1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

TROVI Malware (using Thread from July 2014)

Discussion in 'Virus & Other Malware Removal' started by rome75, Feb 4, 2015.

Thread Status:
Not open for further replies.
Advertisement
  1. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    The Trovi malware has invaded my Windows 7 netbook. I read the Trovi Malware Thread from July 2014 and am following the tips from Machiavelli_G2G, so hopefully he (or someone at his same level) can view this post and help me. The following is the OTL Scan from my computer:

    OTL logfile created on: 2/3/2015 10:50:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas Kaufmann\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17501)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.73 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 68.23% Memory free
    3.70 Gb Paging File | 2.46 Gb Available in Paging File | 66.52% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.99 Gb Total Space | 208.10 Gb Free Space | 73.02% Space Free | Partition Type: NTFS

    Computer Name: ROMAN | User Name: Thomas Kaufmann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2015/02/03 22:26:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thomas Kaufmann\Downloads\OTL.exe
    PRC - [2014/12/18 17:23:51 | 001,676,344 | ---- | M] (Spotify Ltd) -- C:\Users\Thomas Kaufmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2014/12/08 19:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2014/09/04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2014/08/26 08:49:58 | 000,078,088 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2013/04/27 17:30:44 | 000,433,912 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
    PRC - [2013/04/27 17:30:36 | 003,306,232 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    PRC - [2013/04/26 15:05:20 | 000,273,656 | ---- | M] (IVT Corporation) -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
    PRC - [2012/03/23 01:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2012/03/23 01:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2012/03/23 01:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2012/03/23 01:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2012/03/06 15:23:52 | 000,050,328 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    PRC - [2012/03/06 15:22:50 | 000,050,336 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    PRC - [2012/02/29 05:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    PRC - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2012/01/18 03:37:32 | 000,072,864 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
    PRC - [2011/10/18 00:46:26 | 000,620,696 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
    PRC - [2011/06/19 21:04:36 | 000,233,664 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
    PRC - [2011/06/14 09:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    PRC - [2011/06/14 09:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lktsrv.exe
    PRC - [2011/06/14 09:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) -- C:\Windows\SysWOW64\lkads.exe
    PRC - [2011/06/01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    PRC - [2011/05/12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/05/11 21:04:12 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
    PRC - [2010/10/27 09:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) -- C:\Windows\SysWOW64\lkcitdl.exe
    PRC - [2010/01/29 15:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe


    ========== Modules (No Company Name) ==========

    MOD - [2015/02/03 10:06:56 | 000,043,008 | ---- | M] () -- c:\users\thomas~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpq72kwr.dll
    MOD - [2014/10/21 16:22:50 | 000,750,080 | ---- | M] () -- C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    MOD - [2014/10/21 16:22:50 | 000,047,616 | ---- | M] () -- C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\libEGL.dll
    MOD - [2014/10/21 16:22:48 | 000,863,744 | ---- | M] () -- C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    MOD - [2014/10/21 16:22:46 | 000,200,704 | ---- | M] () -- C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    MOD - [2014/07/03 12:20:20 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/07/03 12:19:50 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2013/04/27 14:24:16 | 000,141,048 | ---- | M] () -- C:\Windows\SysWOW64\BsProfileFunc.dll
    MOD - [2013/04/26 15:06:52 | 000,129,784 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\s40pack.dll
    MOD - [2013/04/26 15:06:50 | 000,048,376 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\CsCvt.dll
    MOD - [2013/04/26 15:06:48 | 000,244,472 | ---- | M] () -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
    MOD - [2013/04/26 15:04:40 | 000,026,360 | ---- | M] () -- C:\Windows\SysWOW64\BsTrace.dll
    MOD - [2013/04/26 15:04:30 | 000,016,632 | ---- | M] () -- C:\Windows\SysWOW64\BsMobileCSps.dll
    MOD - [2011/10/18 00:46:26 | 001,967,104 | ---- | M] () -- C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2014/11/12 00:06:52 | 002,449,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
    SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2012/04/01 12:21:52 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2012/03/06 15:23:00 | 000,068,256 | ---- | M] (National Instruments Corporation) [Disabled | Stopped] -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer64)
    SRV:64bit: - [2012/02/07 16:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2012/01/26 16:07:14 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2014/09/04 04:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2014/08/26 08:49:58 | 000,078,088 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
    SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/09/11 20:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2013/04/27 17:30:36 | 003,306,232 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
    SRV - [2013/04/26 15:06:08 | 000,207,096 | ---- | M] (IVT Corporation) [On_Demand | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
    SRV - [2013/04/26 15:05:20 | 000,273,656 | ---- | M] (IVT Corporation) [Auto | Running] -- C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
    SRV - [2012/04/09 20:40:23 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/23 01:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2012/03/06 15:23:52 | 000,050,328 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe -- (niSvcLoc)
    SRV - [2012/03/06 15:22:50 | 000,050,336 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe -- (NIApplicationWebServer)
    SRV - [2012/02/29 05:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2012/01/18 03:37:32 | 000,072,864 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
    SRV - [2011/06/21 11:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
    SRV - [2011/06/19 21:04:36 | 000,233,664 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe -- (niLXIDiscovery)
    SRV - [2011/06/14 09:11:10 | 000,362,104 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
    SRV - [2011/06/14 09:08:24 | 000,056,952 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lktsrv.exe -- (lkTimeSync)
    SRV - [2011/06/14 09:00:10 | 000,046,192 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Windows\SysWOW64\lkads.exe -- (lkClassAds)
    SRV - [2011/06/07 11:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/06/01 16:32:14 | 000,194,224 | ---- | M] (National Instruments Corporation) [Auto | Running] -- C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe -- (nimDNSResponder)
    SRV - [2011/05/12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
    SRV - [2010/10/27 09:43:38 | 000,695,136 | ---- | M] (National Instruments, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\lkcitdl.exe -- (LkCitadelServer)
    SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/06/01 14:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/01/29 15:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2008/09/08 07:59:00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/06/10 20:50:24 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2013/08/28 17:29:52 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2013/01/05 10:16:52 | 000,025,720 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btcombus.sys -- (IvtComBusSrv)
    DRV:64bit: - [2012/12/25 18:55:36 | 000,043,128 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcusb.sys -- (Btcsrusb)
    DRV:64bit: - [2012/12/24 16:45:48 | 000,027,256 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtAudioBusSrv)
    DRV:64bit: - [2012/12/24 16:42:26 | 000,031,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (IvtPanBusSrv)
    DRV:64bit: - [2012/12/24 16:24:22 | 000,041,208 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/04/09 20:35:39 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2012/04/09 20:35:39 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2012/04/09 20:35:39 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2012/03/31 19:52:30 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2012/03/31 19:52:26 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2012/03/31 19:52:24 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
    DRV:64bit: - [2012/03/05 04:29:42 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2012/03/05 04:29:40 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/26 16:41:34 | 010,721,280 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2012/01/26 15:06:00 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2012/01/19 23:31:14 | 002,801,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2012/01/17 11:00:56 | 000,206,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2011/12/21 14:47:46 | 000,022,240 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetdrv.sys -- (BT)
    DRV:64bit: - [2011/12/21 14:47:08 | 000,025,056 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
    DRV:64bit: - [2011/12/04 22:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2011/11/23 07:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/11/15 16:35:58 | 000,054,400 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2011/10/28 03:41:28 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2011/10/28 03:41:26 | 000,080,512 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/10/25 06:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
    DRV:64bit: - [2011/10/25 06:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
    DRV:64bit: - [2011/10/25 05:09:20 | 000,081,496 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2011/09/16 17:38:52 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2011/07/27 10:28:58 | 000,029,576 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btcomport.sys -- (BTCOM)
    DRV:64bit: - [2011/07/13 21:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/07/13 21:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/06/19 20:08:06 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NiViPxiKl.sys -- (NiViPxiK)
    DRV:64bit: - [2011/06/19 20:07:00 | 000,012,968 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NiViPciKl.sys -- (NiViPciK)
    DRV:64bit: - [2011/03/18 12:46:20 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2011/03/18 12:46:06 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2011/02/14 17:27:16 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalfwedl.sys -- (nipalfwedl)
    DRV:64bit: - [2011/02/14 17:23:58 | 000,012,992 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nipalusbedl.sys -- (nipalusbedl)
    DRV:64bit: - [2011/02/14 16:58:26 | 000,895,640 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipalk.sys -- (NIPALK)
    DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/06/11 14:32:32 | 000,011,944 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nidimkl.sys -- (nidimk)
    DRV:64bit: - [2010/03/24 11:27:44 | 000,016,984 | ---- | M] (National Instruments Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nipbcfk.sys -- (nipbcfk)
    DRV:64bit: - [2009/10/07 21:45:16 | 000,073,216 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
    DRV:64bit: - [2009/10/07 21:45:16 | 000,023,040 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/14 15:32:28 | 000,011,856 | ---- | M] (National Instruments Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\niorbkl.sys -- (niorbk)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
    DRV - [2012/12/24 16:24:22 | 000,041,208 | ---- | M] (IVT Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\blueletaudio.sys -- (BlueletAudio)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4053005129-379462516-412182494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    IE - HKU\S-1-5-21-4053005129-379462516-412182494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    IE - HKU\S-1-5-21-4053005129-379462516-412182494-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    IE - HKU\S-1-5-21-4053005129-379462516-412182494-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKU\S-1-5-21-4053005129-379462516-412182494-1000\..\SearchScopes\{57980F71-E673-4F3D-9233-DD9B8ACC711C}: "URL" = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
    IE - HKU\S-1-5-21-4053005129-379462516-412182494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-4053005129-379462516-412182494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
    IE - HKU\S-1-5-21-4053005129-379462516-412182494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49203;https=127.0.0.1:49203

    ========== FireFox ==========



    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Thomas Kaufmann\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)


    [2014/09/24 09:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thomas Kaufmann\AppData\Roaming\mozilla\Firefox\Profiles\rizT5jzo.default\extensions
    [2014/09/24 09:20:32 | 000,000,000 | ---D | M] (Start Page) -- C:\Users\Thomas Kaufmann\AppData\Roaming\mozilla\Firefox\Profiles\rizT5jzo.default\extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e}
    [2014/09/24 09:20:31 | 000,000,000 | ---D | M] (Slick Savings) -- C:\Users\Thomas Kaufmann\AppData\Roaming\mozilla\Firefox\Profiles\rizT5jzo.default\extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}
    [2014/09/24 09:20:32 | 000,000,000 | ---D | M] (Amazon Shopping Assistant by Spigot) -- C:\Users\Thomas Kaufmann\AppData\Roaming\mozilla\Firefox\Profiles\rizT5jzo.default\extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1}
    [2014/09/24 09:20:33 | 000,000,000 | ---D | M] (Ebay Shopping Assistant by Spigot) -- C:\Users\Thomas Kaufmann\AppData\Roaming\mozilla\Firefox\Profiles\rizT5jzo.default\extensions\{f894a29a-f065-40c3-bb19-da6057778493}
    [2014/09/24 00:34:22 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\Thomas Kaufmann\AppData\Roaming\mozilla\Firefox\Profiles\rizT5jzo.default\extensions\[email protected]

