-A78B-42C2-9D94-695A8CCC17E9}) (Version: 3.1.1 - Ben Hollis)
PokerTH (HKLM-x32\...\PokerTH 1.1.1) (Version: 1.1.1 - www.pokerth.net)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Pro Evolution Soccer 2015 GERMAN (HKLM-x32\...\UHJvRXZvbHV0aW9uU29jY2VyMjAxNQ==_is1) (Version: 1 - )
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
Psi (remove only) (HKLM-x32\...\Psi) (Version:  - )
Putty (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Putty) (Version: 1.0 - Delivered by Citrix)
qBittorrent 3.2.3 (HKLM-x32\...\qBittorrent) (Version: 3.2.3 - The qBittorrent project)
QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 5.0.1.0225 - QNAP Systems, Inc.)
QuickSFV (Remove only) (HKLM\...\QuickSFV) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.5 - Rockstar Games)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Saints Row: Gat out of Hell (HKLM-x32\...\U2FpbnRzUm93R2F0b3V0b2ZIZWxs_is1) (Version: 1 - )
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.51.00(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung Scan Assistant (HKLM-x32\...\Samsung Scan Assistant) (Version: 1.05.07 (20.07.2012) - Samsung Electronics Co., Ltd.)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.05.00 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.19.0 - Samsung Electronics Co., Ltd.)
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Self-Service Plug-in (x32 Version: 4.2.0.2495 - Citrix Systems, Inc.) Hidden
SERVER-MGMT Desktop (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.SERVER-MGMT Desktop) (Version: 1.0 - Delivered by Citrix)
Shrew Soft VPN Client (HKLM\...\Shrew Soft VPN Client) (Version:  - )
Sir You Are Being Hunted v1.3 64BiT version 1.3 (HKLM-x32\...\Sir You Are Being Hunted v1.3 64BiT_is1) (Version: 1.3 - WaLMaRT)
SOMA (HKLM\...\U09NQQ==_is1) (Version: 1 - )
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Sound Blaster Z-Series (HKLM-x32\...\{47F19FB5-6878-4AE4-9313-446335E334D8}) (Version: 1.00.24 - Creative Technology Limited)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spaz (HKLM-x32\...\Spaz.AIR.16CB261D461B1CA2027F7C39946115FA2DC8CD7F.1) (Version: 0.9.24 - UNKNOWN)
Spaz (x32 Version: 0.9.24 - UNKNOWN) Hidden
Spintires (HKLM-x32\...\Spintires_is1) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.9811 - Krzysztof Kowalczyk)
Synergy (64-bit) (HKLM\...\{FDD88467-9C61-4E2D-BA69-2A89735A21CC}) (Version: 1.5.0 - The Synergy Project)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
TagScanner 5.1.668 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Tembo the Badass Elephant (HKLM-x32\...\Tembo the Badass Elephant_is1) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Evil Within (HKLM-x32\...\VGhlRXZpbFdpdGhpbg==_is1) (Version: 1 - )
The Vanishing of Ethan Carter (HKLM-x32\...\The Vanishing of Ethan Carter_is1) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Witcher 3 Wild Hunt (HKLM-x32\...\The Witcher 3 Wild Hunt_is1) (Version:  - )
TOXIKK (HKLM-x32\...\Steam App 324810) (Version:  - Reakktor Studios)
TrackMania² Stadium (HKLM-x32\...\Steam App 232910) (Version:  - Nadeo)
Transmission Remote GUI 5.0.1 (HKLM-x32\...\transgui_is1) (Version:  - Yury Sidorov)
Trials Fusion - After the Incident (HKLM-x32\...\Trials Fusion - After the Incident_is1) (Version:  - )
Trials Fusion - Fire in the Deep (HKLM-x32\...\Trials Fusion - Fire in the Deep_is1) (Version:  - )
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version:  - )
Trine 3 The Artifacts of Power (HKLM-x32\...\Trine 3 The Artifacts of Power_is1) (Version:  - )
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TV-Browser 3.4.1.0 (HKLM-x32\...\tvbrowser) (Version: 3.4.1.0 - TV-Browser Team)
Ultratron (HKLM-x32\...\Steam App 219190) (Version:  - Puppygames)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.2.0.6 - uvnc bvba)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Management Suite Administrator (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Administrat) (Version: 1.0 - Delivered by Citrix)
Universal Management Suite Console (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.Universal Management Suite Console) (Version: 1.0 - Delivered by Citrix)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Unreal Tournament: Game of the Year Edition (HKLM-x32\...\Steam App 13240) (Version:  - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.0f-2 - IDRIX)
Vim 7.4.711 (HKLM-x32\...\Vim) (Version:  - )
VirtuaWin Unicode v4.4 (HKLM-x32\...\VirtuaWin_is1) (Version:  - )
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware vSphere Client (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VMware vSphere Client) (Version: 1.0 - Delivered by Citrix)
VNC (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\tsstore-87856311@@MGMT.VNC) (Version: 1.0 - Delivered by Citrix)
WATCH_DOGS (HKLM-x32\...\Uplay Install 274) (Version:  - Ubisoft)
WATCH_DOGS Update v1.04.497 (HKLM-x32\...\V0FUQ0hfRE9HUw==_is1) (Version: 1 - )
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 4.0 - Sysprogs)
WinDirStat 1.1.2 (HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\WinDirStat) (Version:  - )
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinSCP 5.7.4 (HKLM-x32\...\winscp3_is1) (Version: 5.7.4 - Martin Prikryl)
Wippien 2.5 (HKLM\...\A4DA3EE7-C6FC-44AD-9E47-9A4D3B0099D3_is1) (Version:  - )
Wireshark 1.12.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.7 - The Wireshark developer community, hxxp://www.wireshark.org)
Worms Reloaded (HKLM-x32\...\Steam App 22600) (Version:  - Team17 Software Ltd.)
XCA (X Certificate and Key Management) (HKLM-x32\...\xca) (Version: 1.2.0 - Christian Hohnstaedt <christian@hohnstaedt.de>)
YubiKey Personalization Tool (HKLM-x32\...\yubikey-personalization-gui) (Version: 3.1.18 - Yubico AB)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{1BEAC3E3-B852-44F4-B468-8906C062422E}\localserver32 -> C:\Users\mongole\AppData\Local\Google\Chrome SxS\Application\47.0.2522.1\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{65713842-C410-4f44-8383-BFE01A398C90}\InprocServer32 -> m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll ()
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> M:\Program Files\MediaInfo\MediaInfo_InfoTip.dll (MediaArea.net)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B3F5EDE0-4267-49eb-A775-799895476453}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{B8D080EE-9541-460f-A1AE-7C43CDA96C0F}\InprocServer32 -> m:\Program Files\iNFekt\infekt-nfo-shell.dll (syndicode)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3859236888-2619314948-3413747170-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\mongole\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