    ========== Chrome ==========

    CHR - default_search_provider: (Enabled)
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokopkfdeilhccnimknmdfpkdjampjaf\1.0.1_0\
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
    CHR - Extension: No name found = C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
    O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
    O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
    O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BtTray] C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe (IVT Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-4053005129-379462516-412182494-1000..\Run: [Spotify Web Helper] C:\Users\Thomas Kaufmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - Startup: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
    O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
    O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll (National Instruments Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{864D36AB-D798-4706-B553-CC3A0AB655AB}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A91EDF5B-D3F3-4E03-9729-746C197D8C96}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\osf - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (bootdelete)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2015/01/26 18:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2015/01/21 08:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\26a09a4400003026
    [2015/01/20 12:13:33 | 000,000,000 | ---D | C] -- C:\Users\Thomas Kaufmann\Documents\Optimizer Pro
    [2015/01/20 12:07:45 | 000,000,000 | ---D | C] -- C:\Users\Thomas Kaufmann\AppData\Local\globalUpdate
    [2015/01/20 12:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
    [2015/01/14 10:34:28 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
    [2015/01/14 10:34:26 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
    [2015/01/14 10:34:13 | 005,553,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2015/01/14 10:34:12 | 003,971,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
    [2015/01/14 10:34:11 | 003,916,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
    [2015/01/14 10:34:09 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
    [2015/01/14 10:34:09 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
    [2015/01/14 10:34:09 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
    [24 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2015/02/03 22:33:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2015/02/03 22:30:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2015/02/03 20:53:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2015/02/03 14:33:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2015/02/03 10:14:34 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2015/02/03 10:14:34 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2015/02/03 10:06:43 | 000,001,299 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini
    [2015/02/03 10:06:21 | 1391,484,928 | -HS- | M] () -- C:\hiberfil.sys
    [2015/02/01 23:12:28 | 000,850,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2015/02/01 23:12:28 | 000,710,424 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2015/02/01 23:12:28 | 000,140,936 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2015/02/01 03:25:49 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2015/01/26 18:20:10 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2015/01/26 18:18:59 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2015/01/20 14:13:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2015/01/20 12:08:48 | 000,001,421 | ---- | M] () -- C:\Windows\wininit.ini
    [2015/01/12 16:16:03 | 000,006,769 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
    [24 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2015/02/01 03:25:46 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2015/01/20 14:13:00 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2014/11/25 04:23:35 | 000,000,841 | ---- | C] () -- C:\Windows\SysWow64\SHORTCUT.INI
    [2014/11/25 04:20:32 | 000,000,176 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
    [2014/11/25 04:19:55 | 000,006,769 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI
    [2014/11/25 04:19:51 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI
    [2014/11/24 19:10:23 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\BSPRINT.INI
    [2014/09/01 00:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Thomas Kaufmann\AppData\Roaming\UTNJYGD
    [2014/07/11 03:22:03 | 000,001,421 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/04/27 17:34:04 | 000,001,299 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini
    [2013/04/27 14:24:16 | 000,141,048 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll
    [2013/04/26 15:07:16 | 000,080,728 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll
    [2013/04/26 15:07:14 | 000,056,152 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll
    [2013/04/26 15:05:02 | 000,070,904 | ---- | C] () -- C:\Windows\SysWow64\VMProtectSDK32.dll
    [2013/04/26 15:04:48 | 000,311,032 | ---- | C] () -- C:\Windows\SysWow64\IVTCredentialProvider.dll
    [2013/04/26 15:04:42 | 000,088,824 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll
    [2013/04/26 15:04:42 | 000,056,568 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll
    [2013/04/26 15:04:40 | 000,026,360 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll
    [2013/04/26 15:04:38 | 000,267,512 | ---- | C] () -- C:\Windows\SysWow64\BsSnapshotCommon.dll
    [2013/04/26 15:04:30 | 000,016,632 | ---- | C] () -- C:\Windows\SysWow64\BsMobileCSps.dll
    [2013/01/18 17:06:28 | 000,000,125 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/11/17 16:20:59 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Advanced System Protector
    [2015/01/20 14:09:52 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Azureus
    [2014/09/25 10:21:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Browser Extensions
    [2014/07/12 09:58:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Canon Electronics
    [2015/02/03 10:07:07 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox
    [2012/11/07 17:52:43 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Screensaver
    [2014/09/25 10:24:26 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Search Protection
    [2014/12/11 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\SoftGrid Client
    [2014/12/19 21:33:19 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Spotify
    [2014/07/10 20:51:54 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\Systweak
    [2014/07/12 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\Thomas Kaufmann\AppData\Roaming\TP

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < >
    [2009/07/13 21:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
    [2009/07/13 21:08:49 | 000,032,636 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/04/09 20:40:24 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
    [2013/01/18 15:45:56 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2013/01/18 15:45:58 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    ========== Base Services ==========
    SRV:64bit: - [2009/07/13 17:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
    SRV:64bit: - [2013/02/26 21:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
    SRV:64bit: - [2009/07/13 17:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
    SRV:64bit: - [2010/11/20 19:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
    SRV:64bit: - [2010/11/20 19:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
    SRV:64bit: - [2014/04/11 18:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
    SRV:64bit: - [2009/07/13 17:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
    SRV - [2009/07/13 17:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
    SRV:64bit: - [2012/07/04 14:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
    SRV:64bit: - [2013/07/08 21:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
    SRV - [2013/07/08 20:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
    SRV:64bit: - [2010/11/20 19:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
    SRV:64bit: - [2010/11/20 19:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV - [2010/11/20 19:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2011/07/13 21:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
    SRV:64bit: - [2009/07/13 17:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
    SRV:64bit: - [2009/07/13 17:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
    SRV - [2009/07/13 17:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
    SRV:64bit: - [2009/07/13 17:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
    SRV:64bit: - [2010/11/20 19:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:64bit: - [2009/07/13 17:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
    SRV:64bit: - [2009/07/13 17:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
    SRV:64bit: - [2009/07/13 17:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
    SRV:64bit: - [2009/07/13 17:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
    SRV - [2009/07/13 17:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
    SRV:64bit: - [2014/12/05 20:17:27 | 000,303,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
    SRV:64bit: - [2009/07/13 17:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
    SRV:64bit: - [2011/09/21 01:37:16 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
    SRV:64bit: - [2012/02/10 22:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
    SRV:64bit: - [2014/04/11 18:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:64bit: - [2009/07/13 17:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
    SRV:64bit: - [2010/11/20 19:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
    SRV:64bit: - [2010/11/20 19:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
    SRV:64bit: - [2010/11/20 19:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
    SRV:64bit: - [2014/04/11 18:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
    SRV:64bit: - [2009/07/13 17:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
    SRV:64bit: - [2010/11/20 19:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
    SRV:64bit: - [2010/11/20 19:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
    SRV - [2010/11/20 19:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV:64bit: - [2010/11/20 19:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
    SRV:64bit: - [2010/11/20 19:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
    SRV - [2010/11/20 19:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
    SRV:64bit: - [2009/07/13 17:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2014/12/18 19:06:55 | 000,210,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
    SRV:64bit: - [2010/11/20 19:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
    SRV:64bit: - [2014/10/02 18:11:51 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
    SRV:64bit: - [2014/10/02 18:11:51 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2010/11/20 19:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
    SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/11/20 19:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
    SRV:64bit: - [2010/11/20 19:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
    SRV:64bit: - [2010/11/20 19:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
    SRV:64bit: - [2010/11/20 19:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
    SRV - [2010/11/20 19:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
    SRV:64bit: - [2009/07/13 17:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
    SRV:64bit: - [2014/05/14 08:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
    SRV:64bit: - [2010/11/20 19:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
    SRV:64bit: - [2009/07/13 17:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
    SRV:64bit: - [2010/11/20 19:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2011/07/13 21:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/07/13 21:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/07/13 21:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/07/13 21:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 19:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/07/13 21:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/07/13 21:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 19:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: MPSVC.DLL >
    [2013/05/26 21:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
    [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll
    [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
    [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll

    < MD5 for: QMGR.DLL >
    [2010/11/20 19:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
    [2010/11/20 19:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2010/11/20 19:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 19:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll

    < MD5 for: SERVICES >
    [2009/06/10 13:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

    < MD5 for: SERVICES.ASFX >
    [2014/09/04 04:51:08 | 000,002,652 | ---- | M] () MD5=02401F78DDB80A1702E2594C40647FCA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
    [2014/09/04 04:51:14 | 000,002,627 | ---- | M] () MD5=05039BCC8D5799E973F7C9695272209C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
    [2014/09/04 04:51:16 | 000,002,695 | ---- | M] () MD5=0C2759F87571CB0856DF97281AB11F48 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
    [2014/09/04 04:51:12 | 000,002,627 | ---- | M] () MD5=134BCD7B1333586959CF89072FF6A265 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
    [2014/09/04 04:51:18 | 000,002,600 | ---- | M] () MD5=2186D5B1BED1CFE0457765303462705B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
    [2014/09/04 04:51:50 | 000,002,710 | ---- | M] () MD5=243F440B6401962F2388F7ACFCA6A26A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
    [2014/09/04 04:51:00 | 000,002,804 | ---- | M] () MD5=2E156E44760D6B246EA9A1AA0844697A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
    [2014/09/04 04:51:16 | 000,002,703 | ---- | M] () MD5=500CB404D45B74E35896C6A5633F377B -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
    [2014/09/04 04:51:22 | 000,002,762 | ---- | M] () MD5=56D0A5A91E854340B14F19AAA05854D0 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
    [2014/09/04 04:51:38 | 000,003,134 | ---- | M] () MD5=57D45EA50B060B30D434685477DA1FE8 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
    [2014/09/04 04:51:52 | 000,003,107 | ---- | M] () MD5=5D2F185D3F70D19553CFE95CC0DEFDC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
    [2014/09/04 04:51:54 | 000,002,646 | ---- | M] () MD5=626040093DA208CFB7DC8DEFD5419CB5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
    [2014/09/04 04:50:56 | 000,002,728 | ---- | M] () MD5=6C3ED58AF1515EF421E8835A7AD50CE2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
    [2014/09/04 04:51:48 | 000,002,650 | ---- | M] () MD5=731C236A275736CDCC26599C85521E68 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
    [2014/09/04 04:51:20 | 000,002,609 | ---- | M] () MD5=77960EFFB46E6720EE6E1F88040E9CBA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
    [2014/09/04 04:51:14 | 000,002,669 | ---- | M] () MD5=8FE9D9DE93CC74750429227C5C079149 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
    [2014/09/04 04:51:20 | 000,002,709 | ---- | M] () MD5=9806ABE74F65D32806BA1B8339E4950A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
    [2014/09/04 04:51:04 | 000,002,672 | ---- | M] () MD5=9906D8E2C123B66288B41D65F2FDE6E6 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
    [2014/09/04 04:51:52 | 000,002,734 | ---- | M] () MD5=9FFDC10E4A4EEBE40BD28E670F8EA3DA -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
    [2014/09/04 04:50:54 | 000,002,694 | ---- | M] () MD5=ABE9FC6BC64120ED4CDC335B386DD64D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
    [2014/09/04 04:51:54 | 000,002,681 | ---- | M] () MD5=D37DD56473ACA875D42C88823743B4E5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
    [2014/09/04 04:51:50 | 000,002,660 | ---- | M] () MD5=D72943B51BC6BFB8F626098073EA0F5D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
    [2014/09/04 04:51:08 | 000,002,695 | ---- | M] () MD5=DB50639AE052FD450E6365B8724CE3D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
    [2010/11/15 20:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
    [2014/09/04 04:51:22 | 000,002,666 | ---- | M] () MD5=E3856B5FBFD932C3A7E2F65D063D3849 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
    [2014/09/04 04:51:30 | 000,002,678 | ---- | M] () MD5=EA5C0628B559E2607D9219285F5DCA27 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
    [2014/09/04 04:51:06 | 000,002,683 | ---- | M] () MD5=FCD9EE2A20A156B4A4497E731D95284A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx

    < MD5 for: SERVICES.ASFX1 >
    [2010/11/15 20:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1

    < MD5 for: SERVICES.ASFX10 >
    [2010/11/15 20:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10

    < MD5 for: SERVICES.ASFX11 >
    [2010/11/15 20:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11

    < MD5 for: SERVICES.ASFX12 >
    [2010/11/15 20:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12

    < MD5 for: SERVICES.ASFX13 >
    [2010/11/15 20:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13

    < MD5 for: SERVICES.ASFX14 >
    [2010/11/15 20:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14

    < MD5 for: SERVICES.ASFX15 >
    [2010/11/15 20:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15

    < MD5 for: SERVICES.ASFX16 >
    [2010/11/15 20:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16

    < MD5 for: SERVICES.ASFX17 >
    [2010/11/15 20:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17

    < MD5 for: SERVICES.ASFX18 >
    [2010/11/15 20:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18

    < MD5 for: SERVICES.ASFX19 >
    [2010/11/15 20:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19

    < MD5 for: SERVICES.ASFX2 >
    [2010/11/15 20:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2

    < MD5 for: SERVICES.ASFX20 >
    [2010/11/15 20:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20

    < MD5 for: SERVICES.ASFX21 >
    [2010/11/15 20:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21

    < MD5 for: SERVICES.ASFX22 >
    [2010/11/15 20:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22

    < MD5 for: SERVICES.ASFX23 >
    [2010/11/15 20:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23

    < MD5 for: SERVICES.ASFX24 >
    [2010/11/15 20:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24

    < MD5 for: SERVICES.ASFX25 >
    [2010/11/15 20:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25

    < MD5 for: SERVICES.ASFX3 >
    [2010/11/15 20:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3

    < MD5 for: SERVICES.ASFX4 >
    [2010/11/15 20:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4

    < MD5 for: SERVICES.ASFX5 >
    [2010/11/15 20:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5

    < MD5 for: SERVICES.ASFX6 >
    [2010/11/15 20:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6

    < MD5 for: SERVICES.ASFX7 >
    [2010/11/15 20:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7

    < MD5 for: SERVICES.ASFX8 >
    [2010/11/15 20:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8

    < MD5 for: SERVICES.ASFX9 >
    [2010/11/15 20:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9

    < MD5 for: SERVICES.CFG >
    [2014/09/04 04:50:22 | 000,559,515 | ---- | M] () MD5=704FFA2F886780380DB96EF03E5FC512 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
    [2010/11/15 20:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg

    < MD5 for: SERVICES.EXE >
    [2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SERVICES.EXE.MUI >
    [2010/11/20 23:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
    [2010/11/20 23:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

    < MD5 for: SERVICES.JS >
    [2012/01/26 10:14:48 | 000,018,691 | ---- | M] () MD5=9358495E94D1710E6BC4EC57E602F2EE -- C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\HTML\js\services.js

    < MD5 for: SERVICES.LNK >
    [2009/07/13 20:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
    [2009/07/13 20:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

    < MD5 for: SERVICES.MOF >
    [2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
    [2009/06/10 12:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

    < MD5 for: SERVICES.MSC >
    [2010/11/20 23:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
    [2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
    [2010/11/20 23:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
    [2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
    [2010/11/20 23:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
    [2009/06/10 12:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
    [2010/11/20 23:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
    [2009/06/10 13:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

    < MD5 for: SERVICES.PTXML >
    [2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
    [2009/07/13 12:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

    < MD5 for: SVCHOST.EXE >
    [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
    [2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
    [2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe
    [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
    [2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
    [2010/11/20 19:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
    [2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
    [2010/11/20 19:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 19:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2014/11/21 06:12:42 | 000,761,656 | ---- | M] (MalwareBytes) MD5=625BB08813743947985B0DEEFC35ED12 -- C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
    [2014/03/04 03:08:14 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=6CE2AE073BD21C542FC2C707CAE944CC -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
    [2014/03/04 01:43:50 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=88AB9B72B4BF3963A0DE0820B4B0B06C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
    [2014/07/16 18:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\SysNative\winlogon.exe
    [2014/07/16 18:07:24 | 000,455,168 | ---- | M] (Microsoft Corporation) MD5=8CEBD9D0A0A879CDE9F36F4383B7CAEA -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_cdc47ed1ebad0e4e\winlogon.exe
    [2014/07/15 19:23:23 | 000,455,680 | ---- | M] (Microsoft Corporation) MD5=98AA0BFEE089C7E5DADB94190D93456C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_ce434d9704d2c730\winlogon.exe

    < dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C is Acer
    Volume Serial Number is 70E1-3337
    Directory of C:\
    07/13/2009 09:08 PM <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    07/13/2009 09:08 PM <JUNCTION> Application Data [C:\ProgramData]
    07/13/2009 09:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
    07/13/2009 09:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/13/2009 09:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/13/2009 09:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/13/2009 09:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users
    07/13/2009 09:08 PM <SYMLINKD> All Users [C:\ProgramData]
    07/13/2009 09:08 PM <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    07/13/2009 09:08 PM <JUNCTION> Application Data [C:\ProgramData]
    07/13/2009 09:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
    07/13/2009 09:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/13/2009 09:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/13/2009 09:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/13/2009 09:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    07/13/2009 09:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    07/13/2009 09:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    07/13/2009 09:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    07/13/2009 09:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
    07/13/2009 09:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    07/13/2009 09:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    07/13/2009 09:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    07/13/2009 09:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    07/13/2009 09:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    07/13/2009 09:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    07/13/2009 09:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    07/13/2009 09:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    07/13/2009 09:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    07/13/2009 09:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
    07/13/2009 09:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    07/13/2009 09:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    07/13/2009 09:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
    07/13/2009 09:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    07/13/2009 09:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Thomas Kaufmann
    11/07/2012 05:51 PM <JUNCTION> Application Data [C:\Users\Thomas Kaufmann\AppData\Roaming]
    11/07/2012 05:51 PM <JUNCTION> Cookies [C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Cookies]
    11/07/2012 05:51 PM <JUNCTION> Local Settings [C:\Users\Thomas Kaufmann\AppData\Local]
    11/07/2012 05:51 PM <JUNCTION> My Documents [C:\Users\Thomas Kaufmann\Documents]
    11/07/2012 05:51 PM <JUNCTION> NetHood [C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    11/07/2012 05:51 PM <JUNCTION> PrintHood [C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    11/07/2012 05:51 PM <JUNCTION> Recent [C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Recent]
    11/07/2012 05:51 PM <JUNCTION> SendTo [C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\SendTo]
    11/07/2012 05:51 PM <JUNCTION> Start Menu [C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu]
    11/07/2012 05:51 PM <JUNCTION> Templates [C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Thomas Kaufmann\AppData\Local
    11/07/2012 05:51 PM <JUNCTION> Application Data [C:\Users\Thomas Kaufmann\AppData\Local]
    11/07/2012 05:51 PM <JUNCTION> History [C:\Users\Thomas Kaufmann\AppData\Local\Microsoft\Windows\History]
    11/07/2012 05:51 PM <JUNCTION> Temporary Internet Files [C:\Users\Thomas Kaufmann\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Thomas Kaufmann\Documents
    11/07/2012 05:51 PM <JUNCTION> My Music [C:\Users\Thomas Kaufmann\Music]
    11/07/2012 05:51 PM <JUNCTION> My Pictures [C:\Users\Thomas Kaufmann\Pictures]
    11/07/2012 05:51 PM <JUNCTION> My Videos [C:\Users\Thomas Kaufmann\Videos]
    0 File(s) 0 bytes
    Directory of C:\Windows\System32\config\systemprofile
    11/24/2014 07:04 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
    11/24/2014 07:04 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
    11/24/2014 07:04 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
    11/24/2014 07:04 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
    11/24/2014 07:04 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    11/24/2014 07:04 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    11/24/2014 07:04 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
    11/24/2014 07:04 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
    11/24/2014 07:04 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
    11/24/2014 07:04 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Windows\System32\config\systemprofile\AppData\Local
    11/24/2014 07:04 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
    11/24/2014 07:04 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
    11/24/2014 07:04 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Windows\System32\config\systemprofile\Documents
    11/24/2014 07:04 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
    11/24/2014 07:04 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
    11/24/2014 07:04 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
    0 File(s) 0 bytes
    Directory of C:\Windows\SysWOW64\config\systemprofile
    11/24/2014 07:04 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
    11/24/2014 07:04 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
    11/24/2014 07:04 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
    11/24/2014 07:04 PM <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
    11/24/2014 07:04 PM <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    11/24/2014 07:04 PM <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    11/24/2014 07:04 PM <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
    11/24/2014 07:04 PM <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
    11/24/2014 07:04 PM <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
    11/24/2014 07:04 PM <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
    11/24/2014 07:04 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
    11/24/2014 07:04 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
    11/24/2014 07:04 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
    11/24/2014 07:04 PM <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
    11/24/2014 07:04 PM <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
    11/24/2014 07:04 PM <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    0 File(s) 0 bytes
    82 Dir(s) 223,397,367,808 bytes free

    < End of report >
     
  2. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    This is the EXTRAS text from the OTL Scan:

    OTL Extras logfile created on: 2/3/2015 10:50:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Thomas Kaufmann\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17501)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.73 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 68.23% Memory free
    3.70 Gb Paging File | 2.46 Gb Available in Paging File | 66.52% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284.99 Gb Total Space | 208.10 Gb Free Space | 73.02% Space Free | Partition Type: NTFS