29-09-2015 13:31:00 JRT Pre-Junkware Removal

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2015-09-11 01:01 - 00002659 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 a-0001.a-msedge.net
127.0.0.1 choice.microsoft.com
127.0.0.1 choice.microsoft.com.nsatc.net
127.0.0.1 compatexchange.cloudapp.net
127.0.0.1 corp.sts.microsoft.com
127.0.0.1 corpext.msitadfs.glbdns2.microsoft.com
127.0.0.1 cs1.wpc.v0cdn.net
127.0.0.1 df.telemetry.microsoft.com
127.0.0.1 diagnostics.support.microsoft.com
127.0.0.1 fe2.update.microsoft.com.akadns.net
127.0.0.1 feedback.microsoft-hohm.com
127.0.0.1 feedback.search.microsoft.com
127.0.0.1 feedback.windows.com
127.0.0.1 i1.services.social.microsoft.com
127.0.0.1 i1.services.social.microsoft.com.nsatc.net
127.0.0.1 oca.telemetry.microsoft.com
127.0.0.1 oca.telemetry.microsoft.com.nsatc.net
127.0.0.1 pre.footprintpredict.com
127.0.0.1 redir.metaservices.microsoft.com
127.0.0.1 reports.wes.df.telemetry.microsoft.com
127.0.0.1 services.wes.df.telemetry.microsoft.com
127.0.0.1 settings-sandbox.data.microsoft.com
127.0.0.1 sls.update.microsoft.com.akadns.net
127.0.0.1 sqm.df.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com
127.0.0.1 sqm.telemetry.microsoft.com.nsatc.net
127.0.0.1 statsfe1.ws.microsoft.com
127.0.0.1 statsfe2.update.microsoft.com.akadns.net
127.0.0.1 statsfe2.ws.microsoft.com