    Computer Name: ROMAN | User Name: Thomas Kaufmann | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-4053005129-379462516-412182494-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0495AD57-2FF9-443C-B147-A019CA602F34}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{09C172F7-47B8-47A2-A788-25DDAD3DD61C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{0E1AFBB0-FF99-44B9-969B-00F0CDD95CF2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{14515457-2E9B-4187-93F6-F2B272921574}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1BC38F63-12CA-46BE-9E00-87DE9F078215}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1D096FE3-8508-409F-9FCA-5651D5601DDF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{26E9B327-11D4-4181-983B-D2B8F6082DC7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{295B7A98-6EF8-44B3-856D-0ED38BEE7123}" = rport=137 | protocol=17 | dir=out | app=system |
    "{3E230BC5-4184-49EB-A4F4-2149DB8AC3D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{44A11808-7B22-4777-B224-E6928894CDB3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{4E4B06FD-009D-4A4A-8E37-B802C365A61F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{51606ED9-5053-42A8-A381-D8552E9B2981}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
    "{5DA83541-1C5C-4E8F-8DA5-8B48DE21F6FD}" = rport=445 | protocol=6 | dir=out | app=system |
    "{72AEA2BB-D275-404C-A639-6A5107FEF11F}" = lport=137 | protocol=17 | dir=in | app=system |
    "{771D4665-EF4C-4F11-848B-61ADD66491D9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7A1D082C-1EE1-4D50-8705-BA3EF8DA85B6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{7ED80233-9164-4158-B125-24172EAF3ED1}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "{92EE43A6-CA91-42D3-B174-F5AB852F86E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{9C74402E-B674-4D7B-8020-7BE7E7EAFF56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B11EB181-D855-4D3C-B86E-B5855CC435B1}" = rport=139 | protocol=6 | dir=out | app=system |
    "{D221953E-8777-45FF-8613-58644A8D1278}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D8118735-9F9F-4560-BF70-00485A4119F1}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D8C9F5E6-7126-49B1-A6BB-CE6EEAF0D49D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{ECDE06D6-A41C-434F-9B85-2F28394E0F9E}" = lport=138 | protocol=17 | dir=in | app=system |
    "{FC5582C5-E0FE-4181-B9F6-E789D66C9DA2}" = lport=10243 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0F65BDE6-544B-4408-BA35-9B56D799D962}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{13546F9C-E37B-493F-BB42-9379BDBDEE22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{1A3EE4CB-65DD-41CD-99FF-90E0CA5E0559}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{21906919-A643-4FAE-A7C6-413CFFF22038}" = protocol=6 | dir=in | app=c:\users\thomas kaufmann\appdata\roaming\dropbox\bin\dropbox.exe |
    "{2B9F326D-DE76-405E-9CCD-B5A98024F1B1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2BCFF9B6-14D6-4C17-96CF-FF8D5E10318A}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
    "{36A0E85A-D5F8-459A-811C-F004348C6817}" = protocol=17 | dir=in | app=c:\users\thomas kaufmann\appdata\roaming\dropbox\bin\dropbox.exe |
    "{38473366-E2DF-4972-B4EE-FCAF05FB25E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3E62FBDF-AFC6-486C-85BF-39297933A7BF}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
    "{41715BC0-B462-4588-B749-EC91BDA687A7}" = protocol=1 | dir=out | [email protected],-28544 |
    "{41DFAAD4-49C1-4AC6-8F68-E31F5DED19A3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{46168297-6DE7-4840-A342-7213B1E748AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4F08CF52-B016-4A68-944C-1304C9C0BE35}" = protocol=6 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
    "{5CFF1CDF-36D0-450B-9692-9E40DDB9DA37}" = protocol=6 | dir=in | app=c:\users\thomas kaufmann\appdata\roaming\spotify\spotify.exe |
    "{69781CB6-1442-4704-9BC4-43ED5C10B1FE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{6A4B5385-D71A-4B53-969F-BD14EAFDC1FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6D1B2F44-4228-4838-8F6A-651FE12BB236}" = protocol=58 | dir=out | [email protected],-28546 |
    "{758C2AFA-B40D-45A4-BBBF-303B1D22B85B}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
    "{79F688AA-50A6-482C-8E2A-8CAA28E2E231}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7AE076F8-8786-4D49-A89A-96ABC6664529}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{823667CF-1C2F-4C2D-A14B-CBF12BC904F2}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
    "{84FF1CF6-DC0C-4359-BB41-BC074C5AF5DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{857F690C-9FBE-4FCE-95D1-A2B10D256E78}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8E7EBD81-ED0E-4312-ABF5-A6A8CB6A8D1E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{93FE58AC-9FB4-45E1-9435-5D6478D93459}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
    "{95B2D66D-3825-4929-96B1-B3DAFE1AC756}" = protocol=17 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
    "{9666DA70-257B-479F-B7C6-66AE3140E0E7}" = protocol=6 | dir=in | app=c:\program files (x86)\ivt corporation\bluesoleil\bluesoleilcs.exe |
    "{99E1B815-D06B-4901-9CCC-4CE6702AA9BB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{9AA45380-03C2-41D7-92CD-DE95FF9C4233}" = protocol=1 | dir=in | [email protected],-28543 |
    "{9CA73C7E-5821-420B-A9A4-F533F5AE0B70}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
    "{A72F11ED-C226-472D-9ABB-CF44DECE9C9E}" = protocol=17 | dir=in | app=c:\users\thomas kaufmann\appdata\roaming\spotify\spotify.exe |
    "{B05FDA52-6B2E-45FB-9243-424110C8B243}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B6C9A576-B059-438F-94BF-03B96B6B8AF9}" = protocol=6 | dir=out | app=system |
    "{BA169C53-64C4-449D-B6D9-5C579E0AE49C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{C1DD30E1-9F3A-4C52-9084-1C24A866266D}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{C229CA86-D1D2-4089-A45B-2E31E803BAF1}" = protocol=17 | dir=in | app=c:\program files\national instruments\shared\ni webserver\applicationwebserver.exe |
    "{CD4A55A3-AC69-4910-B11D-11764353D2A1}" = protocol=17 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
    "{D8A10361-5747-4D21-8902-4DAF94D41C57}" = protocol=58 | dir=in | [email protected],-28545 |
    "{E9F3CA92-CAD3-46F6-BDA4-C9D733553497}" = protocol=6 | dir=in | app=c:\program files (x86)\national instruments\shared\ni webserver\systemwebserver.exe |
    "{ED4A51A0-9BA9-42E5-AA35-7726CE2478C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{EF638B55-38BD-416A-8F5D-3942E8F9105C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{F3F97406-3A5D-4BC4-A398-AC52743D06F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F6C6B583-9B72-4A8E-BAC1-FDB6F3C147EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FA98DD40-B2F0-4CCE-85DA-0E18D9669426}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FD49DB5E-A2D1-4D04-9795-F4DBA89B7033}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "TCP Query User{436C2B03-D644-41F2-B934-0B6A8A774259}C:\users\thomas kaufmann\appdata\roaming\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\users\thomas kaufmann\appdata\roaming\torntv.com\torntv downloader.exe |
    "TCP Query User{75EBF3DD-2BF1-41B7-A7C0-EFE88D4E6DBA}C:\users\thomas kaufmann\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\thomas kaufmann\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{745F9D17-F226-423C-96B2-3D8112931217}C:\users\thomas kaufmann\appdata\roaming\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\users\thomas kaufmann\appdata\roaming\torntv.com\torntv downloader.exe |
    "UDP Query User{7AD1B3AB-70C8-481A-845E-E11D56B12D4C}C:\users\thomas kaufmann\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\thomas kaufmann\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{029CA27F-8D5C-AC3C-319B-FA50664CE9F9}" = AMD Catalyst Install Manager
    "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{2C304E7A-A1E0-4E56-8679-7B7FC80BE6BE}" = NI-RPC 4.2.2f0 for 64 Bit Windows
    "{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}" = iTunes
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3AFD5259-24B6-4332-8EEF-9947200DF693}" = NI GMP Windows 64-bit Installer 11.0.0
    "{3EEE7ABF-0F7B-498A-9825-B853BB9966A9}" = NI Curl 1.5 (64-bit)
    "{4168FF33-8D45-40B3-B2A8-FD91BB2A1BA0}" = NI mDNS Responder 1.6 for Windows 64-bit
    "{4E07E126-991F-4BA4-A0B9-35A54DAB3B33}" = NI-ORB 1.9.3f0 for 64 Bit Windows
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{50B2D9D8-87B6-49EE-BC5C-874119FD6B7B}" = NI Xerces Delay Load 2.7.3 64-bit
    "{5780B596-E0C0-4E78-8671-6C80D2913366}" = NI TDMS (64-bit)
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6094C2CE-1F1F-48CA-967E-171EC0F7396F}" = NI-VISA x64 support 5.1.0
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{65720D60-ACDA-4291-B8D1-5C2D602B1A49}" = NI Authentication 2011 SP1 (64-bit)
    "{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7A9C5D4B-27AC-4691-8A9D-4B5BD1F6A5D6}" = NI-PAL 2.6.5f0 for 64 Bit Windows
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{82DA2AE0-AC4B-4D34-BE7D-B4C720A1E7D2}" = NI VC2008MSMs x64
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{895C2A25-8CB1-4DFE-9816-030841464F74}" = NI-DIM 1.11.0f0 for 64 Bit Windows
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B9B0B5B-9300-4D1F-8064-11763780975E}" = BlueSoleil 8.6.427.0
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{975352A0-948D-D5C7-A07E-24B970EDF2A9}" = ccc-utility64
    "{9852ECEE-C1A0-4D3B-9702-00097BD8BE80}" = NI System State Publisher (64-bit)
    "{99ACA06A-648E-4045-BF5C-A79EC35DBEE9}" = NI Trace Engine (64-bit)
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{9CE96256-FAF1-4E48-9CA1-02F7ED80A2E6}" = NI Logos64 5.3.0
    "{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{C36216E3-41AA-4A91-BF15-8C646CB07317}" = NI System Web Server Base 11.5 (64-bit)
    "{CD763F71-AA9E-5124-94CE-03730E766067}" = AMD Media Foundation Decoders
    "{CFCC7864-15DB-46AB-96A2-69F716E7D963}" = NI Logos64 XT Support
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{E7E62566-68DD-45FE-A8E4-C46351E70C03}" = NI Web Application Server 11.5 (64-bit)
    "{F71335BF-CF6B-4ACC-ABCE-BA9DF2031DB8}" = VISA Shared Components 64-Bit
    "{FBFAD1E8-E12E-4CEF-872D-EA170E21589A}" = NI SSL Support (64-bit)
    "0CB4AFFEC62F6C4604A9A11DA1DE69A99F4080A9" = Windows Driver Package - FTDI CDM Driver Package for HI-PRO USB (10/22/2009 2.06.00)
    "8461-7759-5462-8226" = Vuze
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "D0E6EE5E843A87D0963C6DD549A79E9279B53FC6" = Windows Driver Package - FTDI CDM Driver Package for HI-PRO USB (10/22/2009 2.06.00)
    "Elantech" = ETDWare PS/2-X64 10.6.8.1_WHQL
    "FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{073AB2D7-2B91-D6FF-FE7E-86BF8A7BFBD0}" = CCC Help Hungarian
    "{097F54D3-1019-4CC1-B2BA-8EA46A3EC9B2}" = NI EulaDepot
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{1342B867-AF20-CAB4-5933-118771F81A1B}" = CCC Help Dutch
    "{136AF185-A315-345C-4FB8-579F893C3C89}" = CCC Help Greek
    "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
    "{1816F8CA-43E0-1A7E-86A2-9A29128D2D16}" = Catalyst Control Center InstallProxy
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{204A6124-5CC2-3DAD-9BF0-576C315FF82A}" = CCC Help English
    "{20F1C397-6394-411C-B299-4743A4E4EFFF}" = NI Uninstaller
    "{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Apple Application Support
    "{2250E769-2D53-80A5-3AF4-07960E1C0BF6}" = CCC Help French
    "{231D0E11-0313-49FD-95CE-1D0264C7F1F5}" = NI Math Kernel Libraries
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{27A2CE49-B8FE-40EB-57BF-DD63554ED30D}" = CCC Help Czech
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WiFi Driver Installation
    "{292382C0-61F7-458A-9008-55F272A4DD9C}" = NI Logos 5.3.0
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2B1D39F8-477A-4B40-B062-F5E0C4D42B9B}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original)
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{31CB830F-FDD6-24DF-EBA2-CF1AEF4F4E4F}" = Catalyst Control Center Graphics Previews Common
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{348A1F5B-07B3-4436-9A47-FFE44EFE856E}" = HP Support Solutions Framework
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{38300A40-AB90-444D-A823-17EB95A5C731}" = NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support
    "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3E9EEE15-2E4A-82E8-5BD2-D417E771916B}" = CCC Help Swedish
    "{400639AE-E3A0-8B24-5522-80ED9E5546EA}" = CCC Help Japanese
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{45C164A8-E43E-4E1C-B532-C49729ACEDFE}" = Catalyst Control Center - Branding
    "{4655A04E-ACAA-4B97-ABB9-48246BF9642E}" = NI Error Reporting 2011 SP1
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4B667860-5632-4501-A9FC-81B0650E059A}" = NI Web Application Server 11.5
    "{4CD648BA-93D6-4D55-81FF-7B66FA67E2C6}" = NI MDF Support
    "{4DF4B93E-8A95-4DA0-DEE0-33537DFE5A48}" = CCC Help Thai
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{501DACFF-9399-4DBC-AA59-F35C9C6970D2}" = NI-DIM 1.11.0f0
    "{52252F5C-58CD-48ED-8C88-9AAD6FE887B4}" = NI Trace Engine
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{554C90EB-19B6-45F8-B6E4-6F050B3700A1}" = NI LabVIEW Run-Time Engine Interop 2011
    "{555B2ADE-B3CB-4C95-A789-8A7C03A004B7}" = NI LabVIEW 2011 Deployment Framework
    "{563C0A16-FCB5-DA60-D5CF-B0E22F7D325A}" = CCC Help Danish
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{58BB37E3-AAC0-413C-9031-7F7AE0509B6D}" = NI Curl 11.5
    "{59AAF033-AD0C-F8FA-9C49-AE4FAE1ECF2C}" = CCC Help Norwegian
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5ECC8FF1-BCAD-4197-9C95-4E94E2A6AB6D}" = NI LabVIEW Run-Time Engine 2011 SP1
    "{5F123C21-A5E2-4CFB-A6A7-034C9087099F}" = NI Logos XT Support
    "{608363EA-6216-B6FB-F870-196A491A0B37}" = CCC Help Russian
    "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
    "{616A0B52-7317-4293-90C9-1E4A793F4BC2}" = Alcor Micro USB Card Reader
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68559D97-71AF-B70D-2FC1-45370BEE892C}" = AMD VISION Engine Control Center
    "{6A8A32FC-C798-3979-EB3A-7FD7A7977ECE}" = CCC Help Chinese Standard
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{712723FB-BF99-4406-8F91-A2DB766AB2C9}" = NI VC2008MSMs x86
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{738E7C33-0368-F7AF-F3D3-0B7D6FCB8CFB}" = CCC Help Polish
    "{74DBB98D-B4A7-4DD9-9E13-C51FDB1105D0}" = NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated)
    "{75B8A55E-0762-4676-AAC0-6FDF025B034B}" = Citrix Online Launcher
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7C29CC57-4F4C-4B35-A4F3-8D9C85DE2ABF}" = NI System Web Server 11.5
    "{7C6869BF-6CBE-4CB0-8869-2743B419343C}" = NI LabVIEW 2011 Real-Time NBFifo
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{7FF66E73-B760-4A07-276D-C5FAA401BB54}" = CCC Help Finnish
    "{82D29FE9-9F5A-4EF7-BBA1-EF107DDB2E64}" = NI Certificates Deployment Support
    "{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
    "{8DBFF182-AE53-88AC-1F65-180130C4170B}" = CCC Help German
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
    "{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
    "{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_SharePointDesigner_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_SharePointDesigner_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
    "{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{930BD01D-A420-4BB4-8E85-A313FD7ED49E}" = NI-PAL 2.6.5f0
    "{96C52203-0162-677C-3F90-26AACF07FC63}" = CCC Help Italian
    "{98B874D4-D8A4-40BE-B82A-36E902C84289}" = NI-ORB 1.9.3f0
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{9FD901EF-E9E0-42AD-B957-C691E020DD6A}" = NI Authentication 2011 SP1
    "{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A363C314-2242-4BBE-9ADE-B427AF646EFF}" = NI mDNS Responder 1.6.0
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78796A8-3827-B1B9-6BB8-06165C809174}" = CCC Help Portuguese
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB9BBC2E-83F6-47A9-9FA3-08D3774F8E45}" = NI-RPC 4.2.2f0
    "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.12) MUI
    "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
    "{B07388F8-772A-8E09-8FD7-C9839EB70B18}" = CCC Help Turkish
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B5C45029-0755-4D0F-BAD2-6CF605D9E8F4}" = NI-VISA Runtime 5.1.0
    "{BCC373FE-227D-46D9-827F-05BA296E2602}" = NI LabVIEW Web Server for Run-Time Engine
    "{C1457A9E-3745-4026-BF81-4332AA695644}" = NI System Web Server Base 11.5
    "{C24C19AA-8612-9FB6-6EAC-BCC4DF33D92C}" = CCC Help Korean
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
    "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C8C69122-5544-6914-BFF2-EF8D286F0957}" = Catalyst Control Center Localization All
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5BB7AAE-62F4-4C4F-B272-F27AEE16BA7F}" = NI TDMS
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E6068691-1FBC-4EF0-87E8-609CDB32038A}" = NI Xerces Delay Load 2.7.3
    "{E68849B1-62A5-C4DD-0450-EF36C21FEDA3}" = CCC Help Spanish
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E9030CD3-1707-4149-B3CA-794582116E23}" = NI SSL Support
    "{EA37AB72-EC8C-432C-A1C6-186850FB0559}" = NI System State Publisher
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}" = QuickShare
    "{F6C682B6-7714-41CC-80B6-3288364910AF}" = NI GMP Windows 32-bit Installer 11.0.0
    "{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{FABC08FE-E097-CEFB-2C37-8D53FC9FBDA9}" = CCC Help Chinese Traditional
    "{FCDB0EF3-673C-FDCE-6498-750F51391660}" = Fooz Kids
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "AmUStor" = Alcor Micro USB Card Reader
    "BN_DesktopReader" = NOOK for PC
    "FoozKids" = Fooz Kids
    "Google Chrome" = Google Chrome
    "Identity Card" = Identity Card
    "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
    "InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
    "InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
    "LManager" = Launch Manager
    "Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "NI Uninstaller" = National Instruments Software
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "SharePointDesigner" = Microsoft Office SharePoint Designer 2007
    "SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
    "VISASharedComponents" = VISA Shared Components 64-Bit
    "WildTangent acer Master Uninstall" = Acer Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-0b9eff21-3e4d-475d-8083-8fcda6b672f6" = Zuma Deluxe
    "WTA-1634c652-f9ac-4c53-af6f-92c65c13cabc" = Skip-Bo - Castaway Caper
    "WTA-177764c3-b22e-4507-8e6f-630cf0640ec5" = Chuzzle Deluxe
    "WTA-186d5078-a771-4dc1-9013-41843e1cc370" = Plants vs. Zombies - Game of the Year
    "WTA-20908532-b963-4ebc-825a-7eb9c4a8911d" = Agatha Christie - Death on the Nile
    "WTA-28df5b72-7872-4d79-8b37-d504c8397311" = Tradewinds Legends
    "WTA-45c0be90-f8bd-4f56-ba68-ef51142855e8" = Penguins!
    "WTA-5a184328-3a69-43f7-a322-9a1507d18660" = Torchlight
    "WTA-763802e3-e5f7-41b5-af35-5d0397f199a3" = Wedding Dash
    "WTA-879fd0d7-29f4-405a-9a95-03ce8a846ca7" = Slingo Deluxe
    "WTA-914fcce7-7c51-401b-bfe9-6e935133ec6f" = Virtual Villagers 4 - The Tree of Life
    "WTA-d4935ae9-0395-46e7-b750-e3de892f7917" = Polar Bowler
    "WTA-e1db28d6-5a14-47bc-951a-96ddcaf82e04" = Insaniquarium Deluxe
    "WTA-f5c3a966-960c-4470-9b8f-944138fce119" = Final Drive: Nitro
    "WTA-f954e7f7-7464-4da9-9ff3-bbfbe06ea0ac" = FATE

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-4053005129-379462516-412182494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{3A787631-66A2-4634-B928-A37E73B58FB6}" = Browser Extensions
    "Dropbox" = Dropbox
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/5/2014 6:11:48 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 8127

    Error - 10/5/2014 6:11:48 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 8127

    Error - 10/5/2014 6:11:49 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/5/2014 6:11:49 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 9126

    Error - 10/5/2014 6:11:49 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 9126

    Error - 10/5/2014 6:11:50 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/5/2014 6:11:50 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 10124

    Error - 10/5/2014 6:11:50 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 10124

    Error - 10/5/2014 6:11:51 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/5/2014 6:11:51 PM | Computer Name = RoMan | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 11138

    [ System Events ]
    Error - 10/12/2014 1:58:50 AM | Computer Name = RoMan | Source = Service Control Manager | ID = 7031
    Description = The Shell Hardware Detection service terminated unexpectedly. It
    has done this 1 time(s). The following corrective action will be taken in 60000
    milliseconds: Restart the service.

    Error - 10/12/2014 1:58:50 AM | Computer Name = RoMan | Source = Service Control Manager | ID = 7031
    Description = The Themes service terminated unexpectedly. It has done this 1 time(s).
    The following corrective action will be taken in 60000 milliseconds: Restart the
    service.

    Error - 10/12/2014 1:58:50 AM | Computer Name = RoMan | Source = Service Control Manager | ID = 7031
    Description = The Windows Management Instrumentation service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    120000 milliseconds: Restart the service.

    Error - 10/12/2014 2:00:51 AM | Computer Name = RoMan | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the User Profile Service service,
    but this action failed with the following error: %%1056

    Error - 10/12/2014 2:00:51 AM | Computer Name = RoMan | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Windows Management Instrumentation
    service, but this action failed with the following error: %%1056

    Error - 10/12/2014 2:00:51 AM | Computer Name = RoMan | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Extensible Authentication
    Protocol service, but this action failed with the following error: %%1056

    Error - 10/12/2014 2:15:22 PM | Computer Name = RoMan | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/13/2014 12:27:31 AM | Computer Name = RoMan | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/13/2014 7:09:43 PM | Computer Name = RoMan | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error - 10/14/2014 1:29:33 AM | Computer Name = RoMan | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cdrom


    < End of report >
     
  3. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Welcome. :)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Make sure that under Optional Scans, there is a checkmark on Addition.txt and Shortcut.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another two logs (Addition.txt and Shortcut.txt). Please attach these to your reply.
     
  4. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    Hello! Thank you for your assistance. Here is the FRST text:

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
    Ran by Thomas Kaufmann (administrator) on ROMAN on 04-02-2015 14:14:06
    Running from C:\Users\Thomas Kaufmann\Downloads
    Loaded Profiles: Thomas Kaufmann (Available profiles: Thomas Kaufmann)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    (Spotify Ltd) C:\Users\Thomas Kaufmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
    (Dropbox, Inc.) C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
    (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
    (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
    (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
    (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
    (National Instruments Corporation) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (IVT Corporation) C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
    HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2892072 2012-01-17] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2011-12-08] (Alcor Micro Corp.)
    HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
    HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-22] (Microsoft)
    HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
    HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-22] (Microsoft)
    HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-27] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
    HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [433912 2013-04-27] (IVT Corporation)
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-21-4053005129-379462516-412182494-1000\...\Run: [Spotify Web Helper] => C:\Users\Thomas Kaufmann\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
    ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
    ShortcutTarget: NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
    Startup: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BootExecute: autocheck autochk * bootdelete
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-4053005129-379462516-412182494-1000] => http=127.0.0.1:49203;https=127.0.0.1:49203
    HKU\S-1-5-21-4053005129-379462516-412182494-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4053005129-379462516-412182494-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
    SearchScopes: HKU\S-1-5-21-4053005129-379462516-412182494-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4053005129-379462516-412182494-1000 -> {57980F71-E673-4F3D-9233-DD9B8ACC711C} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
    Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24280] (National Instruments Corporation)
    Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26328] (National Instruments Corporation)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4053005129-379462516-412182494-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Thomas Kaufmann\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF user.js: detected! => C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\user.js
    FF Extension: Avira Browser Safety - C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\[email protected] [2014-09-24]
    FF Extension: Start Page - C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e} [2014-09-24]
    FF Extension: Slick Savings - C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f} [2014-09-24]
    FF Extension: Amazon Shopping Assistant by Spigot - C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1} [2014-09-24]
    FF Extension: Ebay Shopping Assistant by Spigot - C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\{f894a29a-f065-40c3-bb19-da6057778493} [2014-09-24]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3333529&octid=EB_ORIGINAL_CTID&ISID=I0B86D833-5BCA-4014-94B6-C1DC7681E5B8&SearchSource=55&CUI=&UM=8&UP=SPA199C674-4818-4226-9C11-388B414AD1A5&SSPV=
    CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3333529&octid=EB_ORIGINAL_CTID&ISID=I0B86D833-5BCA-4014-94B6-C1DC7681E5B8&SearchSource=55&CUI=&UM=8&UP=SPA199C674-4818-4226-9C11-388B414AD1A5&SSPV=", "https://www.yahoo.com/"
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3333529&octid=EB_ORIGINAL_CTID&ISID=I0B86D833-5BCA-4014-94B6-C1DC7681E5B8&SearchSource=58&CUI=&UM=8&UP=SPA199C674-4818-4226-9C11-388B414AD1A5&q={searchTerms}&SSPV=
    CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll ()
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
    CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
    CHR Profile: C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-18]
    CHR Extension: (Google Drive) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-18]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-11]
    CHR Extension: (YouTube) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-18]
    CHR Extension: (Google Search) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-18]
    CHR Extension: (AdBlock) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-11-25]
    CHR Extension: (Reverse Page) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokopkfdeilhccnimknmdfpkdjampjaf [2015-01-20]
    CHR Extension: (Google Wallet) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-14]
    CHR Extension: (Gmail) - C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-18]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [3306232 2013-04-27] (IVT Corporation)
    R3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [207096 2013-04-26] (IVT Corporation)
    R2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [273656 2013-04-26] (IVT Corporation)
    R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.)
    R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [46192 2011-06-14] (National Instruments Corporation)
    R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [56952 2011-06-14] (National Instruments Corporation)
    R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [50336 2012-03-06] (National Instruments Corporation)
    S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [68256 2012-03-06] (National Instruments Corporation)
    R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [362104 2011-06-14] (National Instruments Corporation)
    R2 niLXIDiscovery; C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [233664 2011-06-19] (National Instruments Corporation)
    R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [194224 2011-06-01] (National Instruments Corporation)
    R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [50328 2012-03-06] (National Instruments Corporation)
    R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
    R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
    S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [575488 2008-09-08] (Nokia.) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [72864 2012-01-18] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-31] (Broadcom Corporation.)
    S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [41208 2012-12-24] (IVT Corporation)
    S3 BlueletAudio; C:\Windows\SysWOW64\DRIVERS\blueletaudio.sys [41208 2012-12-24] (IVT Corporation)
    S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.)
    S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-27] (IVT Corporation.)
    S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43128 2012-12-25] (IVT Corporation.)
    R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [25056 2011-12-21] (IVT Corporation.)
    R3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.)
    R3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25720 2013-01-05] (IVT Corporation.)
    R3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.)
    S3 nidimk; C:\Windows\system32\drivers\nidimkl.sys [11944 2010-06-11] (National Instruments Corporation)
    S3 niorbk; C:\Windows\system32\drivers\niorbkl.sys [11856 2009-06-14] (National Instruments Corporation)
    S3 nipalfwedl; C:\Windows\System32\drivers\nipalfwedl.sys [12992 2011-02-14] (National Instruments Corporation)
    R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [895640 2011-02-14] (National Instruments Corporation)
    S3 nipalusbedl; C:\Windows\System32\drivers\nipalusbedl.sys [12992 2011-02-14] (National Instruments Corporation)
    R0 nipbcfk; C:\Windows\System32\drivers\nipbcfk.sys [16984 2010-03-24] (National Instruments Corporation)
    S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [12968 2011-06-19] (National Instruments Corporation)
    R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [12968 2011-06-19] (National Instruments Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-04 14:14 - 2015-02-04 14:17 - 00025899 _____ () C:\Users\Thomas Kaufmann\Downloads\FRST.txt
    2015-02-04 14:13 - 2015-02-04 14:14 - 00000000 ____D () C:\FRST
    2015-02-04 12:36 - 2015-02-04 12:36 - 02131968 _____ (Farbar) C:\Users\Thomas Kaufmann\Downloads\FRST64.exe
    2015-02-03 23:21 - 2015-02-03 23:21 - 00084902 _____ () C:\Users\Thomas Kaufmann\Downloads\Extras.Txt
    2015-02-03 23:19 - 2015-02-03 23:19 - 00193446 _____ () C:\Users\Thomas Kaufmann\Downloads\OTL.Txt
    2015-02-03 22:26 - 2015-02-03 22:26 - 00602112 _____ (OldTimer Tools) C:\Users\Thomas Kaufmann\Downloads\OTL.exe
    2015-02-01 23:31 - 2015-02-01 23:31 - 00009856 _____ () C:\Users\Thomas Kaufmann\Downloads\Dad's Medications 2015.xlsx
    2015-02-01 03:25 - 2015-02-01 03:25 - 00000017 _____ () C:\Windows\SysWOW64\shortcut_ex.dat
    2015-01-26 19:26 - 2015-01-26 19:27 - 00804312 _____ (Download Publisher) C:\Users\Thomas Kaufmann\Downloads\HijackThis Setup.exe
    2015-01-26 18:18 - 2015-01-26 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-01-21 08:42 - 2015-01-21 08:42 - 00000000 _____ () C:\Windows\SysWOW64\sho1DD1.tmp
    2015-01-21 08:32 - 2015-01-21 08:32 - 00000000 ____D () C:\ProgramData\26a09a4400003026
    2015-01-20 14:13 - 2015-01-20 14:13 - 00000258 __RSH () C:\ProgramData\ntuser.pol
    2015-01-20 14:05 - 2015-01-20 14:05 - 00017290 _____ () C:\Users\Thomas Kaufmann\Downloads\[limetorrents.cc]Turist.aka.Force.Majeure.2014.with.Hardcoded.EngSubs-Movie-Addicted (2).torrent
    2015-01-20 13:47 - 2015-01-20 13:47 - 00017290 _____ () C:\Users\Thomas Kaufmann\Downloads\[limetorrents.cc]Turist.aka.Force.Majeure.2014.with.Hardcoded.EngSubs-Movie-Addicted (1).torrent
    2015-01-20 12:13 - 2015-01-20 12:13 - 00000000 ____D () C:\Users\Thomas Kaufmann\Documents\Optimizer Pro
    2015-01-20 12:10 - 2015-01-20 12:10 - 00017290 _____ () C:\Users\Thomas Kaufmann\Downloads\[limetorrents.cc]Turist.aka.Force.Majeure.2014.with.Hardcoded.EngSubs-Movie-Addicted.torrent
    2015-01-20 12:08 - 2015-01-20 12:08 - 00481536 _____ () C:\Users\Thomas Kaufmann\Downloads\Force_Majeure_2014_SUBBED_HDRip_X264-PLAYNOW (1).exe
    2015-01-20 12:07 - 2015-01-23 12:41 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
    2015-01-20 12:07 - 2015-01-20 12:07 - 00000000 ____D () C:\Users\Thomas Kaufmann\AppData\Local\globalUpdate
    2015-01-20 12:04 - 2015-01-20 12:04 - 00481536 _____ () C:\Users\Thomas Kaufmann\Downloads\Force_Majeure_2014_SUBBED_HDRip_X264-PLAYNOW.exe
    2015-01-19 21:13 - 2015-01-19 21:14 - 00018865 _____ () C:\Users\Thomas Kaufmann\Downloads\[kickass.so]force.majeure.2014.720p.web.dl.900mb.mkvcage.torrent
    2015-01-19 20:45 - 2015-01-19 20:45 - 00016722 _____ () C:\Users\Thomas Kaufmann\Downloads\[kickass.so]the.trip.2002.torrent
    2015-01-19 20:40 - 2015-01-19 20:41 - 00019371 _____ () C:\Users\Thomas Kaufmann\Downloads\[kickass.so]force.majeure.hardcoded.eng.subs.sno.torrent
    2015-01-19 20:35 - 2015-01-19 20:35 - 00311464 _____ () C:\Users\Thomas Kaufmann\Downloads\[kickass.so]force.majeure.2014.720p.web.dl.dd5.1.h.264.playnow.ethd (2).torrent
    2015-01-19 20:32 - 2015-01-19 20:35 - 00311464 _____ () C:\Users\Thomas Kaufmann\Downloads\[kickass.so]force.majeure.2014.720p.web.dl.dd5.1.h.264.playnow.ethd (1).torrent
    2015-01-15 06:28 - 2015-01-15 06:28 - 00000000 _____ () C:\Windows\SysWOW64\sho831A.tmp
    2015-01-14 10:34 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2015-01-14 10:34 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2015-01-14 10:34 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-01-14 10:34 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-01-14 10:34 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-01-14 10:34 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-01-14 10:34 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2015-01-14 10:34 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2015-01-14 10:34 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2015-01-14 10:34 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
    2015-01-14 10:34 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2015-01-14 10:34 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2015-01-14 10:34 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2015-01-08 15:26 - 2015-01-08 15:26 - 00110956 _____ () C:\Users\Thomas Kaufmann\Downloads\[kickass.so]love.is.strange.2014.brrip.xvid.ac3.ift.torrent
    2015-01-06 01:00 - 2015-01-06 01:00 - 00000000 _____ () C:\Windows\SysWOW64\sho75AC.tmp
    2015-01-05 01:54 - 2015-01-05 01:54 - 00000000 _____ () C:\Windows\SysWOW64\sho6AD4.tmp