There are 14 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AA455F-D91A-487D-91C6-2E460B1F5E08} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {2E2385AA-5866-465A-8E65-9F4B95924710} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-13] ()
Task: {3930A1E9-B5C5-4B6C-A1E4-460A2E7CF383} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()
Task: {613F8E20-CB4F-4A29-A577-4785ED6840B1} - System32\Tasks\iSCSIAgentAutoStartup => m:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [2015-02-25] ()
Task: {615C2D13-ECEC-4A3E-911F-12FF2E00F912} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7EAD4639-8D71-41EC-A19B-50076B0EA426} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()
Task: {81721326-32A8-497D-B7E2-EAA4F81A8C59} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {88BFD09E-2004-42B8-8D29-4B8325C763B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A361FEBF-4CF1-4B2D-9111-ADFE0688E332} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-25] (Dropbox, Inc.)
Task: {BD167EBE-9142-4D67-A1BA-B3D5A4DE701B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {D6E457A3-1C07-467F-AF60-227380CA1A9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-04-09] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001Core.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3859236888-2619314948-3413747170-1001UA.job => C:\Users\mongole\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-23 21:04 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2015-09-23 21:04 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2014-10-02 18:47 - 2014-04-16 10:22 - 00029184 _____ () C:\Windows\System32\usp01l.dll
2015-06-19 03:31 - 2015-06-19 03:31 - 00059392 _____ () m:\Program Files (x86)\ownCloud\shellext\OCUtil_x64.dll
2004-09-30 20:15 - 2004-09-30 20:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00043480 _____ () m:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () c:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-23 00:28 - 2008-04-19 16:35 - 00080384 _____ () m:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () m:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-03-16 21:35 - 2015-08-27 23:19 - 04091904 _____ () C:\Program Files\Pale Moon\mozjs.dll
2014-10-02 18:49 - 2013-10-04 06:53 - 00734720 _____ () C:\Windows\system32\SnMinDrv.dll
2013-11-26 11:05 - 2013-11-26 11:05 - 00091136 _____ () C:\Windows\system32\SSDEVM64.DLL
2014-11-10 12:12 - 2014-11-10 12:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-09 19:32 - 2015-07-09 19:32 - 00039384 _____ () m:\Program Files\FileZilla FTP Client\fzshellext.dll
2004-09-30 19:09 - 2004-09-30 19:09 - 00155648 _____ () C:\Program Files\LinkShellExtension\32\RockallDLL.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.100.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\StartupFolder: => "BtProx.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Duplicati.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "OODefragTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Command Center"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "CitrixReceiver"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\StartupFolder: => "Citrix Receiver.lnk"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\StartupApproved\Run: => "LoxCONTROL"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{93A9D61A-C2CC-45FF-9736-23793DA77273}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{EA127691-ADB9-4F0B-B0FD-AB5EB632C67B}] => (Allow) C:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{8F4D2F0C-BD4C-4B4D-90B3-77B222762829}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{4E343A9F-EC5D-4F7A-8CF1-A750E276C07E}] => (Allow) M:\Games\Steam\Steam.exe
FirewallRules: [{03902AB5-B25F-45BB-8C16-90E425BC2AC2}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{CC3563A8-7E9C-4CAF-8936-7B50032964E1}] => (Allow) M:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{D93BFC92-376E-42BD-A029-95D881FE2B20}] => (Block) M:\Games\Among The Sleep\Among the Sleep.exe
FirewallRules: [TCP Query User{CAE86FAE-9634-437F-958D-172A40D9404E}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [UDP Query User{FE4563EA-3D80-47A8-9586-E5C4EC0C6091}M:\program files\hexchat\hexchat.exe] => (Allow) M:\program files\hexchat\hexchat.exe
FirewallRules: [TCP Query User{0CB8D9BD-342F-4B68-BD34-EB0E126ABF8A}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [UDP Query User{6F261233-0EAF-4602-921B-0E348756F6B6}M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe] => (Allow) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{719F55C5-3B05-428D-96A8-5B992A9FA14D}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{5F409192-87EA-4082-9F85-245A307D55F7}] => (Block) M:\program files (x86)\loxone\loxoneconfig\loxoneconfig.exe
FirewallRules: [{D5ACBDDB-67C1-49A2-8DD2-A912B57697E6}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{B93FC633-5D81-4906-B52D-992178B5A689}] => (Allow) M:\Games\Steam\SteamApps\common\CSNZ\Bin\cstrike-online.exe
FirewallRules: [{5750AFC2-4E6C-44ED-8940-A0FB8632D288}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{A966AA43-3589-4B86-9F65-D76F57E936D3}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Next Car Game.exe
FirewallRules: [{E8CB60F1-2C74-461C-BC20-8C3CF692EAEB}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{5CE349E4-8246-4224-8DBB-20676A117AA4}] => (Allow) M:\Games\Steam\SteamApps\common\Next Car Game Sneak Peek 2.0\Next Car Game Technology Sneak Peek.exe
FirewallRules: [{0E5E3A5F-1470-43D5-8183-A413609E76F6}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{B05D355A-5BDF-4A17-9416-D4F8509096BF}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{1DC7625F-FFD6-4C6A-81C4-10DF996F4983}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{FDCB3062-A859-4F1F-B8C2-D1C7B61DD02E}] => (Allow) M:\Games\Steam\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{24B729FF-C01B-4FFA-B936-F6B312CA1E54}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [{B9E06E7D-CBBE-4B5A-AF0C-64C519220453}] => (Allow) M:\Games\WATCH_DOGS\bin\Watch_Dogs.exe
FirewallRules: [TCP Query User{AE566132-E296-40EC-B222-BA8946B8B0BA}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [UDP Query User{57B759ED-0472-4B12-905F-FD888F0BC24F}C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe] => (Block) C:\users\mongole\downloads\elemental\elemental\windowsnoeditor\elemental\binaries\win64\elemental.exe
FirewallRules: [{D9FD30EB-C8EE-4679-8631-82DA268DCDD1}] => (Block) M:\Games\WATCH_DOGS\bin\watch_dogs.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [TCP Query User{E04BA44D-E370-4EAA-9F3E-E484073EC533}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [UDP Query User{B3FA4B4F-5058-4652-9ECF-7A45B1ED2283}M:\program files (x86)\ftprush\ftprush.exe] => (Allow) M:\program files (x86)\ftprush\ftprush.exe
FirewallRules: [{187BB2E4-41B5-4F8C-BA26-B6F5187611FB}] => (Block) M:\Games\Trials Fusion\datapack\trials_fusion.exe
FirewallRules: [{DF7EBA93-CD1B-41F7-9817-2711459CC6BE}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{CC547B3F-96A2-4889-8F80-E2B1E7761801}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher64.exe
FirewallRules: [{1572EA49-ADE2-4C38-B281-79ADA014E6BA}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe
FirewallRules: [{DD90AC4E-1894-4727-9669-3A2599B31227}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayCrashReporter.exe
FirewallRules: [{C58F9CFE-6A73-4F16-BF2C-42100D2E24A9}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\UplayService.exe
FirewallRules: [{CE0A13B8-58DC-4E41-A17F-60BEC59C6D5C}] => (Block) %ProgramFiles% (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