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-02-04 14:02 - 2012-11-02 18:27 - 02089254 _____ () C:\Windows\WindowsUpdate.log
    2015-02-04 13:33 - 2013-01-18 15:45 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-02-04 13:30 - 2012-04-09 20:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2015-02-04 13:30 - 2012-04-09 20:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-02-04 10:04 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-02-04 10:04 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-02-04 09:59 - 2013-04-27 17:34 - 00001299 _____ () C:\Windows\SysWOW64\bscs.ini
    2015-02-04 09:57 - 2014-07-11 03:23 - 00000000 ___RD () C:\Users\Thomas Kaufmann\Dropbox
    2015-02-04 09:57 - 2014-07-11 03:16 - 00000000 ____D () C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox
    2015-02-04 09:56 - 2014-07-11 14:55 - 00025018 _____ () C:\Windows\setupact.log
    2015-02-04 09:56 - 2013-01-18 15:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-02-04 09:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-02-01 23:12 - 2009-07-13 21:13 - 00850500 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-31 12:33 - 2009-07-13 21:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-28 12:52 - 2010-11-20 19:47 - 00765212 _____ () C:\Windows\PFRO.log
    2015-01-26 19:15 - 2012-04-09 20:32 - 00000000 ____D () C:\Windows\OEMTemp
    2015-01-26 18:20 - 2014-07-11 12:28 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-26 18:18 - 2014-07-11 12:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-01-26 18:18 - 2014-07-11 12:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-01-22 19:49 - 2012-04-09 20:11 - 00000000 ____D () C:\Program Files (x86)\Acer Games
    2015-01-21 08:22 - 2009-07-13 18:34 - 00000537 _____ () C:\Windows\win.ini
    2015-01-20 14:09 - 2014-09-24 00:16 - 00000000 ____D () C:\Users\Thomas Kaufmann\AppData\Roaming\Azureus
    2015-01-20 13:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
    2015-01-20 12:08 - 2014-07-11 03:22 - 00001421 _____ () C:\Windows\wininit.ini
    2015-01-15 03:30 - 2014-07-16 12:01 - 00000000 ____D () C:\Windows\system32\MRT
    2015-01-15 03:03 - 2014-07-16 12:01 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-01-12 16:16 - 2014-11-25 04:19 - 00006769 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
    2015-01-08 09:55 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    ==================== Files in the root of some directories =======

    2014-09-01 00:18 - 2014-09-01 00:18 - 0001248 _____ () C:\Users\Thomas Kaufmann\AppData\Roaming\UTNJYGD
    2013-01-18 17:06 - 2013-01-18 17:06 - 0000125 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

    Some content of TEMP:
    ====================
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\AskSLib.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\avgnt.exe
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpufeqjx.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\HitmanPro.exe
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\i4jdel0.exe
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\lowproc.exe
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\optprosetup.exe
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\Runner2.exe
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\Runner4.exe
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\stubhelper.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite27126.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite44399.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite48978.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite60513.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite71636.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite74793.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite75163.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite84023.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\System.Data.SQLite99729.dll
    C:\Users\Thomas Kaufmann\AppData\Local\Temp\ttv.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-15 12:23

    ==================== End Of Log ============================
     
  5. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    ADDITION TEXT

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
    Ran by Thomas Kaufmann at 2015-02-04 14:21:03
    Running from C:\Users\Thomas Kaufmann\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Crystal Eye Webcam (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2624.00 - CyberLink Corp.)
    Acer Crystal Eye Webcam (x32 Version: 1.5.2624.00 - CyberLink Corp.) Hidden
    Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Acer Incorporated)
    Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3507 - Acer Incorporated)
    Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3506 - Acer Incorporated)
    Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 20.11.1107.1418 - Acer Incorporated)
    Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
    Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3501 - Acer Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
    Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.222 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.5.42.69774 - Alcor Micro Corp.)
    Alcor Micro USB Card Reader (x32 Version: 1.5.42.69774 - Alcor Micro Corp.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{029CA27F-8D5C-AC3C-319B-FA50664CE9F9}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
    Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bing Bar (HKLM-x32\...\{C28D96C0-6A90-459E-A077-A6706F4EC0FC}) (Version: 7.0.765.0 - Microsoft Corporation)
    BlueSoleil 8.6.427.0 (HKLM\...\{8B9B0B5B-9300-4D1F-8064-11763780975E}) (Version: 8.6.427.0 - IVT Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Browser Extensions (HKU\S-1-5-21-4053005129-379462516-412182494-1000\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.2 - Spigot, Inc.) <==== ATTENTION
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Citrix Online Launcher (HKLM-x32\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dropbox (HKU\S-1-5-21-4053005129-379462516-412182494-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
    eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
    ETDWare PS/2-X64 10.6.8.1_WHQL (HKLM\...\Elantech) (Version: 10.6.8.1 - ELAN Microelectronic Corp.)
    Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
    FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Fooz Kids (HKLM-x32\...\FoozKids) (Version: 3.1.2 - FUHU, Inc.)
    Fooz Kids (x32 Version: 3.1.2 - FUHU, Inc.) Hidden
    Fooz Kids Platform (HKLM-x32\...\{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}) (Version: 2.1 - FUHU, Inc.)
    Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
    HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
    Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
    Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
    iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Acer Inc.)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
    Microsoft Office SharePoint Designer 2007 (HKLM-x32\...\SharePointDesigner) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{4B4DF6E2-5E40-422B-82DD-205FD7E79226}) (Version: - Microsoft)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
    MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.19 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 4.0.14.19 - Egis Technology Inc.) Hidden
    National Instruments Software (HKLM-x32\...\NI Uninstaller) (Version: - National Instruments)
    newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
    newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
    NI Authentication 2011 SP1 (64-bit) (Version: 2.0.296.0 - National Instruments) Hidden
    NI Authentication 2011 SP1 (x32 Version: 2.0.296.0 - National Instruments) Hidden
    NI Certificates Deployment Support (x32 Version: 1.02.49152 - National Instruments) Hidden
    NI Curl 1.5 (64-bit) (Version: 1.1.290.0 - National Instruments) Hidden
    NI Curl 11.5 (x32 Version: 1.1.290.0 - National Instruments) Hidden
    NI Error Reporting 2011 SP1 (x32 Version: 11.0.191.0 - National Instruments) Hidden
    NI EulaDepot (x32 Version: 3.0.411 - National Instruments) Hidden
    NI GMP Windows 32-bit Installer 11.0.0 (x32 Version: 11.0.22.0 - National Instruments) Hidden
    NI GMP Windows 64-bit Installer 11.0.0 (Version: 11.0.22.0 - National Instruments) Hidden
    NI LabVIEW 2011 Deployment Framework (x32 Version: 11.0.64.0 - National Instruments) Hidden
    NI LabVIEW 2011 Real-Time NBFifo (x32 Version: 11.0.250.0 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine 2011 SP1 (x32 Version: 11.0.445.0 - National Instruments) Hidden
    NI LabVIEW Run-Time Engine Interop 2011 (x32 Version: 11.0.446.0 - National Instruments) Hidden
    NI LabVIEW Web Server for Run-Time Engine (x32 Version: 11.0.375.0 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Original) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI LabWindows/CVI 2010 SP1 Low-Level Driver (Updated) (x32 Version: 10.0.1434 - National Instruments) Hidden
    NI Logos 5.3.0 (x32 Version: 5.3.223.0 - National Instruments) Hidden
    NI Logos XT Support (x32 Version: 5.3.222.0 - National Instruments) Hidden
    NI Logos64 5.3.0 (Version: 5.3.223.0 - National Instruments) Hidden
    NI Logos64 XT Support (Version: 5.3.222.0 - National Instruments) Hidden
    NI Math Kernel Libraries (x32 Version: 1.0.10.0 - National Instruments) Hidden
    NI MDF Support (x32 Version: 3.0.411 - National Instruments) Hidden
    NI mDNS Responder 1.6 for Windows 64-bit (Version: 1.60.49155 - National Instruments) Hidden
    NI mDNS Responder 1.6.0 (x32 Version: 1.60.49155 - National Instruments) Hidden
    NI NI LabVIEW 2011 SP1 Run-Time Engine Non-English Support (x32 Version: 11.0.302.0 - National Instruments) Hidden
    NI SSL Support (64-bit) (Version: 11.0.75.0 - National Instruments) Hidden
    NI SSL Support (x32 Version: 11.0.295.0 - National Instruments) Hidden
    NI System State Publisher (64-bit) (Version: 11.0.306.0 - National Instruments) Hidden
    NI System State Publisher (x32 Version: 11.0.306.0 - National Instruments) Hidden
    NI System Web Server 11.5 (x32 Version: 11.0.290.0 - National Instruments) Hidden
    NI System Web Server Base 11.5 (64-bit) (Version: 2.0.291.0 - National Instruments) Hidden
    NI System Web Server Base 11.5 (x32 Version: 2.0.291.0 - National Instruments) Hidden
    NI TDMS (64-bit) (Version: 2.3.175.0 - National Instruments) Hidden
    NI TDMS (x32 Version: 2.3.175.0 - National Instruments) Hidden
    NI Trace Engine (64-bit) (Version: 11.0.213.0 - National Instruments) Hidden
    NI Trace Engine (x32 Version: 11.0.213.0 - National Instruments) Hidden
    NI Uninstaller (x32 Version: 3.0.411 - National Instruments) Hidden
    NI VC2008MSMs x64 (Version: 9.0.301 - National Instruments) Hidden
    NI VC2008MSMs x86 (x32 Version: 9.0.301 - National Instruments) Hidden
    NI Web Application Server 11.5 (64-bit) (Version: 1.1.345.0 - National Instruments) Hidden
    NI Web Application Server 11.5 (x32 Version: 2.0.288.0 - National Instruments) Hidden
    NI Xerces Delay Load 2.7.3 (x32 Version: 2.7.180.0 - National Instruments) Hidden
    NI Xerces Delay Load 2.7.3 64-bit (Version: 2.7.190.0 - National Instruments) Hidden
    NI-DIM 1.11.0f0 (x32 Version: 1.110.49152 - National Instruments) Hidden
    NI-DIM 1.11.0f0 for 64 Bit Windows (Version: 1.110.49152 - National Instruments) Hidden
    NI-ORB 1.9.3f0 (x32 Version: 1.94.49152 - National Instruments) Hidden
    NI-ORB 1.9.3f0 for 64 Bit Windows (Version: 1.94.49152 - National Instruments) Hidden
    NI-PAL 2.6.5f0 (x32 Version: 10.75.49152 - National Instruments) Hidden
    NI-PAL 2.6.5f0 for 64 Bit Windows (Version: 10.75.49152 - National Instruments) Hidden
    NI-RPC 4.2.2f0 (x32 Version: 4.22.49152 - National Instruments) Hidden
    NI-RPC 4.2.2f0 for 64 Bit Windows (Version: 4.22.49152 - National Instruments) Hidden
    NI-VISA Runtime 5.1.0 (x32 Version: 5.10.49152 - National Instruments) Hidden
    NI-VISA x64 support 5.1.0 (Version: 5.10.49152 - National Instruments) Hidden
    Nokia Connectivity Cable Driver (HKLM-x32\...\{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}) (Version: 7.0.2.0 - Nokia)
    NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
    Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
    Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
    PC Connectivity Solution (HKLM-x32\...\{83258E90-1F76-4E13-9F60-A0F8ED41E76F}) (Version: 8.22.7.0 - Nokia)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.0 - Qualcomm Atheros)
    QuickShare (HKLM-x32\...\{F40711CD-60B3-45F5-85C5-F1AA400C1B6E}) (Version: 10.169.60.13223 - Linkury Inc.) <==== ATTENTION
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6581 - Realtek Semiconductor Corp.)
    Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
    Skip-Bo - Castaway Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Spotify (HKU\S-1-5-21-4053005129-379462516-412182494-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
    Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Tradewinds Legends (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
    VISA Shared Components 64-Bit (HKLM-x32\...\VISASharedComponents) (Version: - )
    VISA Shared Components 64-Bit (Version: 1.3.1 - IVI Foundation Inc.) Hidden
    Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.4.0.0 - Azureus Software, Inc.)
    Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3507 - Acer Incorporated)
    WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.2700 - Broadcom Corporation)
    WildTangent Games App (Acer Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
    Windows Driver Package - FTDI CDM Driver Package for HI-PRO USB (10/22/2009 2.06.00) (HKLM\...\0CB4AFFEC62F6C4604A9A11DA1DE69A99F4080A9) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Driver Package - FTDI CDM Driver Package for HI-PRO USB (10/22/2009 2.06.00) (HKLM\...\D0E6EE5E843A87D0963C6DD549A79E9279B53FC6) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-4053005129-379462516-412182494-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

    ==================== Restore Points =========================

    02-01-2015 22:36:27 Windows Update
    06-01-2015 00:17:03 Windows Update
    09-01-2015 11:26:17 Windows Update
    13-01-2015 08:42:56 Windows Update
    15-01-2015 03:01:06 Windows Update
    23-01-2015 13:04:49 Windows Update
    30-01-2015 16:04:10 Windows Update
    03-02-2015 10:19:12 Windows Update
    03-02-2015 22:57:35 OTL Restore Point - 2/3/2015 10:57:33 PM

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1F82B180-D61F-4962-B89E-88C902B4442E} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {24527B9F-A005-4193-940C-22D0EAAB997B} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
    Task: {2CCEFAA3-BC6A-4AEA-BAA0-CF06F524456D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {3108DC55-4507-4AED-B761-8532E182E804} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
    Task: {3B9AE578-F7A3-4A21-8379-C156DAA90D69} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4053005129-379462516-412182494-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: {4A132CE2-079D-40DF-9955-51399BC48DBA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
    Task: {6D299C7C-C60E-4E0E-B3E6-4AADA570558B} - \RocketTab Update Task No Task File <==== ATTENTION
    Task: {734D218D-60CA-4284-AFC5-5B3B22596BAA} - \RocketTab No Task File <==== ATTENTION
    Task: {84ED155A-B2D1-43E7-9A3C-4689E64E5A3D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
    Task: {89985595-2BDE-4213-B5F9-B033AA2B12C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-18] (Google Inc.)
    Task: {8A6A3230-63ED-451A-990D-966888B349BF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4053005129-379462516-412182494-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
    Task: {92DC6816-6DCA-481C-9ADC-1DDAA3DD215E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
    Task: {9560B555-D861-4CDF-970F-EE29353AF417} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
    Task: {B050EC5D-19A8-4643-B0F7-3DCBFFE7C3A7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09] (Adobe Systems Incorporated)
    Task: {E6D78B3D-76FF-401E-B47E-64C67CE18204} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4053005129-379462516-412182494-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
    Task: {F84E610D-573D-4AB1-B247-C784E4E23901} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4053005129-379462516-412182494-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2013-04-26 15:05 - 2013-04-26 15:05 - 00029432 _____ () C:\Windows\System32\BsTrace.dll
    2014-07-17 22:38 - 2013-04-15 10:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
    2014-09-22 15:01 - 2012-09-18 14:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
    2014-07-17 22:43 - 2013-04-15 10:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
    2014-09-22 15:02 - 2012-09-18 14:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
    2014-11-18 11:08 - 2014-09-23 05:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2013-04-26 15:05 - 2013-04-26 15:05 - 00029432 _____ () C:\Windows\system32\BsTrace.dll
    2014-08-05 22:00 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
    2013-04-26 15:05 - 2013-04-26 15:05 - 00017144 _____ () C:\Windows\system32\BsHelpCSps.dll
    2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-04-26 15:06 - 2013-04-26 15:06 - 00244472 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\BaseLib.dll
    2013-04-26 15:06 - 2013-04-26 15:06 - 00068344 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\ExtraLib.dll
    2013-04-26 15:06 - 2013-04-26 15:06 - 00048376 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\cscvt.dll
    2013-04-26 15:04 - 2013-04-26 15:04 - 00016632 _____ () C:\Windows\SysWOW64\BsMobileCSps.dll
    2011-10-18 00:46 - 2011-10-18 00:46 - 01967104 _____ () C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\niwsrp.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\libGLESv2.dll
    2015-02-04 09:57 - 2015-02-04 09:57 - 00043008 _____ () c:\Users\Thomas Kaufmann\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpufeqjx.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\libEGL.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
    2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
    2013-04-27 14:24 - 2013-04-27 14:24 - 00159992 _____ () C:\Windows\system32\BsProfilefunc.dll
    2013-04-26 15:06 - 2013-04-26 15:06 - 00129784 _____ () C:\Program Files (x86)\IVT Corporation\BlueSoleil\Mobile\s40pack.dll
    2013-04-26 15:04 - 2013-04-26 15:04 - 00026360 _____ () C:\Windows\SysWOW64\BsTrace.dll
    2014-11-18 11:08 - 2014-09-23 03:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
    2015-01-14 10:48 - 2015-01-08 16:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
    2015-01-14 10:48 - 2015-01-08 16:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
    2015-01-14 10:48 - 2015-01-08 16:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
    2015-01-14 10:48 - 2015-01-08 16:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
    2015-01-14 10:48 - 2015-01-08 16:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Other Registry Areas =====================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4053005129-379462516-412182494-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4053005129-379462516-412182494-500 - Administrator - Disabled)
    Guest (S-1-5-21-4053005129-379462516-412182494-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4053005129-379462516-412182494-1005 - Limited - Enabled)
    Thomas Kaufmann (S-1-5-21-4053005129-379462516-412182494-1000 - Administrator - Enabled) => C:\Users\Thomas Kaufmann

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/04/2015 02:02:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 263111

    Error: (02/04/2015 02:02:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 263111

    Error: (02/04/2015 02:02:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/04/2015 02:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 262112

    Error: (02/04/2015 02:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 262112

    Error: (02/04/2015 02:02:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/04/2015 02:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 260771

    Error: (02/04/2015 02:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 260771

    Error: (02/04/2015 02:02:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/04/2015 02:02:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 259507


    System errors:
    =============
    Error: (02/04/2015 09:57:11 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (02/03/2015 10:07:03 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (02/02/2015 10:33:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (02/01/2015 00:15:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (01/31/2015 00:34:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (01/31/2015 03:19:45 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BlueSoleilCS service.

    Error: (01/30/2015 09:31:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (01/29/2015 03:48:11 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

    Error: (01/29/2015 03:32:05 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the GREGService service.

    Error: (01/29/2015 10:26:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD C-60 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 90%
    Total physical RAM: 1769.37 MB
    Available physical RAM: 165.27 MB
    Total Pagefile: 3538.73 MB
    Available Pagefile: 465.48 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:207.86 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: D951C891)
    Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  6. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    SHORTCUT text

    Users shortcut scan result (x64) Version: 04-02-2015 01
    Ran by Thomas Kaufmann at 2015-02-04 14:25:05
    Running from C:\Users\Thomas Kaufmann\Downloads
    Boot Mode: Normal
    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)



    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fooz Kids.lnk -> C:\Program Files (x86)\Fooz Kids\Fooz Kids\Fooz Kids Launcher.exe (Fuhu Inc)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk -> C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk -> C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\newsXpresso\newsXpresso.lnk -> C:\Program Files (x86)\newsXpresso\newsxpresso.exe (eSobi)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Instruments\VISA\Documentation\NI-VISA Readme.lnk -> C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\Readme.html ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Error and Usage Reporting.lnk -> C:\Program Files (x86)\Microsoft SQL Server\90\Shared\SqlWtsn.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Surface Area Configuration.lnk -> C:\Program Files (x86)\Microsoft SQL Server\90\Shared\SqlSAC.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\Silverlight.Configuration.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\msaccess.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\excel.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\infopath.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Lync 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\lync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\groove.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\outlook.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\mspub.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Lync Recording Manager.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ocpubmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Program Files\Microsoft Office 15\root\office15\SETLANG.EXE (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Program Files\Microsoft Office 15\root\office15\msouc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\msotd.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\msoev.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\misc.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\oisicon.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk -> C:\Windows\Installer\{F77EF646-19EB-11E1-9A9E-984BE15F174E}\Evernote.ico ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\MyWinLocker.lnk -> C:\Program Files (x86)\EgisTec MyWinLocker\EgisMgtConsole.exe (Egis Technology Inc. )
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble\NOOK for PC\NOOK for PC.lnk -> C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\BNDReader.exe (Barnes & Noble, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble\NOOK for PC\Uninstall.lnk -> C:\Program Files (x86)\Barnes & Noble\BNDesktopReader\uninstall.exe (Barnes & Noble, Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!\AUPEO!.lnk -> C:\Program Files\Preload\AUPEO\AupeoSetup.exe ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\AMD VISION Engine Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Guide.lnk -> C:\book\Generic_User_Guide.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem\AcerSystem User Quick Guide.lnk -> C:\book\Quick_Guide.pdf ()
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam\Acer Crystal Eye Webcam.lnk -> C:\Program Files (x86)\Acer\Acer Crystal Eye Webcam\WebCam.exe (CyberLink Corp.)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer eRecovery Management.lnk -> C:\Program Files\Acer\Acer eRecovery Management\Recovery Management.exe (Acer)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Updater.lnk -> C:\Program Files\Acer\Acer Updater\ALU.exe (Acer Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Welcome Center.lnk -> C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe (Acer Incorporated)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
    Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Public\Desktop\BlueSoleil Space.lnk -> C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleil.exe ()
    Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
    Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
    Shortcut: C:\Users\Public\Desktop\Vuze.lnk -> C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc)
    Shortcut: C:\Users\Thomas Kaufmann\Links\Desktop.lnk -> C:\Users\Thomas Kaufmann\Desktop ()
    Shortcut: C:\Users\Thomas Kaufmann\Links\Downloads.lnk -> C:\Users\Thomas Kaufmann\Downloads ()
    Shortcut: C:\Users\Thomas Kaufmann\Links\Dropbox.lnk -> C:\Users\Thomas Kaufmann\Dropbox ()
    Shortcut: C:\Users\Thomas Kaufmann\Desktop\Continue Adobe Flash Player Installation.lnk -> C:\Users\Thomas Kaufmann\AppData\Local\Temp\ICReinstall_installer_adobe_flash_player_English.exe (No File)
    Shortcut: C:\Users\Thomas Kaufmann\Desktop\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\excel.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\Desktop\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0017-0000-0000-0000000FF1CE}\oisicon.exe ()
    Shortcut: C:\Users\Thomas Kaufmann\Desktop\Spotify.lnk -> C:\Users\Thomas Kaufmann\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
    Shortcut: C:\Users\Thomas Kaufmann\Desktop\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\Thomas Kaufmann\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Thomas Kaufmann\Dropbox ()
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth\Other Devices....lnk -> C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsSend2bt.exe (IVT Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk -> C:\Program Files\Vuze\Azureus.exe (Azureus Software, Inc)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\excel.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
    Shortcut: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation)