FirewallRules: [{6467AF19-0EE0-449E-8267-AE1CD9FE6C86}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{5E71C38C-12C2-4525-8368-140E9B0651AD}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{0553671B-D681-465E-8217-729E0B9F5C08}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{7355E8BA-3A49-4D2A-A914-EDDCD09092C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{FE8477E1-BFB5-453B-863E-18C87C49DCBD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{92253110-3C21-46F0-8956-04F4818BB5D4}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{9AEE164A-094B-4D25-8C64-9B7312BF8F71}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{91376A69-DDA3-4AFD-B0D3-9FC1FB13118A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{F3706D39-519D-4DC5-A6F0-03ED0353321D}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{6A291437-DBEF-41BF-82FA-20FE0F40FFD5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{596DE404-29BE-48C7-8E0C-6F13A916F82E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{DDB25983-DA26-4F5D-B66A-E761589812EF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{8B657919-489F-4601-A7FA-A2C6882D5FBB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{2E8EAB9A-4AE2-4749-98B3-F4738A3DCF8A}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{5F93B048-8BE3-42D9-8C18-95860B649000}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{3AC94CCE-9D93-4B37-AF99-D3B91E6C41E8}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{03888570-F02F-4B35-9B7A-7F824E874BC6}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{29F927E9-7C77-418E-AE49-6C49E7AB9938}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{F6A58D82-03B3-42D4-8572-307AB1778ADF}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
FirewallRules: [{D6BE42DA-F290-428D-8B53-B4D9A123D3A6}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{0DA83BAE-4CA8-48BB-994E-C5734FCD17BA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{22500A13-0509-46B6-A1EA-DD384F13EFFC}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{A4C092C3-FD50-4497-9B03-2B986FD0610A}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ScanCDLM.exe
FirewallRules: [{89B65D33-CB91-48E4-BB0F-7196148D003A}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{225FCD44-2F72-459E-A061-61C61B6BFB96}] => (Allow) C:\Program Files (x86)\Scan Assistant\USDAgent.exe
FirewallRules: [{031901DB-691B-4225-AAEB-3B3012E0944B}] => (Block) M:\Games\Dead Rising 3\deadrising3.exe
FirewallRules: [{2FAA661B-FFE6-4E30-A795-45F4AFB1B5A3}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{A44800DD-9F6E-423E-A920-F28BF6394155}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{41A10A08-83DA-4902-AF3C-DFC140F9C2C1}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [{548FF84B-1FD0-4B4B-B59F-6C4480ADA871}] => (Allow) M:\Program Files\ShrewSoft\VPN Client\ipseca.exe
FirewallRules: [TCP Query User{0B0F6C9B-A509-4A31-BDD0-DA090D38544A}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [UDP Query User{D0F9293A-D5F9-4176-942A-14B0EE6FEFE2}M:\program files\bitcoin\bitcoin-qt.exe] => (Allow) M:\program files\bitcoin\bitcoin-qt.exe
FirewallRules: [TCP Query User{BA7F7F90-0A5D-4836-886C-7945BF025249}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [UDP Query User{593D609D-BB99-4C92-ACFA-2242B473087F}M:\program files (x86)\peerunity\peerunity.exe] => (Allow) M:\program files (x86)\peerunity\peerunity.exe
FirewallRules: [TCP Query User{353B3934-877C-444F-BB0F-05353D29F238}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{9E489310-FB55-422F-B256-C07A6B3464B9}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [{7C448746-1ABA-4171-92D1-B3C1AEE15EBB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{52BA6252-B166-4F45-A26E-C3B5AABBDBEE}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{3DCF4608-5EAA-49A7-A339-352A5D3088B8}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{CDFD4323-40AF-4BAB-88A1-98CD9DACA9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{741DCFA0-D75A-4400-9429-AB0E47BA78AB}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{C033527A-5BEA-412A-91A3-A7B812159165}] => (Allow) M:\Games\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{6D6FD5E4-BEEB-4E3C-8ED6-EC25A7FA8D90}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{424FC9EB-D860-43BC-9F4C-CA7DF1D47A1F}] => (Allow) M:\Games\Steam\SteamApps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [TCP Query User{A007A484-31C1-423A-9741-EF0F102E0A04}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [UDP Query User{F8D760CE-F07C-4D75-A223-7D3030BA4191}M:\program files (x86)\dbox_ifa\dbox_ifa.exe] => (Allow) M:\program files (x86)\dbox_ifa\dbox_ifa.exe
FirewallRules: [TCP Query User{B3D764C2-6B42-4AE0-BB14-E57855C49C81}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{2208B81E-9862-45CE-BF00-E06B06FE42FC}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [TCP Query User{B118B254-1E4A-45DB-8896-42FE882592CE}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{3E3D3325-65CD-4204-9FB0-7A6BC89025CD}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [{37A7B427-CA8B-436B-948B-201604E87AD3}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F0EB2202-4591-410F-BEF5-EACB99F653BB}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{77B53A83-3F0C-4BE1-9B34-3942C55AEFF3}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{567CA49D-EF01-4354-A9C0-A94A8C3DEB04}] => (Allow) M:\Games\Steam\SteamApps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{22489C17-4A10-47E6-9DDB-40A465130AB7}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6F3316D0-397D-4AF4-94B5-146DCED31F04}] => (Allow) M:\Games\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{6E18E2EC-EB19-434D-A845-71DF8B3A0254}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{635EC92B-D555-4026-B744-280CFA96E10B}] => (Allow) M:\Games\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{BE9DB318-4890-4372-856E-41EC1D7EECD2}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{EA2E5CD4-23B2-4AF6-B156-3A573CAAED7D}] => (Allow) M:\Games\Blur(TM)\Blur.exe
FirewallRules: [{C5E3C8F5-A371-4923-9449-8092826FED5A}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{49E3C0FF-AD6A-4AEC-93B4-2B7E1BC9C30C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest.exe
FirewallRules: [{2D8BE52D-6E74-41E7-8588-8C529C454005}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{1DB302D7-6BF1-4DA4-BB7A-C8CF7C4BCAA2}] => (Allow) M:\Games\Steam\SteamApps\common\Dead Island\DeadIslandGame.exe
FirewallRules: [{EF65FD05-429F-486A-BE80-CAA534F858BB}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Launcher.exe
FirewallRules: [{70DC3DBF-8E54-4852-AF6B-CA74585DDA34}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win32\AstronautsGame-Win32-Shipping.exe
FirewallRules: [{3CFBC750-DEBE-4991-B4F7-98EC7E5E110A}] => (Block) M:\Games\The Vanishing of Ethan Carter\Binaries\Win64\AstronautsGame-Win64-Shipping.exe
FirewallRules: [TCP Query User{DA619417-710D-4B45-AD6E-517A45D28327}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{9462B7D4-F5FB-489A-8C57-2D9CB066A4D0}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{B34AA0A5-85B1-418F-A075-CD9E6F6D16BD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [UDP Query User{605315F6-8373-4389-BF68-C5A8EEF0AEAD}M:\program files\i2pd\i2pd.exe] => (Allow) M:\program files\i2pd\i2pd.exe
FirewallRules: [{AB1A890A-2AC5-4123-B154-4EF5B2AEB26B}] => (Block) M:\Games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{2E47CA85-99A9-4F88-B23A-8E12B8997BFF}] => (Block) M:\Games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{3089E656-5C03-4363-83C3-E7FA683A8F51}] => (Block) M:\Games\Assassin's Creed Unity\ACU.exe
FirewallRules: [{BDBF07E9-5DB8-4F48-BB53-58A9F7A6DFEA}] => (Block) M:\Games\Call of Duty - Advanced Warfare\s1_sp64_ship.exe
FirewallRules: [TCP Query User{248ED716-F16E-44DB-9AD4-B058324DE469}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [UDP Query User{481E01E6-2DCF-4B07-B4F0-CFE2A9B94A35}M:\program files (x86)\foobar2000\foobar2000.exe] => (Allow) M:\program files (x86)\foobar2000\foobar2000.exe
FirewallRules: [{994A1CE8-2287-416F-B04B-1AE713189E34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4F951DC3-AE7F-4752-9A28-D7FE188CFE72}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A2657D70-93EE-4889-ADED-399F97137134}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFC3D7CC-6E4A-43DA-9CD5-F84CF71A4AEF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{14BB8CD7-7D9B-4692-96EF-3424D851621F}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{8697AC22-942A-473D-91DC-2927AF54E181}] => (Allow) M:\Games\Steam\SteamApps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{49A9219E-D6A1-4331-959A-F8225D224646}] => (Block) M:\Games\Emergency 5\bin\x64r\emergency5.exe
FirewallRules: [{24D0EDF5-3D35-4BC6-A11C-0EA80F5B15C5}] => (Block) M:\Games\Emergency 5\bin\em5_launcher.exe
FirewallRules: [{3A5CE854-47D2-478F-A416-2A0D75D807A8}] => (Block) M:\Games\Pro Evolution Soccer 2015\PES2015.exe
FirewallRules: [{364E73A1-3F3A-48D2-BFC3-9EAA3BA8FCB7}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{7D9BDA86-4F5F-4A0D-BC52-43FB70631D9C}] => (Allow) M:\Games\Steam\SteamApps\common\Dungeon Defenders\Binaries\Win32\DungeonDefenders.exe
FirewallRules: [{434C59DE-4EF6-421C-A076-377BA4555A78}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{BD9A86DE-A41C-4D3C-8938-625D38B4AA2B}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanetLauncher.exe
FirewallRules: [{5BC67C73-3F89-4144-88DE-851A05C5A7F5}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{E22BDA91-8BE1-4B58-ABE2-312B69F5F92E}] => (Allow) M:\Games\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{91417446-187E-4267-B32C-C059EF295953}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{6C4A73F7-42B8-4145-9570-5CD92BE6B74E}] => (Allow) M:\Games\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0F0C0F0D-5AB2-469B-8068-5E8BC056651D}] => (Block) M:\Games\Metal Gear Solid V Ground Zeroes\MgsGroundZeroes.exe
FirewallRules: [{AC9B1FCB-C8C2-4E45-B77E-E3B2D57AC311}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{7AC59EA4-65D8-43BE-ACBA-2E57801BD21D}] => (Allow) M:\Games\Steam\SteamApps\common\ManiaPlanet_TMStadium\ManiaPlanet.exe
FirewallRules: [{BFBC1A6D-9314-4E9E-9673-FF0FB1F1384A}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{9C5C78ED-A765-454B-9FAB-3F93D91B9B86}] => (Allow) M:\Games\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{5D9C1722-FBDD-4C74-87C0-A94AB690A075}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [{F44B4D68-2890-4DB1-BBE8-018CD747B1BE}] => (Allow) M:\Games\Steam\SteamApps\common\FlatOut Ultimate Carnage\launcher.exe
FirewallRules: [TCP Query User{BFB0493B-F9B2-4DEC-BAE3-C685C9019F0F}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [UDP Query User{BFA826F7-C0C0-4238-997C-2FB753CE6FB2}C:\program files (x86)\qtdsync\bin\rsync.exe] => (Allow) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{35D61A5D-9977-4F07-9CC3-30B4FA52B1D0}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{A9E99EF8-F7EA-42C4-8425-4180640D9C7B}] => (Block) C:\program files (x86)\qtdsync\bin\rsync.exe
FirewallRules: [{B579E7C8-7067-4018-94B5-53DFFC0F86AC}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{714671A4-D83E-4843-8200-5EF35EEB6071}] => (Allow) m:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{8C9DED58-3E6C-4F1E-89E2-2B6CC8869C08}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [{70C6E6DF-16D1-4397-A00A-FD7FC9D5837B}] => (Allow) M:\Games\Steam\SteamApps\common\BattleBlock Theater\BattleBlockTheater.exe
FirewallRules: [TCP Query User{B1294E6B-9A5F-4016-8B09-AB4DB9317ED8}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [UDP Query User{62B71617-8077-4ACC-BAE7-84C9B01C11DB}M:\retroshare\retroshare.exe] => (Allow) M:\retroshare\retroshare.exe
FirewallRules: [{4B7EECCA-3EA2-406D-A351-ACECAA053534}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{344ABB5D-B36B-4A47-AAF5-7ADD539C9819}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\duke3d.exe
FirewallRules: [{A1230E38-BC6B-4423-884E-7C04AC6EAC4D}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{6137CAEF-525D-477E-B6F0-AE8653E9B9E6}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\build.exe
FirewallRules: [{552F8607-4925-48F5-BE29-AA29716535CD}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [{F0AF273C-F0D8-49B6-B5D0-140BAB3C20C8}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win32\DepthGame.exe
FirewallRules: [TCP Query User{129DA68C-10D5-4A54-AF78-FE14626F89FA}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [UDP Query User{C96FEB0A-D1EC-4E8A-9D67-A9B88FFBCCE4}M:\program files (x86)\libreoffice 4\program\soffice.bin] => (Allow) M:\program files (x86)\libreoffice 4\program\soffice.bin
FirewallRules: [{90635068-74C0-4A5E-89D7-A1002938EC7F}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{DBFC02B6-D19F-4687-9775-9FC9C684EFFC}] => (Allow) M:\Games\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{86E9F973-34FA-45FC-B29F-10D355AC9A51}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [UDP Query User{5071F1DA-BC94-4605-8817-969D0BFD4F8C}C:\users\mongole\appdata\roaming\tonido\tonido.exe] => (Allow) C:\users\mongole\appdata\roaming\tonido\tonido.exe
FirewallRules: [{BBD735BF-2935-41CE-803D-F951C13DF71B}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{182E01A8-6389-4022-90B0-F77DAD0D3A2D}] => (Allow) M:\Program Files\Vuze\Azureus.exe
FirewallRules: [{96093A0B-AE70-4943-BBA1-A1C943E10B1D}] => (Block) M:\Games\Saints Row Gat out of Hell\SaintsRowGatOutOfHell.exe
FirewallRules: [{C697EC6B-941F-4972-80A4-20BF80ADE92D}] => (Allow) M:\Program Files\Synergy\synergys.exe
FirewallRules: [{ED48CF50-3137-4FA0-AAA6-5129EBDE836B}] => (Block) F:\Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{AEB39B74-EA27-4022-9E46-5AF81D6A6A40}] => (Block) F:\Games\Dragon Age Inquisition\Launcher.exe
FirewallRules: [{5E27A642-B227-4D97-BF24-FB6531F7428A}] => (Block) F:\Games\Trials Fusion - Fire in the Deep\datapack\trials_fusion.exe
FirewallRules: [{06AECA0B-4B68-4A6C-BD7D-793672D2CFDB}] => (Block) F:\Games\3DMGAME-OMSI.2.Cracked-3DM\OMSI 2\Omsi.exe
FirewallRules: [{1F3E9DB3-03E8-4A19-9C64-9B1CC5CFCA35}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{D39DA46A-34CE-4CDC-91E3-B23FCBB3CCF7}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{9D01AC1A-8587-4434-9378-0AE4F03A5597}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [UDP Query User{5B6510ED-491C-4992-890F-2AFEF91BA430}M:\program files (x86)\pidgin\pidgin.exe] => (Allow) M:\program files (x86)\pidgin\pidgin.exe
FirewallRules: [TCP Query User{79003072-7204-4FD4-A113-F26A93E6666F}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [UDP Query User{79209835-BB21-48E2-88D3-2B4BBC0F3C7D}C:\program files (x86)\namecoin\namecoin-qt.exe] => (Allow) C:\program files (x86)\namecoin\namecoin-qt.exe
FirewallRules: [TCP Query User{4808077D-D942-4D3B-B786-201B96987BC5}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [UDP Query User{72C89448-729D-4574-8CDD-2D154030E0D6}C:\program files\psi\psi.exe] => (Allow) C:\program files\psi\psi.exe
FirewallRules: [{A8D44089-9785-43A4-9DC7-D27C5A79DC31}] => (Block) F:\Gamez\BroForce.v2014.10.07.Build.2598.Steam.Workshop.Update-TPTB\TPTB-BROF\TPTB-BROF\Broforce October Update\BROFORCE_Beta.exe
FirewallRules: [{736CB91D-01D2-46D3-B0A2-D3BE74141EE2}] => (Block) F:\Games\Dying Light\DyingLightGame.exe
FirewallRules: [{CD88DD7D-65A1-49CD-A9A4-885A38FDEA8A}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\GTAIV.exe
FirewallRules: [{AC11F986-70E8-4B52-AA75-40BE1BBF4EB7}] => (Block) F:\Games\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe
FirewallRules: [TCP Query User{6F45770F-CC60-4B45-B987-6FFF5BCAC5C2}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{C53BE3F0-1538-42CF-920E-70BC0FE9F2F0}C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\mongole\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{0E43AE6C-F566-441F-96DD-B2EC395A4B74}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{BEF016FB-4A83-428F-AE38-F4CC47A8E977}] => (Allow) B:\TEMP\_ISTMP1.DIR\_ISTMP0.DIR\igd_finder.exe
FirewallRules: [{3ACC59E7-64E4-48BD-95DB-CEC3493EAD56}] => (Allow) LPort=5031
FirewallRules: [{985DEDCD-8156-49C2-A98C-0F5D568955C3}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{3C8DF17D-7E92-4FE4-A012-90F339DBA74A}] => (Allow) B:\TEMP\_ISTMP1.DIR\_INS5576._MP
FirewallRules: [{9E35948F-1B11-4193-99FF-008033B75385}] => (Block) F:\Games\Battle vs. Chess\battlevschess.exe
FirewallRules: [{B35AEF73-DAB2-40F1-A36A-74686E90E011}] => (Block) F:\Games\Battle vs. Chess\Activation.exe
FirewallRules: [TCP Query User{2FDE19C3-BD20-4A2C-ADD7-176EB09056F0}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [UDP Query User{558AA483-C8E2-4E0A-A7C7-B4188F6801BE}M:\games\blur(tm)\blur.exe] => (Block) M:\games\blur(tm)\blur.exe
FirewallRules: [TCP Query User{B37A88D8-AE18-4F67-A0D5-C8370A3CDEB1}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [UDP Query User{696A7DD7-A729-4D59-A679-13A94CEEF629}M:\games\rayman legends\rayman legends.exe] => (Block) M:\games\rayman legends\rayman legends.exe
FirewallRules: [TCP Query User{05D25445-45D5-47B0-BDFC-D38C1618EDCE}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [UDP Query User{D6A37DB2-C5DD-41AA-A8F4-3624A8892794}C:\program files\pale moon\plugin-container.exe] => (Allow) C:\program files\pale moon\plugin-container.exe
FirewallRules: [{5D731F2D-E351-4A43-A2E5-E19D15A83FD8}] => (Block) F:\Gamez\The.Talos.Principle.Build.220996.Incl.DLC-TPTB\TPTB-TLOS\Steam\SteamApps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D60796AB-0E37-4B2C-BCD2-3A0135FCC88B}] => (Block) F:\Games\Fahrenheit Indigo Prophecy Remastered\Fahrenheit.exe
FirewallRules: [{D1065750-03A4-4CE8-B5CD-6AD7E9CE0A2E}] => (Block) F:\Games\Oddworld - New 'n' Tasty\NNT.exe
FirewallRules: [TCP Query User{A7A7E28E-8338-4353-AC74-0E7D2A7EA058}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{6C3779EB-AFD3-414E-ACB7-B3BEEBEC2CEB}M:\program files\ditto\ditto.exe] => (Block) M:\program files\ditto\ditto.exe
FirewallRules: [{B4577D29-771C-48CD-A1E7-65339FE68945}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{4DB29EAC-77E7-41EC-99EB-570E5597E310}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [TCP Query User{A965A841-AE03-42FC-9F36-9BE27DA91E59}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [UDP Query User{573A76E3-7DF7-4FAD-AEF0-67FDE6452099}C:\program files\java\jre1.8.0_40\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\java.exe
FirewallRules: [{34C111C1-EBAA-4987-AFD8-83EE4B0D0FD4}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [{DB2F5B50-E8F4-451C-B246-84561FAD53DA}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Launcher.exe
FirewallRules: [TCP Query User{C70BBCDA-5126-4E1B-82C1-0A34064B2DEF}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [UDP Query User{65D6FCA4-7447-4B0C-A805-F48B13CE81D4}F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe] => (Allow) F:\steamlibrary\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe
FirewallRules: [{39BD05E6-034C-414E-8492-9A78F82FADD4}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{7E24D3D2-C045-43AA-8468-940A1423E5A1}] => (Allow) M:\Games\Steam\SteamApps\common\SS2\Shock2.exe
FirewallRules: [{A91A2A3D-69FE-478D-95DF-8E13C0A6F3BD}] => (Block) F:\Games\Pillars of Eternity\PillarsOfEternity.exe
FirewallRules: [{B08B78C4-702C-402E-9342-9F7FF8D98A97}] => (Block) F:\Games\Trials Fusion - After the Incident\datapack\trials_fusion.exe
FirewallRules: [{C76E1CA4-3F96-400F-A90A-87B12EF0417A}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\game.exe
FirewallRules: [{2083F763-2AB4-4B67-9754-0D84DEF43F2C}] => (Block) F:\Games\DEAD OR ALIVE 5 Last Round\startup_setting.exe
FirewallRules: [{779CB0C0-93C8-40A1-9EA7-0227EF5E3309}] => (Block) F:\Games\Bloodsports TV\bloodsports.exe
FirewallRules: [TCP Query User{9FE9ED83-9B64-4FD4-AEBF-67739A0E27C7}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [UDP Query User{B14740C1-962F-4B73-BF1B-6F892C6013B2}C:\program files\java\jre1.8.0_40\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_40\bin\javaw.exe
FirewallRules: [{D44D9DE4-4333-493F-8612-D50976EFD424}] => (Block) F:\Games\Ori and the Blind Forest\ori.exe
FirewallRules: [{CE062D04-75A1-4186-9F23-EC9A12CE7715}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{971FF926-DFC9-4AC2-B8D5-7AF50EA5AE63}] => (Allow) M:\Program Files\Wippien\Wippien.exe
FirewallRules: [{AECBF9FB-0FBB-4E78-8616-D5E91EAD280E}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{88E1287D-00D7-406A-96AB-5F593B01A404}] => (Allow) C:\Users\mongole\AppData\Local\Maelstrom\Application\chrome.native.torrent.exe
FirewallRules: [{CF7C1938-2A8A-46EB-AC5A-FEEDC692EC91}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [{16E625D0-D511-4E5D-BF1C-71F5DC0888FA}] => (Allow) M:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTAVLauncher.exe
FirewallRules: [TCP Query User{641D6791-3FBC-4D66-BA37-0828F7A3DF4C}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [UDP Query User{5E3155A6-D119-408B-B5CE-544F0B9E908A}M:\games\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{73AD9C2C-228E-41B1-86DB-554541EE7022}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{D4661D20-C5E0-4B2F-9B49-D355B2E44FDA}] => (Block) M:\games\steam\steamapps\common\grand theft auto v\gta5.exe
FirewallRules: [{CB34AD36-031F-43F7-A7B0-DBA351DAA6F2}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{127FE993-610A-4EE5-8D1E-DB2FF9F13367}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1213E8AB-23AC-4820-B5C2-92F537D8F8E2}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{8D30DB3A-B89E-4C03-B1BA-A1C04C778825}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\System\Postal2.exe
FirewallRules: [{11203B2E-2219-4493-9A4B-663998506188}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{D88E7769-DAD5-4764-9AEE-A5382D36FC6E}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe
FirewallRules: [{1A166CDC-F18D-49CB-B768-ED86C22697AC}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [{5EF3BE44-4F20-42DF-9DD5-118EA597DEAB}] => (Allow) M:\Games\Steam\SteamApps\common\POSTAL2Complete\Paradise Lost\System\ParadiseLost.exe
FirewallRules: [TCP Query User{EFE008D3-79C7-4413-B298-1A8C13399889}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA960FFF-09E6-4DBF-9FEC-30078E7E18F7}M:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{05A367DC-A9AD-480C-A486-F0FDCB8A6CE0}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{318A177A-0184-4FF2-BAFD-2C3B0D2E7AC7}] => (Block) M:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D77AAA5D-49E2-4562-AAA9-9A6789F4F407}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [UDP Query User{CBF933FA-01D5-4200-85D8-90958F02DFAF}C:\program files\java\jre1.8.0_45\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{65B58FCE-85C8-4B19-B747-0C067DEAA68C}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{F50DEFA1-AB04-4665-8620-E74261B95C31}] => (Block) C:\program files\java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{CB23A8B5-7631-44A5-A8A7-3B338917814F}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{52801A91-0552-494F-9891-472499331805}] => (Allow) M:\Games\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{6759AF2D-B7BA-4662-9A18-24123561DBFA}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{25FFBEF5-EDBB-4AFE-A0E7-AFDFAD49EB60}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{12A981BD-E07E-4110-BE87-A1AC5EF2C1B2}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{0DFEEF7D-5ABC-4AFF-A927-AD169872BC1B}M:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{52DA281E-9821-406D-A286-01C75E04A30B}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{AB9BBED0-1FF8-486E-BCC9-E2C80BFE724E}] => (Block) M:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [{17382AC5-9476-4618-B108-4568A910BC63}] => (Block) G:\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe
FirewallRules: [{1F0EDA63-387A-4E84-ACF6-C3CD2E0F49E6}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{B1E3AF09-708F-46E0-91EA-D06A10529903}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser.exe
FirewallRules: [{4B091B33-232D-4E3B-BFDD-BED29239717C}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{74C07DD3-D6E7-46D8-B311-D7F32E310458}] => (Allow) M:\Program Files (x86)\TV-Browser\tvbrowser_noDD.exe
FirewallRules: [{96AF514A-5398-45B6-BC6E-DE4420836BFA}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{7138359E-C5DC-49F4-B8B3-193007C43EF9}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\java.exe
FirewallRules: [{970B83BE-4ED5-4BB9-B20B-8F8B499F41BD}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{E440A275-5762-4E80-99E1-C3E9728ECAF3}] => (Allow) C:\Program Files (x86)\Java\jre1.8.0_45\bin\javaw.exe
FirewallRules: [{8EB0BA31-7B99-4181-AFAE-C526D34AA2EC}] => (Block) G:\Hatred\Hatred\Binaries\Win64\Hatred-Win64-Shipping.exe
FirewallRules: [{89947782-B01B-489D-B391-1EBF191BFA53}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_launcher.exe
FirewallRules: [{507F57F6-A191-4901-AC71-B6913F535D36}] => (Block) F:\Gamez\Trine.3.The.Artifacts.of.Power.v0.06.Cracked-3DM\Trine 3\trine3_64bit.exe
FirewallRules: [{90DE4BC8-1043-4DE3-9220-662E3444A074}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06CB0103-7652-47F1-BDE8-FE744E614A48}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{11A69F30-6FBE-4C71-AD3A-3BE743364533}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{308744F5-3D25-4870-A6F6-99149F34AA3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{45A10B15-5D3F-4267-B46F-8CD4D9CE4EF3}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{2FE605A5-0756-4724-AC1F-24C64F04316A}] => (Allow) M:\Games\Steam\SteamApps\common\Nidhogg\Nidhogg.exe
FirewallRules: [{71764963-7970-4916-9E52-EEE8F9A590C5}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{D8E79390-5873-4DA8-9A34-4429A18E062D}] => (Allow) M:\Games\Steam\SteamApps\common\FORCED\FORCED.exe
FirewallRules: [{66E4CD1B-797D-43A0-AD47-16F9F607FCF5}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{33D865C0-874F-43CF-B308-18D3BA938064}] => (Allow) M:\Games\Steam\SteamApps\common\Orcs Must Die 2\build\release\OrcsMustDie2.exe
FirewallRules: [{1F8B8068-4215-4F04-B340-D5E72C00CA69}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{BACAE36C-F4C7-44B4-9866-D47900B4688B}] => (Allow) M:\Games\Steam\SteamApps\common\And Yet It Moves\And Yet It Moves.exe
FirewallRules: [{5C1E7824-B02C-4FCC-A39F-9F1D263A079A}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{4A674C27-C404-4E2A-98C3-61DCD39C0DC5}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{BD88A5D0-576A-48C2-84BB-9FC5306D4E91}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{E629AB3E-863F-4E04-A962-69D844A6DA10}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6B9B3657-81CD-4F66-AE00-8BA5AF84C23D}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D3E3A14D-4AE7-4D6E-A24C-E5E2E2BA37AE}] => (Allow) M:\Games\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [TCP Query User{D9753E3C-9082-462F-AF67-922F33F2DECB}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [UDP Query User{B5F6FA34-9057-49F5-BCE2-6F250F08D27C}M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe] => (Allow) M:\games\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe
FirewallRules: [{065F22E2-E281-402C-85D8-A7E4DA317DF3}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{16139CE7-9FAE-434A-8951-AE36A5672C35}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
FirewallRules: [{051289DE-CFC1-4850-B197-E523E3C340E1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{57501666-57BF-4A5A-8099-09157351DAE1}] => (Allow) M:\Program Files\uvnc bvba\UltraVNC\vncviewer.exe
FirewallRules: [{61A8946B-D000-48CC-B097-0DCB32246503}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{8C18E07B-3F1E-4B87-9BD9-E7102C7EBA68}] => (Allow) M:\Games\Steam\SteamApps\common\Jamestown\Jamestown.exe
FirewallRules: [{505362FB-C4C7-45C7-87BE-6C8E4229EF8B}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{74BFEB60-AAA2-41DE-A381-15B9E8C3A44C}] => (Allow) M:\Games\Steam\SteamApps\common\Bugbear Entertainment\Wreckfest_x64.exe
FirewallRules: [{F975DE6E-91DD-4EC6-805A-D2EF82169F40}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{87DCA32C-F9F5-423E-99B3-3233D44F1B4D}] => (Allow) M:\Games\Steam\SteamApps\common\Contagion\contagion.exe
FirewallRules: [{D7DED483-1733-4F91-BB0E-0487D7D7B266}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{920D4BE6-06D0-44B1-9BAC-77BDDEBA048D}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\HowToSurvive.exe
FirewallRules: [{76F30BFB-CC77-4906-A75A-E3D5093A1F00}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{D98EAAC6-9BAC-4531-B6AF-3B1F0E52B3D6}] => (Allow) M:\Games\Steam\SteamApps\common\How to Survive\Detect.exe
FirewallRules: [{1C8B61E4-0FB6-4894-ACEE-B49FF131F16D}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{12427FBA-C50C-48D9-86B1-4F958253598F}] => (Allow) M:\Games\Steam\SteamApps\common\Depth\Binaries\Win64\DepthGame.exe
FirewallRules: [{E71C36B8-6B00-4EC0-8662-9F53AB8A4A92}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{6C74104F-2FC5-4AE5-A7D9-7C4722F69829}] => (Allow) M:\Games\Steam\SteamApps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{8EC9B25A-4EDB-48C8-B6E0-2898F9A3E025}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{5383EA28-70CB-4517-AB71-32CB05193080}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{55A108E5-A6A7-4AD2-94AE-D3F97CE3F476}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [UDP Query User{B63A07FF-59FD-4580-A09E-73DAE9161CAF}M:\program files\jitsi\jitsi.exe] => (Allow) M:\program files\jitsi\jitsi.exe
FirewallRules: [{EC0633FB-51D5-49C4-AADC-184C8ABC411D}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [{E4D48C8C-5D30-41BA-811C-7C4214CB8F51}] => (Block) M:\program files\jitsi\jitsi.exe
FirewallRules: [TCP Query User{00235518-81DE-4051-B77A-C71B70D27B37}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [UDP Query User{8FB43FF3-EE4A-4059-A1BF-4B595DACF09A}M:\program files (x86)\free download manager\fdm.exe] => (Allow) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{BE8EFA65-8618-4B50-A992-1368DDB3D0E8}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{31D00BD2-AF45-4E1B-8FD5-89E5B44088E4}] => (Block) M:\program files (x86)\free download manager\fdm.exe
FirewallRules: [{A0924598-58FE-46FA-A8A1-60FD1DA618BA}] => (Allow) M:\Program Files\Halite\Halite.exe
FirewallRules: [TCP Query User{7261A86F-2A25-48DC-878E-ABA339604219}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [UDP Query User{264C444C-77A6-4B4C-86EB-386217A7B862}B:\temp\mozopendownload\hfs.exe] => (Allow) B:\temp\mozopendownload\hfs.exe
FirewallRules: [{ECE4BD9E-E075-4D5D-B3DA-CD7819ADA9B9}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{27925614-EE31-4402-A4B7-2D56EC8B840E}] => (Allow) M:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{D75C508E-E7A4-42F7-9F95-B171F7EFD21F}] => (Block) M:\Games\Tembo the Badass Elephant\Tembo The Badass Elephant.exe
FirewallRules: [{A1E91B3E-A276-4E9D-BD76-5724EDB18EFC}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{F2F5A0B3-D8A1-447E-88B0-52F757466A2F}] => (Allow) M:\Games\Steam\SteamApps\common\Worms Reloaded\WormsReloaded.exe
FirewallRules: [{EA560A31-A9E0-4356-9AD2-0EC8EBDA0B46}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{D8767F0C-DC04-4901-B2E7-D41A4B2E850E}] => (Allow) M:\Games\Steam\SteamApps\common\Unreal Tournament\System\UnrealTournament.exe
FirewallRules: [{7FC58F41-7894-4C15-AB3E-481BE5CD75BA}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_64bit.exe
FirewallRules: [{33F3AADD-F31E-4307-BE48-11D18ECBA39D}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_32bit.exe
FirewallRules: [{660ACE76-CC78-424D-A3F0-1640D22637A1}] => (Block) M:\Games\Trine 3 The Artifacts of Power\trine3_launcher.exe
FirewallRules: [TCP Query User{0E7FB79C-8EAC-48E9-ADF2-C1941E96B5DB}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [UDP Query User{A2F161B0-9851-4656-8291-A7B664DFFBFF}M:\program files\vuze\azureus.exe] => (Block) M:\program files\vuze\azureus.exe
FirewallRules: [{023F5A2A-5189-4841-8332-99CA51500362}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8864B29C-6D8A-4028-95D7-CBF99A82CC4F}] => (Block) F:\Games\Act of Aggression\ActOfAggression.exe
FirewallRules: [{9AA66804-AAAA-4728-AB35-5DEBBD9C730C}] => (Block) F:\Games\Act of Aggression\unins000.exe
FirewallRules: [{FAC1FAEA-0888-4F8A-A6F9-FA227B60DF70}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{8BF725F0-1371-4144-B039-C0C89604EAB4}] => (Allow) M:\Games\Steam\SteamApps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [TCP Query User{95A37C24-AE84-42A0-89B5-594944937687}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [UDP Query User{0141E4FC-BA4F-4A11-9A20-5B6EF376D63D}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpncmd.exe
FirewallRules: [TCP Query User{B0462F46-07E7-425C-A6B2-C015FB0E3FF6}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [UDP Query User{BE8A9421-3A21-4817-AB58-8EB244F33A76}B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe] => (Allow) B:\downloads\softether-vpn_admin_tools-v4.18-9570-rtm-2015.07.26-win32\vpnsmgr.exe
FirewallRules: [{E3B7C074-AB1B-4244-B1C2-1F6D2F2E2FA3}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{E12E2D98-51B2-482A-9824-B05C64E5BD33}] => (Allow) M:\Games\Steam\SteamApps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{4577AF07-B811-4769-A76F-D5E1CBE67F3B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5C817070-8E84-46F7-9C27-89795EFF21A1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2B8D7556-880E-42A2-836B-CB23F598688A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E2C39B42-2952-4551-951E-4C987C9585C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============

Name: Shrew Soft Virtual Adapter
Description: Shrew Soft Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Shrew Soft
Service: vnet
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: WeOnlyDo Network Adapter 2.5
Description: WeOnlyDo Network Adapter 2.5
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: WeOnlyDo Network Provider
Service: wod0205
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2015 01:31:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: aac

Startzeit: 01d0faaa67fc6840

Endzeit: 12

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: b194b1ce-669d-11e5-82c1-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/29/2015 01:31:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.3.9600.17667 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: fa8

Startzeit: 01d0faaa1dc9cc8a

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: a5768fe1-669d-11e5-82c1-0015833d0a57

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/29/2015 01:31:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8

Error: (09/27/2015 11:51:19 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: MSDTCC:\Windows\system32\msdtcuiu.DLL8

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll8

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\Windows\system32\esentprf.dll8

Error: (09/27/2015 11:51:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (09/27/2015 11:41:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll8


System errors:
=============
Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Client for NFS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Restart the service.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "uvnc_service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_LiveUpdate_Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSI_ECOSERVICE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSIDDR_CC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "MSICTL_CC" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Logitech Gaming Registry Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Killer Service V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (09/29/2015 01:33:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "GlassWire Control Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===================================
  Date: 2015-09-27 04:31:06.038
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-07-11 02:34:41.736
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Programme\SysinternalsSuite\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-06-15 21:34:14.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-03-25 01:39:52.738
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-10 15:21:43.872
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-29 21:40:08.346
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume2\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-29 21:39:57.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-31 12:45:17.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-31 12:45:08.818
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-02 22:09:44.251
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 31%
Total physical RAM: 32716.61 MB
Available physical RAM: 22480.84 MB
Total Virtual: 36812.61 MB
Available Virtual: 26289.66 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:7.99 GB) (Free:7.98 GB) exFAT
Drive c: () (Fixed) (Total:111.45 GB) (Free:32.04 GB) NTFS
Drive f: (Backup) (Fixed) (Total:465.76 GB) (Free:53.51 GB) NTFS
Drive g: (SSD) (Fixed) (Total:59.62 GB) (Free:9.89 GB) NTFS
Drive m: (Data) (Fixed) (Total:931.39 GB) (Free:53.52 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 49A204F8)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3064FF80)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=06)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 59.6 GB) (Disk ID: 000BF271)
Partition 1: (Not Active) - (Size=59.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

schrauber 30.09.2015 14:20

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131