    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup\Norton Online Backup.lnk -> C:\Windows\Installer\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}\MainIcon.ico () -> OPEN
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2005\Configuration Tools\SQL Server Configuration Manager.lnk -> C:\Windows\SysWOW64\mmc.exe (Microsoft Corporation) -> /32 "c:\Windows\SysWOW64\SQLServerManager.msc"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Excel Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Excel Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Word Starter 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Word Starter 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Clip Organizer 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office 2010 Upload Center 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Picture Manager 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)\Microsoft Office 2010 Tools\Microsoft Office Starter To-Go Device Manager 2010.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE (Microsoft Corporation) -> "Microsoft Office Starter To-Go Device Manager 2010 9014006604090000"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\infopath.exe (Microsoft Corporation) -> /design
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk -> C:\Program Files\Microsoft Office 15\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files\Microsoft Office 15\Root\Office15\DCF\DATABASECOMPARE.EXE"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk -> C:\Program Files\Microsoft Office 15\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files\Microsoft Office 15\Root\Office15\DCF\SPREADSHEETCOMPARE.EXE"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection\Learn More.lnk -> C:\Program Files\Common Files\McAfeeFPDetect\McFPDtct.exe (McAfee, Inc.) -> /shortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Death on the Nile.lnk -> C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\Agatha Christie - Death on the Nile-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE.lnk -> C:\Program Files (x86)\Acer Games\FATE\Fate-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Insaniquarium Deluxe.lnk -> C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\Insaniquarium Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Acer Games.lnk -> C:\Program Files (x86)\Acer Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\Acer Games\Penguins!\Penguins-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\Acer Games\Polar Bowler\Polar-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Skip-Bo - Castaway Caper.lnk -> C:\Program Files (x86)\Acer Games\Skip-Bo - Castaway Caper\SKIP-BO Castaway Caper-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Slingo Deluxe.lnk -> C:\Program Files (x86)\Acer Games\Slingo Deluxe\Slingo Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Torchlight.lnk -> C:\Program Files (x86)\Acer Games\Torchlight\torchlight-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Tradewinds Legends.lnk -> C:\Program Files (x86)\Acer Games\Tradewinds Legends\tw3_vista-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\virtualvillagers4thetreeoflife-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Wedding Dash.lnk -> C:\Program Files (x86)\Acer Games\Wedding Dash\Wedding Dash-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - acer.lnk -> C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe (WildTangent) -> /src gamesmenuoem /dp acernb
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\Acer Games\Zuma Deluxe\Zuma Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gamesmenuoem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EgisTec\Shredder.lnk -> C:\Program Files (x86)\EgisTec Shredder\x86\ShredConsole.exe (Egis Technology Inc.) -> -s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Identity Card.lnk -> C:\Program Files (x86)\Acer\Identity Card\IdentityCard.exe (Acer Incoperated) -> Identity Card
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{f405496e-4cd5-4891-a8bc-3e58bd47b25c}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\Acer Games\Penguins!\Penguins-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d8addf57-a369-460f-8a5c-2f240d8e33b7}\PlayTasks\0\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\Acer Games\Virtual Villagers 4 - The Tree of Life\virtualvillagers4thetreeoflife-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{C8DEFEB5-AFE9-48D0-A9E6-355F537F0BAD}\PlayTasks\0\Slingo Deluxe.lnk -> C:\Program Files (x86)\Acer Games\Slingo Deluxe\Slingo Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{be9373e0-9755-43e8-970b-c4ab1b446c17}\PlayTasks\0\Tradewinds Legends.lnk -> C:\Program Files (x86)\Acer Games\Tradewinds Legends\tw3_vista-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{bde35841-4aba-404f-8b7c-727aca3bb94c}\PlayTasks\0\Skip-Bo - Castaway Caper.lnk -> C:\Program Files (x86)\Acer Games\Skip-Bo - Castaway Caper\SKIP-BO Castaway Caper-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{BC3D43F7-BC64-490D-92B5-D2AABEC7FA85}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\Acer Games\Zuma Deluxe\Zuma Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{A4B598D2-9BFF-456F-A667-D3B8A0849286}\PlayTasks\0\Insaniquarium Deluxe.lnk -> C:\Program Files (x86)\Acer Games\Insaniquarium Deluxe\Insaniquarium Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\Acer Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{951226E3-26FC-40BC-8085-3677B1128F59}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\Acer Games\Polar Bowler\Polar-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{6E7DD52D-205E-4D6D-AF6A-0C34703DFA61}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\Acer Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{6BDF3201-10E6-46ED-9A87-7FD18C418CFD}\PlayTasks\0\FATE.lnk -> C:\Program Files (x86)\Acer Games\FATE\Fate-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ae0d760-ddcf-4247-85df-eacefd518e86}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\Acer Games\Plants vs Zombies - Game of the Year\plantsvszombies-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{46A07E00-B5A3-4EA8-B375-A503EBB9D726}\PlayTasks\0\Final Drive Nitro.lnk -> C:\Program Files (x86)\Acer Games\Final Drive Nitro\Racing-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3266d333-42e6-4cb3-a50a-a87067dede95}\PlayTasks\0\Torchlight.lnk -> C:\Program Files (x86)\Acer Games\Torchlight\torchlight-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{29556c6b-abba-4173-8102-4642846d5b4f}\PlayTasks\0\Wedding Dash.lnk -> C:\Program Files (x86)\Acer Games\Wedding Dash\Wedding Dash-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{0f8ade68-df58-4eae-a24a-e238d634bf55}\PlayTasks\0\Agatha Christie - Death on the Nile.lnk -> C:\Program Files (x86)\Acer Games\Agatha Christie - Death on the Nile\Agatha Christie - Death on the Nile-WT.exe (WildTangent, Inc.) -> /launchgc /src gameexploreroem
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
    ShortcutWithArgument: C:\Users\Thomas Kaufmann\Desktop\Dropbox.lnk -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
    ShortcutWithArgument: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Word\CoverA304251272952701198\CoverA.doc.lnk -> C:\Users\Thomas Kaufmann\Dropbox\Personal\CoverA.doc () -> 12
    ShortcutWithArgument: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Word\Cover304251273835776717\Cover.doc.lnk -> C:\Users\Thomas Kaufmann\Dropbox\Personal\Cover.doc () -> 12
    ShortcutWithArgument: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
    ShortcutWithArgument: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\Thomas Kaufmann\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
    ShortcutWithArgument: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
    ShortcutWithArgument: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
    ShortcutWithArgument: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo


    InternetURL: C:\Users\Thomas Kaufmann\Videos\Movies\Turist aka Force Majeure 2014 with Hardcoded EngSubs-Movie-Addicted\Turist (2014) - IMDb.url -> hxxp://www.imdb.com/title/tt3630276/
    InternetURL: C:\Users\Thomas Kaufmann\Videos\Movies\Turist aka Force Majeure 2014 with Hardcoded EngSubs-Movie-Addicted\Turist (2014) - MovieMeter.nl.url -> hxxp://www.moviemeter.nl/film/98862
    InternetURL: C:\Users\Thomas Kaufmann\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
    InternetURL: C:\Users\Thomas Kaufmann\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
    InternetURL: C:\Users\Thomas Kaufmann\Favorites\Links\Suggested Sites.url -> https://ieonline.microsoft.com/#ieslice
    InternetURL: C:\Users\Thomas Kaufmann\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
    InternetURL: C:\Users\Thomas Kaufmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com

    ==================== End of log =============================
     
  7. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Remove Browser Extensions and QuickShare from your programs.

    Download the enclosed file. (see below) Save it in the same location FRST is saved. Open FRST. Click on the Fix button and wait. The tool will produce a log, fixlog.txt. Please post it in your next reply.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    Download AdwCleaner from here. Save the file to the desktop.


    NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

    Close all open windows and browsers.
    • XP users: Double click the AdwCleaner icon to start the program.
    • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
      You will see the following console:
    [​IMG]
    • Click the Scan button and wait for the scan to finish.
    • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
    • Click the Clean button.
    • Everything checked will be deleted.
    • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this
    [​IMG]
    • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

    [​IMG] Please download Malwarebytes' Anti-Malware from Here.

    Double Click mbam-setup-2.0..exe to install the application. (The revision number may vary.)
    • Select the language and click OK.
    • Accept the agreement
    • Make sure a checkmark is placed next to Enable the Free Trial and Launch [*]Malwarebytes' Anti-Malware, then click on finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Scan Now".
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click on Quanrantee All,.
    • When disinfection is completed, a dialog will open and you may be prompted to Restart.(See Extra Note)
    • Upon restart, launch Malwarebytes Antimalware and select History.
    • Double click on the last scan done, then on Copy to Clipboard.
    • Right click on your next reply and select Paste.
    • Submit your reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
     

    Attached Files:

  8. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    FIXLOG

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
    Ran by Thomas Kaufmann at 2015-02-04 15:12:16 Run:1
    Running from C:\Users\Thomas Kaufmann\Downloads
    Loaded Profiles: Thomas Kaufmann (Available profiles: Thomas Kaufmann)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR DefaultSearchKeyword: Default -> trovi.search
    CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&ctid=CT3333529&octid=EB_ORIGINAL_CTID&ISID=I0B86D833-5BCA-4014-94B6-C1DC7681E5B8&SearchSource=58&CUI=&UM=8&UP=SPA199C674-4818-4226-9C11-388B414AD1A5&q={searchTerms}&SSPV=
    Task: {6D299C7C-C60E-4E0E-B3E6-4AADA570558B} - \RocketTab Update Task No Task File <==== ATTENTION
    Task: {734D218D-60CA-4284-AFC5-5B3B22596BAA} - \RocketTab No Task File <==== ATTENTION
    End
    *****************

    C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
    C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
    Chrome DefaultSearchKeyword deleted successfully.
    Chrome DefaultSearchURL deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D299C7C-C60E-4E0E-B3E6-4AADA570558B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D299C7C-C60E-4E0E-B3E6-4AADA570558B}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{734D218D-60CA-4284-AFC5-5B3B22596BAA}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{734D218D-60CA-4284-AFC5-5B3B22596BAA}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab" => Key deleted successfully.


    The system needed a reboot.

    ==== End of Fixlog 15:12:23 ====
     
  9. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    JRT

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Home Premium x64
    Ran by Thomas Kaufmann on Wed 02/04/2015 at 15:24:03.63
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS



    ~~~ Files

    Successfully deleted: [File] "C:\Users\Thomas Kaufmann\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Thomas Kaufmann\appdata\local\google\chrome\user data\default\local storage\http_static.boostsaves.com_0.localstorage-journal"
    Successfully deleted: [File] "C:\Users\Thomas Kaufmann\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Thomas Kaufmann\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
    Successfully deleted: [File] "C:\Users\Thomas Kaufmann\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage"
    Successfully deleted: [File] "C:\Users\Thomas Kaufmann\appdata\local\google\chrome\user data\default\local storage\https_static.boostsaves.com_0.localstorage-journal"
    Successfully deleted: [File] "C:\Windows\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\systweak"
    Successfully deleted: [Folder] "C:\Users\Thomas Kaufmann\AppData\Roaming\advanced system protector"
    Successfully deleted: [Folder] "C:\Users\Thomas Kaufmann\AppData\Roaming\search protection"
    Successfully deleted: [Folder] "C:\Users\Thomas Kaufmann\AppData\Roaming\systweak"
    Successfully deleted: [Folder] "C:\Users\Thomas Kaufmann\appdata\local\globalupdate"
    Successfully deleted: [Folder] "C:\Program Files (x86)\globalupdate"
    Successfully deleted: [Folder] "C:\Users\Thomas Kaufmann\documents\optimizer pro"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 02/04/2015 at 15:34:39.77
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  10. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    ADWCLEANER

    # AdwCleaner v4.109 - Report created 04/02/2015 at 15:58:33
    # Updated 24/01/2015 by Xplode
    # Database : 2015-02-04.1 [Live]
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Thomas Kaufmann - ROMAN
    # Running from : C:\Users\Thomas Kaufmann\Downloads\adwcleaner_4.109.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\26a09a4400003026
    Folder Deleted : C:\Users\Thomas Kaufmann\AppData\Roaming\Browser Extensions
    Folder Deleted : C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\{32da2f20-827d-40aa-a3b4-2fc4a294352e}
    Folder Deleted : C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\{84a93d51-b7a9-431e-8ff8-d60e5d7f5df1}
    Folder Deleted : C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\{f894a29a-f065-40c3-bb19-da6057778493}
    Folder Deleted : C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\Extensions\{46eddf51-a4f6-4476-8d6c-31c5187b2a2f}
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\Thomas Kaufmann\AppData\Roaming\Mozilla\Firefox\Profiles\rizT5jzo.default\user.js
    File Deleted : C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
    File Deleted : C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
    File Deleted : C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
    File Deleted : C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
    File Deleted : C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage
    File Deleted : C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.publikeco00.publikeco.com_0.localstorage-journal

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\powerpack
    Key Deleted : HKCU\Software\Search Extensions
    Key Deleted : HKCU\Software\Tutorials
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\systweak
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
    Key Deleted : [x64] HKLM\SOFTWARE\TornTv Downloader
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:49203;hxxps=127.0.0.1:49203

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17496


    -\\ Mozilla Firefox v


    -\\ Google Chrome v39.0.2171.99

    [C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Thomas Kaufmann\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333529&octid=EB_ORIGINAL_CTID&ISID=I0B86D833-5BCA-4014-94B6-C1DC7681E5B8&SearchSource=58&CUI=&UM=8&UP=SPA199C674-4818-4226-9C11-388B414AD1A5&q={searchTerms}&SSPV=

    *************************

    AdwCleaner[R0].txt - [6274 octets] - [04/02/2015 15:44:33]
    AdwCleaner[S0].txt - [6053 octets] - [04/02/2015 15:58:33]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6113 octets] ##########
     
  11. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Nice. Malwarebytes' Anti-Malware report is left.
     
  12. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    MALWAREBYTES

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/4/2015
    Scan Time: 4:07:24 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.02.04.14
    Rootkit Database: v2015.02.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Thomas Kaufmann

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 351103
    Time Elapsed: 40 min, 14 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  13. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Reset your browsers to default. For instructions see here.

    Restart the computer and test.

    How is it doing?
     
  14. rome75

    rome75 Thread Starter

    Joined:
    Aug 10, 2002
    Messages:
    341
    ok! Looks like everything is in order now! Thank you so much for your help! (y)(y)(y)
     
  15. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    We need to remove the tools we've used during cleaning your machine

    1. Download Delfix from here
    2. Ensure Remove disinfection tools is ticked
      Also tick:
      • Create registry backup
      • Purge system restore
      [​IMG]
    3. Click Run

    Here are some suggestions.

    1. Always keep your JAVA updated. Older versions will make your computer vulnerable.
    2. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
    3. ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
    For information and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

    Best wishes! [​IMG]
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1142442

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice