Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Adware Help

Adware Removal

  • This topic is locked This topic is locked

#1
Legocadet

Legocadet

    Member

  • Member
  • PipPip
  • 43 posts

Hi, I had recently tried to download a game free from this website (Not Pirate bay or torrenting websites), and I downloaded an installer which I turned on and immediately turned it off, but it had downloaded loads of programs such as Bubble Dock onto my computer in the background. I have gotten rid of most of it though a large link thing appears over the screen on web pages and Steam pages which send me to advertisement pages, before it goes to these advertisements it shows up with www.w3.org or www.StartNewTab. Any help is fine, thank you

 

I have sent an attachment of what comes up on F12

COme on....gif

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
Legocadet

Legocadet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Here is the FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01
Ran by Zac (administrator) on ZAC2 (22-10-2015 15:09:08)
Running from C:\Users\Zac\Downloads
Loaded Profiles: Zac (Available Profiles: Zac)
Platform: Windows 10 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Cirque Corporation) C:\Program Files (x86)\Claro Software\GlidePoint\glidesvc.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
(Cirque Corporation) C:\Program Files (x86)\Claro Software\GlidePoint\glidesvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Flux Software LLC) C:\Users\Zac\AppData\Local\FluxSoftware\Flux\flux.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-08-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110344 2014-12-10] (CyberLink)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5579624 2015-08-03] (LogMeIn Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\Run: [EvolveClient] => C:\Program Files\Echobit\Evolve\EvolveClient.exe [3334016 2015-07-18] (Echobit LLC)
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [2991368 2014-12-10] (CyberLink Corp.)
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2901584 2015-10-14] (Valve Corporation)
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\Run: [f.lux] => C:\Users\Zac\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [57987712 2015-09-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {477f7e48-4400-11e5-82fd-a0a8cda02bd8} - "G:\autorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {57ffb0c9-1991-11e5-82e9-a0a8cda02bd8} - "F:\noautorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {5d75fbb8-166e-11e5-82e9-a0a8cda02bd8} - "E:\autorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {a9b539e5-46af-11e5-82fd-a0a8cda02bd8} - "H:\CDCheck.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-2720369324-4127131470-97375407-1001] => hxxp://get-access.me/wpad.dat?f6a8cfae441e90b0da5aff3560e98e2e926181
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{06805bc0-f718-4c7a-8fbf-7d2b6157b2fa}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5e111713-5f80-476c-be63-66a24f0faf0f}: [DhcpNameServer] 10.0.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.stonegroup.co.uk
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKU\S-1-5-21-2720369324-4127131470-97375407-1001 -> DefaultScope {A904FB8A-F392-4FCE-83CD-EA278C31A76A} URL = 
SearchScopes: HKU\S-1-5-21-2720369324-4127131470-97375407-1001 -> {A904FB8A-F392-4FCE-83CD-EA278C31A76A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-20] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-20] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-20] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-20] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-06-26] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-20] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2013-08-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.2 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-04-16] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.2.32 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2013-08-22] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-04-16] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2720369324-4127131470-97375407-1001: @nsroblox.roblox.com/launcher -> C:\Users\Zac\AppData\Local\Roblox\Versions\version-212d2dea26134d09\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2720369324-4127131470-97375407-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Zac\AppData\Local\Roblox\Versions\version-212d2dea26134d09\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2720369324-4127131470-97375407-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Zac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2720369324-4127131470-97375407-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2015-08-19] ()
FF HKLM-x32\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&es_th=1&ie=UTF-8
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&es_th=1&ie=UTF-8","hxxps://www.youtube.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-04]
CHR Extension: (Google Docs) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-04]
CHR Extension: (Google Drive) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-23]
CHR Extension: (Google Search) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-04]
CHR Extension: (Google Sheets) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-04]
CHR Extension: (EditThisCookie) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2015-04-04]
CHR Extension: (Google Docs Offline) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (Avast Online Security) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-07-28]
CHR Extension: (My Planet) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhkjngeiogimjcpifgmkmamcjibefog [2015-07-29]
CHR Extension: (Star Trek Ships Doug Drexler DS9) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjinkddnfckjjojkhaainfjdgamnfeff [2015-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
CHR Extension: (Gmail) - C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1583488 2015-07-18] (Echobit LLC)
R2 GlidePoint; c:\Program Files (x86)\Claro Software\GlidePoint\glidesvc.exe [188888 2007-08-24] (Cirque Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2457232 2012-07-24] (Realsil Microelectronics Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-05-31] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-08-03] (LogMeIn, Inc.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-18] (Electronic Arts)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [303616 2015-05-25] () [File not signed]
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-23] (Disc Soft Ltd)
S3 glideusb; C:\Windows\System32\drivers\glideusb.sys [78120 2010-07-21] (Cirque Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-08-03] (LogMeIn Inc.)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [41080 2015-10-19] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [35328 2015-05-25] () [File not signed]
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-10-20] (Malwarebytes)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12400 2015-08-19] (Macrovision Europe Ltd) [File not signed]
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R3 t_mouse.sys; C:\Windows\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U5 REALPLAYERUPDATESVC; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-22 15:09 - 2015-10-22 15:10 - 00021665 _____ C:\Users\Zac\Downloads\FRST.txt
2015-10-22 15:08 - 2015-10-22 15:09 - 00000000 ____D C:\FRST
2015-10-22 15:08 - 2015-10-22 15:08 - 02196480 _____ (Farbar) C:\Users\Zac\Downloads\FRST64.exe
2015-10-22 15:05 - 2015-10-22 15:05 - 00016148 _____ C:\WINDOWS\system32\ZAC2_Zac_HistoryPrediction.bin
2015-10-22 02:26 - 2015-10-22 02:26 - 00001942 _____ C:\Users\Public\Desktop\Command & Conquer Generals Zero Hour .lnk
2015-10-22 02:09 - 2015-10-22 02:09 - 00001882 _____ C:\Users\Public\Desktop\Command & Conquer Generals.lnk
2015-10-22 01:42 - 2015-10-22 01:57 - 00000000 ____D C:\Users\Zac\Downloads\Command and Conquer Generals - Zero Hour
2015-10-22 01:41 - 2015-10-22 02:19 - 00000000 ____D C:\Users\Zac\Documents\Command and Conquer Generals Data
2015-10-22 01:36 - 2015-10-22 02:18 - 00000000 ____D C:\Users\Zac\Documents\Command And Conquer Generals Zero Hour Data
2015-10-22 01:36 - 2015-10-22 01:36 - 00000000 ____D C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\C&C Generals
2015-10-21 15:52 - 2015-10-21 15:52 - 00000000 _____ C:\autoexec.bat
2015-10-21 15:41 - 2015-10-21 15:41 - 00002844 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-10-21 15:41 - 2015-10-21 15:41 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-20 00:26 - 2015-10-20 00:26 - 22908888 _____ (Malwarebytes ) C:\Users\Zac\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-19 23:54 - 2015-10-19 23:54 - 00000000 _____ C:\WINDOWS\system32\lic2.xml15374
2015-10-19 23:47 - 2015-10-19 23:47 - 00002684 _____ C:\WINDOWS\system32\.crusader
2015-10-19 23:30 - 2015-10-19 23:49 - 00041080 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2015-10-19 23:30 - 2015-10-19 23:48 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-19 23:27 - 2015-10-19 23:27 - 00000000 _____ C:\WINDOWS\system32\lic2.xml23215
2015-10-19 23:17 - 2015-10-21 22:30 - 00000000 ____D C:\AdwCleaner
2015-10-19 20:52 - 2015-10-19 21:58 - 209000000 _____ C:\Users\Zac\Downloads\CosplayAlien.part1.rar
2015-10-19 20:47 - 2015-10-19 20:47 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-19 20:47 - 2015-10-19 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-19 18:57 - 2015-10-19 18:57 - 00000918 _____ C:\WINDOWS\SysWOW64\${LOGFILE}
2015-10-19 01:26 - 2015-10-19 01:34 - 418620765 _____ C:\Users\Zac\Downloads\FoK.Baked.Reb.1.82.37.0.7z
2015-10-19 00:36 - 2015-05-16 10:13 - 00000079 _____ C:\Users\Zac\Desktop\EnabledMods.txt
2015-10-17 13:34 - 2015-10-17 13:34 - 00000132 _____ C:\Users\Zac\Desktop\settings.sav
2015-10-17 13:32 - 2015-08-21 19:11 - 00041984 _____ (Lee 'FordGT90Concept' Glasser) C:\Users\Zac\Desktop\Large Address Aware.exe
2015-10-17 12:42 - 2015-10-17 13:27 - 1563249428 _____ C:\Users\Zac\Downloads\Mods-Rebellion_v1.82.rar
2015-10-17 12:40 - 2015-10-17 12:40 - 00000222 _____ C:\Users\Zac\Desktop\Sins of a Solar Empire Rebellion.url
2015-10-17 12:29 - 2015-10-10 08:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-17 12:29 - 2015-10-10 07:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-17 12:29 - 2015-10-10 07:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-17 12:29 - 2015-10-06 04:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-17 12:29 - 2015-10-06 03:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-17 12:29 - 2015-10-01 05:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-17 12:29 - 2015-10-01 05:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-17 12:29 - 2015-10-01 05:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-17 12:29 - 2015-10-01 05:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-17 12:29 - 2015-10-01 05:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-17 12:29 - 2015-10-01 04:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-17 12:29 - 2015-09-25 05:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-17 12:29 - 2015-09-25 05:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-17 12:29 - 2015-09-25 04:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-17 12:29 - 2015-09-25 04:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-17 12:29 - 2015-09-25 04:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-17 12:29 - 2015-09-25 04:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-17 12:29 - 2015-09-25 04:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-17 12:29 - 2015-09-25 04:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-17 12:29 - 2015-09-25 04:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-17 12:29 - 2015-09-25 04:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-17 12:29 - 2015-09-25 04:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-17 12:29 - 2015-09-25 04:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-17 12:29 - 2015-09-25 04:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-17 12:29 - 2015-09-25 04:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-17 12:29 - 2015-09-25 04:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-17 12:29 - 2015-09-25 04:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-17 12:29 - 2015-09-25 04:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-17 12:29 - 2015-09-25 04:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-17 12:29 - 2015-09-25 04:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-17 12:29 - 2015-09-25 04:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-17 12:29 - 2015-09-25 04:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-17 12:29 - 2015-09-25 04:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-17 12:29 - 2015-09-25 04:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-17 12:29 - 2015-09-25 04:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-17 12:29 - 2015-09-25 04:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-17 12:29 - 2015-09-25 04:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-17 12:29 - 2015-09-25 03:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-17 12:29 - 2015-09-25 03:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-17 12:29 - 2015-09-25 03:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-17 12:29 - 2015-09-25 03:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-17 12:29 - 2015-09-25 03:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-17 12:29 - 2015-09-25 03:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-17 12:29 - 2015-09-25 03:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-17 12:29 - 2015-09-25 03:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-17 12:29 - 2015-09-25 03:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-17 12:29 - 2015-09-25 03:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-17 12:29 - 2015-09-25 03:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-17 12:29 - 2015-09-25 03:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-17 12:29 - 2015-09-25 03:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-17 12:29 - 2015-09-25 03:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-17 12:29 - 2015-09-25 03:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-17 12:29 - 2015-09-25 03:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-17 12:29 - 2015-09-25 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-17 12:29 - 2015-09-25 03:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-17 12:29 - 2015-09-25 03:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-17 12:29 - 2015-09-25 03:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-17 12:29 - 2015-09-25 03:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-17 12:29 - 2015-09-25 03:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-17 12:29 - 2015-09-25 03:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-17 12:29 - 2015-09-25 03:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-17 12:29 - 2015-09-25 03:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-17 12:29 - 2015-09-25 03:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-17 12:29 - 2015-09-25 03:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-17 12:29 - 2015-09-25 03:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-17 00:59 - 2015-10-17 00:59 - 00261056 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2015-10-17 00:44 - 2015-10-17 00:44 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-17 00:19 - 2015-10-17 00:19 - 00000000 ____D C:\Users\Zac\AppData\Local\Setup Integrity Check
2015-10-16 19:46 - 2015-10-16 19:47 - 00002799 ____T C:\WINDOWS\system32\lic2tmp.xml9851
2015-10-16 16:21 - 2015-10-16 16:21 - 00002226 _____ C:\Users\Public\Desktop\LEGO Digital Designer.lnk
2015-10-16 16:21 - 2015-10-16 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
2015-10-16 16:19 - 2015-10-16 16:19 - 00000000 ____D C:\Program Files (x86)\LEGO Company
2015-10-16 14:04 - 2015-10-16 16:03 - 225918672 _____ C:\Users\Zac\Downloads\setupLDD-PC-4_3_8 (1).exe
2015-10-16 13:46 - 2015-10-16 13:52 - 00002900 _____ C:\WINDOWS\system32\lic2.xml20177
2015-10-15 14:49 - 2015-10-15 14:51 - 13649120 _____ C:\Users\Zac\Downloads\RememberingHowWeMet.part2.rar
2015-10-15 13:31 - 2015-10-15 13:45 - 209715200 _____ C:\Users\Zac\Downloads\RememberingHowWeMet.part1.rar
2015-10-14 23:05 - 2015-10-14 23:05 - 00000000 ____D C:\Users\Zac\Documents\M2
2015-10-14 22:52 - 2015-10-14 22:52 - 00000000 ____D C:\Users\Zac\Desktop\TokyoSchoolLife
2015-10-12 21:38 - 2015-10-12 21:38 - 06557455 _____ C:\Users\Zac\Downloads\paint.net.4.0.6.install.zip
2015-10-10 12:55 - 2015-10-10 12:55 - 18576645 _____ C:\Users\Zac\Downloads\STO Extended Nude Mods 2.14.4 Installer.zip
2015-10-09 22:03 - 2015-10-09 22:03 - 00000000 _____ C:\Users\Zac\tracert
2015-10-05 18:20 - 2015-10-02 18:36 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-05 18:20 - 2015-10-02 18:36 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-01 20:35 - 2015-10-01 20:35 - 00002170 _____ C:\Users\Zac\Desktop\Battlefield 1942.lnk
2015-10-01 20:35 - 2015-10-01 20:35 - 00000000 _____ C:\Users\Zac\Desktop\0901-7424374-8206313-2142.txt
2015-10-01 20:18 - 2015-10-01 20:28 - 00000000 ____D C:\Users\Zac\Downloads\Battlefield.1942_edition_bf1942.ru
2015-10-01 20:04 - 2015-09-17 07:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-01 20:04 - 2015-09-17 07:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-01 20:04 - 2015-09-17 07:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-01 20:04 - 2015-09-17 07:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 20:04 - 2015-09-17 07:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-01 20:04 - 2015-09-17 07:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-01 20:04 - 2015-09-17 07:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-01 20:04 - 2015-09-17 07:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-01 20:04 - 2015-09-17 07:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-01 20:04 - 2015-09-17 07:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-01 20:04 - 2015-09-17 07:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-01 20:04 - 2015-09-17 07:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-01 20:04 - 2015-09-17 06:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-01 20:04 - 2015-09-17 06:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-01 20:04 - 2015-09-17 06:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-01 20:04 - 2015-09-17 06:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-01 20:04 - 2015-09-17 06:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-01 20:04 - 2015-09-17 06:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-01 20:04 - 2015-09-17 06:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-01 20:04 - 2015-09-17 06:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-01 20:04 - 2015-09-17 06:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-01 20:04 - 2015-09-17 06:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-01 20:04 - 2015-09-17 06:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-01 20:03 - 2015-09-19 06:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-01 20:03 - 2015-09-17 07:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-01 20:03 - 2015-09-17 07:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-01 20:03 - 2015-09-17 07:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-01 20:03 - 2015-09-17 07:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-01 20:03 - 2015-09-17 07:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-01 20:03 - 2015-09-17 07:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-01 20:03 - 2015-09-17 07:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-01 20:03 - 2015-09-17 07:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-01 20:03 - 2015-09-17 07:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-01 20:03 - 2015-09-17 07:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-01 20:03 - 2015-09-17 07:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-01 20:03 - 2015-09-17 07:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-01 20:03 - 2015-09-17 07:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-01 20:03 - 2015-09-17 07:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-01 20:03 - 2015-09-17 07:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-01 20:03 - 2015-09-17 07:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-01 20:03 - 2015-09-17 07:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-01 20:03 - 2015-09-17 07:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-01 20:03 - 2015-09-17 07:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-01 20:03 - 2015-09-17 07:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-01 20:03 - 2015-09-17 07:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-01 20:03 - 2015-09-17 07:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-01 20:03 - 2015-09-17 07:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-01 20:03 - 2015-09-17 07:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-01 20:03 - 2015-09-17 07:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-01 20:03 - 2015-09-17 07:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-01 20:03 - 2015-09-17 07:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-01 20:03 - 2015-09-17 07:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-01 20:03 - 2015-09-17 07:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-01 20:03 - 2015-09-17 07:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-01 20:03 - 2015-09-17 07:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-01 20:03 - 2015-09-17 07:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-01 20:03 - 2015-09-17 07:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-01 20:03 - 2015-09-17 07:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-01 20:03 - 2015-09-17 07:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-01 20:03 - 2015-09-17 07:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-01 20:03 - 2015-09-17 07:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-01 20:03 - 2015-09-17 07:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-01 20:03 - 2015-09-17 07:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-01 20:03 - 2015-09-17 07:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-01 20:03 - 2015-09-17 07:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-01 20:03 - 2015-09-17 07:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-01 20:03 - 2015-09-17 07:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-01 20:03 - 2015-09-17 07:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-01 20:03 - 2015-09-17 07:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-01 20:03 - 2015-09-17 07:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-01 20:03 - 2015-09-17 07:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-01 20:03 - 2015-09-17 07:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-01 20:03 - 2015-09-17 07:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-01 20:03 - 2015-09-17 07:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-01 20:03 - 2015-09-17 07:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-01 20:03 - 2015-09-17 07:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-01 20:03 - 2015-09-17 07:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-01 20:03 - 2015-09-17 07:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-01 20:03 - 2015-09-17 07:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-01 20:03 - 2015-09-17 07:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-01 20:03 - 2015-09-17 07:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 20:03 - 2015-09-17 06:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-01 20:03 - 2015-09-17 06:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-01 20:03 - 2015-09-17 06:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-01 20:03 - 2015-09-17 06:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-01 20:03 - 2015-09-17 06:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-01 20:03 - 2015-09-17 06:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-01 20:03 - 2015-09-17 06:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-01 20:03 - 2015-09-17 06:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-01 20:03 - 2015-09-17 06:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-01 20:03 - 2015-09-17 06:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-01 20:03 - 2015-09-17 06:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-01 20:03 - 2015-09-17 06:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-01 20:03 - 2015-09-17 06:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-01 20:03 - 2015-09-17 06:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-01 20:03 - 2015-09-17 06:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-01 20:03 - 2015-09-17 06:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-01 20:03 - 2015-09-17 06:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-01 20:03 - 2015-09-17 06:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-01 20:03 - 2015-09-17 06:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-01 20:03 - 2015-09-17 06:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-01 20:03 - 2015-09-17 06:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-01 20:03 - 2015-09-17 06:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-01 20:03 - 2015-09-17 06:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-01 20:03 - 2015-09-17 06:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-01 20:03 - 2015-09-17 06:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-01 20:03 - 2015-09-17 06:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-01 20:03 - 2015-09-17 06:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-01 20:03 - 2015-09-17 06:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-01 20:03 - 2015-09-17 06:50 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-10-01 20:03 - 2015-09-17 06:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-01 20:03 - 2015-09-17 06:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-01 20:03 - 2015-09-17 06:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-01 20:03 - 2015-09-17 06:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-01 20:03 - 2015-09-17 06:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-01 20:03 - 2015-09-17 06:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-01 20:03 - 2015-09-17 06:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-01 20:03 - 2015-09-17 06:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-01 20:03 - 2015-09-17 06:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-01 20:03 - 2015-09-17 06:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-01 20:03 - 2015-09-17 06:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-01 20:03 - 2015-09-17 06:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 20:03 - 2015-09-17 06:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-01 20:03 - 2015-09-17 06:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-01 20:03 - 2015-09-17 06:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-01 20:03 - 2015-09-17 06:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-01 20:03 - 2015-09-17 06:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-01 20:03 - 2015-09-17 06:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 20:03 - 2015-09-17 06:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-01 20:03 - 2015-09-17 06:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 20:03 - 2015-09-17 06:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-01 20:03 - 2015-09-17 06:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-01 20:03 - 2015-09-17 06:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-01 20:03 - 2015-09-17 06:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-01 20:03 - 2015-09-17 06:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-01 20:03 - 2015-09-17 06:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-01 20:03 - 2015-09-17 06:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-01 20:03 - 2015-09-17 06:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-01 20:03 - 2015-09-17 06:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-01 20:03 - 2015-09-17 06:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-01 20:03 - 2015-09-17 06:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-01 20:03 - 2015-09-17 06:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-01 20:03 - 2015-09-17 06:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-01 20:03 - 2015-09-17 06:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-01 20:03 - 2015-09-17 06:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-01 20:03 - 2015-09-17 06:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-01 20:03 - 2015-09-17 06:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-01 20:03 - 2015-09-17 06:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-01 20:03 - 2015-09-17 06:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-01 20:03 - 2015-09-17 06:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-01 20:03 - 2015-09-17 06:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-01 20:03 - 2015-09-17 06:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-01 20:03 - 2015-09-17 06:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 20:03 - 2015-09-17 06:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-01 20:03 - 2015-09-17 06:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-01 20:03 - 2015-09-17 06:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 20:03 - 2015-09-17 06:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-01 20:03 - 2015-09-17 06:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-01 20:03 - 2015-09-17 06:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-01 20:03 - 2015-09-17 06:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 20:03 - 2015-09-17 06:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-01 20:03 - 2015-09-17 06:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-01 20:03 - 2015-09-17 06:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-01 20:03 - 2015-09-17 06:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-01 20:03 - 2015-09-17 06:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-01 20:03 - 2015-09-17 06:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-01 20:03 - 2015-09-17 06:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 20:03 - 2015-09-17 06:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-01 20:03 - 2015-09-13 03:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-01 20:03 - 2015-09-13 02:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-01 20:02 - 2015-09-17 07:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-01 20:02 - 2015-09-17 07:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-01 20:02 - 2015-09-17 07:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-01 20:02 - 2015-09-17 07:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-01 20:02 - 2015-09-17 07:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-01 20:02 - 2015-09-17 07:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 20:02 - 2015-09-17 06:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-01 20:02 - 2015-09-17 06:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-01 20:02 - 2015-09-17 06:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 20:02 - 2015-09-17 06:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-01 20:02 - 2015-09-17 06:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-01 20:02 - 2015-09-17 06:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-01 20:02 - 2015-09-17 06:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-01 20:02 - 2015-09-17 06:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-01 20:02 - 2015-09-17 06:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-01 20:02 - 2015-09-17 06:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-01 20:02 - 2015-09-17 06:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 20:02 - 2015-09-17 06:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-01 20:02 - 2015-09-17 06:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-09-29 22:06 - 2015-09-29 22:06 - 00000000 ____D C:\Users\Zac\AppData\Local\SEGA
2015-09-29 17:55 - 2015-09-29 17:59 - 00000000 ____D C:\Users\Zac\Desktop\flex
2015-09-29 17:48 - 2015-09-29 17:54 - 343973963 _____ C:\Users\Zac\Downloads\flex_sdk_4.6.zip
2015-09-28 22:40 - 2015-09-28 22:44 - 00002900 _____ C:\WINDOWS\system32\lic2.xml6781
2015-09-28 22:01 - 2015-09-28 22:07 - 489326577 _____ C:\Users\Zac\Downloads\NHCmod_v2.700b.zip
2015-09-27 14:53 - 2015-09-27 14:53 - 00000222 _____ C:\Users\Zac\Desktop\Company of Heroes 2.url
2015-09-27 14:46 - 2015-09-27 14:46 - 05037313 _____ C:\Users\Zac\Downloads\The_Line.zip
2015-09-27 12:39 - 2015-10-22 01:20 - 00000000 ____D C:\Users\Zac\AppData\LocalLow\uTorrent
2015-09-26 14:49 - 2015-09-26 14:49 - 00000000 ____D C:\Users\Zac\Documents\SH3
2015-09-26 14:13 - 2015-09-26 14:14 - 00969584 _____ (ROBLOX Corporation) C:\Users\Zac\Downloads\RobloxPlayerLauncher (1).exe
2015-09-22 17:33 - 2015-09-22 17:39 - 00000000 ____D C:\Users\Zac\Downloads\Torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-22 15:08 - 2015-05-02 22:32 - 00000000 ____D C:\Users\Zac\AppData\Roaming\Skype
2015-10-22 15:07 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-22 15:06 - 2014-12-17 16:20 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-22 15:06 - 2014-12-17 16:12 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-22 15:05 - 2015-08-11 13:52 - 00000000 ____D C:\Users\Zac
2015-10-22 15:05 - 2015-08-11 13:49 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-22 02:37 - 2015-07-10 13:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-22 02:37 - 2014-12-29 16:53 - 00000000 ____D C:\Users\Zac\AppData\Roaming\uTorrent
2015-10-22 02:30 - 2015-03-01 15:13 - 00001423 _____ C:\WINDOWS\eReg.dat
2015-10-22 02:30 - 2014-06-17 15:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-22 02:26 - 2015-03-01 15:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-10-22 02:26 - 2015-03-01 15:01 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2015-10-22 01:46 - 2014-12-20 20:01 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-22 01:45 - 2014-12-17 16:12 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-22 01:19 - 2015-04-22 21:06 - 00000000 ____D C:\Program Files (x86)\GOG.com
2015-10-22 00:37 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-21 23:39 - 2015-01-23 21:10 - 00000000 ____D C:\Users\Zac\AppData\Local\LogMeIn Hamachi
2015-10-21 23:37 - 2015-07-10 13:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-21 23:36 - 2015-08-11 13:45 - 00019160 _____ C:\WINDOWS\PFRO.log
2015-10-21 23:36 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-10-21 16:13 - 2014-12-17 16:07 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6022E730-28AC-4FF8-9867-2A9B10687487}
2015-10-21 15:41 - 2015-01-19 23:59 - 00000000 ____D C:\Program Files\CCleaner
2015-10-21 15:33 - 2015-03-06 18:54 - 00000000 ____D C:\GOG Games
2015-10-21 15:32 - 2014-12-19 00:25 - 00000000 ____D C:\Users\Zac\Documents\My Games
2015-10-20 22:15 - 2014-12-17 20:41 - 00000000 ____D C:\ProgramData\Oracle
2015-10-20 22:13 - 2014-12-17 20:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-20 22:11 - 2015-09-01 21:32 - 00000000 ____D C:\Users\Zac\.oracle_jre_usage
2015-10-20 22:10 - 2013-08-22 15:07 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-10-20 22:08 - 2013-08-22 15:07 - 00000000 ____D C:\Program Files\Java
2015-10-20 22:05 - 2013-08-22 15:06 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-20 00:32 - 2015-07-28 12:10 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-19 23:47 - 2015-09-04 19:53 - 00000000 ____D C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Empires Dawn of the Modern World
2015-10-19 23:31 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-19 20:39 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-19 20:34 - 2015-02-20 21:49 - 00000000 __SHD C:\Users\Zac\AppData\Local\EmieUserList
2015-10-19 20:34 - 2015-02-20 21:49 - 00000000 __SHD C:\Users\Zac\AppData\Local\EmieSiteList
2015-10-19 19:05 - 2015-09-05 23:15 - 00221638 _____ C:\WINDOWS\DirectX.log
2015-10-19 18:53 - 2014-12-17 16:04 - 00000000 ____D C:\Users\Zac\AppData\Roaming\Real
2015-10-17 01:01 - 2015-01-02 17:46 - 00000000 ____D C:\Games
2015-10-17 00:58 - 2015-08-11 14:12 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-15 13:26 - 2015-06-12 20:52 - 00001469 _____ C:\Users\Zac\Desktop\ROBLOX Player.lnk
2015-10-15 13:26 - 2015-06-12 20:52 - 00001284 _____ C:\Users\Zac\Desktop\ROBLOX Studio.lnk
2015-10-15 13:26 - 2015-06-12 20:52 - 00000000 ____D C:\Users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-10-14 18:58 - 2015-07-16 11:04 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-14 18:58 - 2013-08-22 15:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-12 21:48 - 2015-08-22 17:30 - 00000000 ____D C:\Users\Zac\Desktop\potat
2015-10-12 21:48 - 2015-04-29 21:27 - 00001111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2015-10-12 21:48 - 2015-04-29 21:27 - 00001099 _____ C:\Users\Public\Desktop\paint.net.lnk
2015-10-12 21:48 - 2015-04-29 21:27 - 00000000 ____D C:\Program Files\paint.net
2015-10-10 12:45 - 2015-05-02 22:31 - 00000000 ____D C:\ProgramData\Skype
2015-10-09 23:42 - 2014-12-17 16:11 - 00000000 ___DO C:\Users\Zac\SkyDrive
2015-10-09 20:46 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-08 20:46 - 2015-02-19 18:44 - 00000000 ____D C:\Users\Zac\AppData\Local\Steam
2015-10-05 18:16 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-05 18:16 - 2015-07-10 12:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-05 18:16 - 2015-07-10 12:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-05 18:16 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-05 18:16 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-05 18:15 - 2015-07-10 12:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-05 18:15 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-05 18:15 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-09-29 18:06 - 2015-01-21 00:47 - 00000000 ____D C:\Users\Zac\Downloads\JPOG
2015-09-27 15:01 - 2014-12-20 14:12 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-09-26 14:26 - 2015-09-21 18:08 - 00000000 ____D C:\Users\Zac\Downloads\Silent Hunter III
2015-09-25 18:29 - 2015-07-10 12:04 - 00000000 ____D C:\WINDOWS\system32\NDF
 
==================== Files in the root of some directories =======
 
2015-08-13 22:23 - 2015-08-31 19:04 - 0007639 _____ () C:\Users\Zac\AppData\Local\Resmon.ResmonCfg
2014-12-31 13:43 - 2014-12-31 13:43 - 0000000 _____ () C:\Users\Zac\AppData\Local\{2FE1FACB-4A2F-49DD-B890-E466B644722E}
2015-07-28 12:56 - 2015-07-28 12:56 - 0045251 _____ () C:\ProgramData\1438084554.bdinstall.bin
2015-07-28 13:00 - 2015-07-28 13:00 - 0040216 _____ () C:\ProgramData\1438084827.5716.bin
2015-07-28 13:00 - 2015-07-28 13:00 - 0002048 _____ () C:\ProgramData\1438084827.6616.bin
2015-07-28 13:09 - 2015-07-28 13:09 - 0203266 _____ () C:\ProgramData\1438085146.bdinstall.bin
2015-08-11 13:50 - 2015-08-11 13:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Zac\AppData\Local\Temp\5d01lLjLiJ.exe
C:\Users\Zac\AppData\Local\Temp\7Z7TWI73vP.exe
C:\Users\Zac\AppData\Local\Temp\comver.dll
C:\Users\Zac\AppData\Local\Temp\detectionapi_rd.dll
C:\Users\Zac\AppData\Local\Temp\detectionui_r.exe
C:\Users\Zac\AppData\Local\Temp\directx10tests_rd.dll
C:\Users\Zac\AppData\Local\Temp\directx11tests_rd.dll
C:\Users\Zac\AppData\Local\Temp\directx9tests_rd.dll
C:\Users\Zac\AppData\Local\Temp\EPxUU9rUjS.exe
C:\Users\Zac\AppData\Local\Temp\J8wLFBE3xy.exe
C:\Users\Zac\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Zac\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Zac\AppData\Local\Temp\local.dll
C:\Users\Zac\AppData\Local\Temp\msvcp60.dll
C:\Users\Zac\AppData\Local\Temp\twapi-2.0a2.dll
C:\Users\Zac\AppData\Local\Temp\_is4B20.exe
C:\Users\Zac\AppData\Local\Temp\_is59A1.exe
C:\Users\Zac\AppData\Local\Temp\_is900A.exe
C:\Users\Zac\AppData\Local\Temp\_isD405.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-12 17:06
 
==================== End of FRST.txt ============================
 
Here is the Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Zac (2015-10-22 15:12:15)
Running from C:\Users\Zac\Downloads
Windows 10 Pro (X64) (2015-08-11 13:23:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2720369324-4127131470-97375407-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2720369324-4127131470-97375407-503 - Limited - Disabled)
Guest (S-1-5-21-2720369324-4127131470-97375407-501 - Limited - Disabled)
Zac (S-1-5-21-2720369324-4127131470-97375407-1001 - Administrator - Enabled) => C:\Users\Zac
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
1-2-3 Paint (HKLM-x32\...\{F8CED95B-AEC1-40C7-9053-47E13CFE0719}) (Version: 1.0.8.0 - Sensory Software)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Accessible PDF (HKLM-x32\...\{3896A0FA-DFE9-4EF3-87C6-1AE9B652B7DB}) (Version: 2.2.0 - Claro Software)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.172 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Alphabet Paint (HKLM-x32\...\{9EB6D7F5-1506-4EC7-8525-7A58B031E2AD}) (Version: 1.0.7.0 - Sensory Software)
Ameba (HKLM-x32\...\{C3B55A9E-2C00-4F8B-9441-4D0531A3CB7F}) (Version: 1.0.1.0 - Sensory Software)
Anno 2070 (HKLM-x32\...\Steam App 48240) (Version:  - BlueByte)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
BBC iPlayer Downloads (HKLM-x32\...\{C3794B09-6C43-4B93-9CA8-F10BECCF2971}) (Version: 1.11.1 - BBC)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
ClaroRead SE (HKLM-x32\...\{A82AE359-E2EB-47B5-A7BF-B5A220CFAC24}) (Version: 6.2.7 - Claro Software)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Command and ConquerTM Generals Zero Hour (HKLM-x32\...\InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}) (Version: 1.00.0000 - Electronic Arts)
Command and ConquerTM Generals Zero Hour (x32 Version: 1.00.0000 - Electronic Arts) Hidden
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Company of Heroes: Europe at War (HKLM-x32\...\Steam App 342370) (Version:  - Relic Entertainment)
Company of Heroes: The Great War 1918 (HKLM-x32\...\Steam App 314420) (Version:  - Relic Entertainment)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink Power2Go 10 (HKLM-x32\...\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}) (Version: 10.0.1210.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.5620 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Day of Defeat: Source (HKLM-x32\...\Steam App 300) (Version:  - Valve)
Dominion War Version 1.1 (HKLM-x32\...\{A99AA705-F6CF-48E5-B292-D2B32A566D23}) (Version: 1.1 - Alamo Productions)
Eastern Front (HKLM-x32\...\Eastern Front) (Version: 2.3.0.0 - )
Empire Earth 2 Gold Edition (HKLM-x32\...\Empire Earth 2 Gold Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Empires Dawn of the Modern World (HKLM-x32\...\Empires Dawn of the Modern World) (Version:  - )
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.16 - Echobit, LLC)
f.lux (HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\Flux) (Version:  - )
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Family Fund Launcher (HKLM-x32\...\{F184F792-2D3E-4CF7-8403-BF4D0C601475}) (Version: 1.0.0 - Claro Software)
FamilyFund version 2.0 (HKLM-x32\...\{E1B01443-4A1D-4986-BECC-2D043E0CF893}_is1) (Version: 2.0 - iansyst Ltd)
Foldit (HKLM-x32\...\Foldit) (Version:  - )
Fun Paint (HKLM-x32\...\{5B6FA30F-7460-4436-848B-FEDF88BEE915}) (Version: 1.0.7.0 - Sensory Software)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version:  - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GECK - New Vegas Edition (HKLM-x32\...\Steam App 22480) (Version:  - )
GlidePoint® Touchpad Driver 3 (HKLM\...\{F241938B-3134-4EE1-9DBE-D3C144C2FEE6}) (Version: 3.3.3 - Cirque Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Earth (HKLM-x32\...\{1B30DAC0-DE51-11E2-9A5B-B8AC6F98CCE3}) (Version: 7.1.1.1871 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life Deathmatch: Source (HKLM-x32\...\Steam App 360) (Version:  - Valve)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4170 - Intel Corporation)
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Kodu Game Lab (HKLM-x32\...\{C28BC379-0100-41B4-A976-7342FAD1C3A9}) (Version: 1.4.59 - Microsoft Research)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.383 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.383 - LogMeIn, Inc.) Hidden
Long Live the Queen (HKLM-x32\...\GOGPACKLLTQ_is1) (Version: 2.1.0.5 - GOG.com)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
Magma (HKLM-x32\...\{508049CA-0E79-4344-B15D-B6683DF6B3F2}) (Version: 1.0.1.0 - Sensory Software)
MDF to ISO version 1.0 (HKLM-x32\...\{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1) (Version: 1.0 - mdftoiso.com)
Men of War - Assault Squad 2 (HKLM-x32\...\Men of War - Assault Squad 2_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{51adbf11-493f-431c-a862-967a0fae2944}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{2af972c7-13b0-4978-92a8-fee26a4fb4e9}) (Version: 12.0.21005.1 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 2.0 (HKLM-x32\...\{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}) (Version: 2.0.11128.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{02BAAFC5-4E16-42E6-A9F6-8DDE0B7ED3B8}) (Version: 1.0.0.0 - Mojang)
Mini Metro (HKLM-x32\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
One SwitchMouse (HKLM-x32\...\{0D069513-3EF5-4BFC-ADD9-5B0953C2C97B}) (Version: 1.0.9 - Claro Interfaces)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Oska (HKLM-x32\...\{4C25DF67-E6CC-4B45-866B-D53A8711EC7E}) (Version: 2.9.0 - Claro Interfaces)
Oska WordBanks (HKLM-x32\...\{CAD7568C-1E05-4C02-ADF1-FA4F274F4564}) (Version: 1.0.1 - Claro Interfaces)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Python 2.7 PIL-1.1.7 (HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\PIL-py2.7) (Version:  - )
Python 2.7.2 (HKLM-x32\...\{2E295B5B-1AD4-4d36-97C2-A316084722CF}) (Version: 2.7.2150 - Python Software Foundation)
RealDownloader (x32 Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.2.8400.39032 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
ROBLOX Player for Zac (HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Zac (HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
ScreenRuler (HKLM-x32\...\{46243C14-2485-45EE-9B4E-609B71B5D5FF}) (Version: 3.0.5 - Claro Software)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization: Beyond Earth (HKLM-x32\...\Steam App 65980) (Version:  - Firaxis Games)
Sid Meier's Civilization: Beyond Earth SDK (HKLM-x32\...\Steam App 312800) (Version:  - )
Sid Meier's Pirates! (HKLM-x32\...\Steam App 3920) (Version:  - Firaxis Games)
Sid Meier's Starships (HKLM-x32\...\Steam App 282210) (Version:  - Firaxis Games)
Simple Port Forwarding (HKLM-x32\...\Simple Port Forwarding) (Version: 3.8.5 - PcWinTech.com)
Sins of a Solar Empire: Rebellion (HKLM-x32\...\Steam App 204880) (Version:  - Ironclad Games)
SketchUp 2013 (HKLM-x32\...\{72B622C9-AA10-47D7-A10C-377CF9BC8502}) (Version: 13.0.4124 - Trimble Navigation Limited)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Splodge (HKLM-x32\...\{C19C0479-B7D2-44C9-91A5-B75D6AEF3A8E}) (Version: 1.0.6.0 - Sensory Software)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version:  - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{9C7A56A5-D819-4996-96D5-3AFB48407309}) (Version: 6.1.6.0 - Husdawg, LLC)
This War of Mine (HKLM-x32\...\Steam App 282070) (Version:  - 11 bit studios)
Unity Web Player (HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Victoria II (HKLM-x32\...\Steam App 42960) (Version:  - Paradox Development Studio)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vocalizer Daniel from Claro Software (HKLM-x32\...\{36FB67D5-2099-41E0-8E28-7E061828845C}) (Version: 1.2.1.0 - Claro Software)
Vocalizer Serena from Claro Software (HKLM-x32\...\{4345FA12-BFC9-492B-B47C-C7BEF6785398}) (Version: 1.2.1.0 - Claro Software)
Windows Driver Package - Intel (NETwNe64) net  (01/28/2014 16.10.0.5) (HKLM\...\65854A11B96ADFB0DA71A849DF720CC7F52BCFAC) (Version: 01/28/2014 16.10.0.5 - Intel)
Windows Driver Package - Intel (NETwNe64) net  (10/31/2013 15.10.5.1) (HKLM\...\C81154A2BF1738B3523D18539C21B04E0E83A9D2) (Version: 10/31/2013 15.10.5.1 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (01/22/2012 14.3.2.1) (HKLM\...\CD88F0FADE1395C9F91302912FD35B13CF75C196) (Version: 01/22/2012 14.3.2.1 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (11/24/2013 15.9.2.1) (HKLM\...\120F46AF6CA0A743E2B3EABA5F69E3359D572C4C) (Version: 11/24/2013 15.9.2.1 - Intel)
Windows Driver Package - Intel net  (01/22/2012 14.3.2.1) (HKLM\...\4795C4A805590BF1276BCED3EB2478E5BF545E83) (Version: 01/22/2012 14.3.2.1 - Intel)
Windows Driver Package - Intel net  (01/28/2014 16.10.0.5) (HKLM\...\35872D905F40A83515AADF926923DDE0F9C27338) (Version: 01/28/2014 16.10.0.5 - Intel)
Windows Driver Package - Intel net  (10/31/2013 15.10.5.1) (HKLM\...\8E4ECB4E3B9963F8F7602F897AA13DFAA96C9D85) (Version: 10/31/2013 15.10.5.1 - Intel)
Windows Driver Package - Intel net  (11/24/2013 15.9.2.1) (HKLM\...\C5E60C4E20C2E801C12E052E190AEA3AC66AAA70) (Version: 11/24/2013 15.9.2.1 - Intel)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Warships (HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2720369324-4127131470-97375407-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Zac\AppData\Local\Roblox\Versions\version-212d2dea26134d09\RobloxProxy64.dll (ROBLOX Corporation)
 
==================== Restore Points =========================
 
09-10-2015 19:00:53 Scheduled Checkpoint
12-10-2015 21:45:33 paint.net 4.0.6
17-10-2015 00:41:58 Installed DirectX
19-10-2015 19:03:51 Installed DirectX
22-10-2015 02:03:41 Installed Command & Conquer Generals
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0BEA3493-44A9-4904-91B3-4FCBDDBA39E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {0E450A25-E310-4F14-B43E-22831A9B25AA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s -> No File <==== ATTENTION
Task: {4ADDBDBB-7AA3-4FC2-8687-22C57AB91C7E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5227BE4A-1F6B-4365-B509-19B5396211E7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {55A640A2-A6F4-4755-9DD4-E60CB64592D2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s -> No File <==== ATTENTION
Task: {65FAE011-597E-47C6-AF23-479F49F61991} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6AD77695-A8C1-4AFC-9578-3C4B0668D063} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6D85FADD-938C-4CC6-90C8-D7E09596C2F0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s -> No File <==== ATTENTION
Task: {7F4D6FD3-4BBD-437C-88D9-ACE02D7E70A5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-10s -> No File <==== ATTENTION
Task: {81B21D6B-E56F-4138-B390-CA2125C35FF5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {83847AA9-B566-4798-9809-F55B4E815ED8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {9DABE5F1-3C03-4B9F-BC1C-B6530E93C3F9} - System32\Tasks\{0748A3CE-B507-47E6-81F9-8C452814778B} => pcalua.exe -a C:\Users\Zac\Downloads\JPOG\uninstall.exe
Task: {AFD0C29B-EFE3-4777-942A-124A54587DA3} - \Microsoft\Windows\Setup\GWXTriggers\Time-10s -> No File <==== ATTENTION
Task: {B29F63BB-7F37-4111-BFB5-25503B8C3433} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {BD12FC6E-4CBE-4774-8038-143A9724D217} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {CD66558D-FCD8-4DAB-9629-3426930C4A48} - System32\Tasks\avastBCLRestartS-1-5-21-2720369324-4127131470-97375407-1001 => Chrome.exe 
Task: {D26993CA-CDAC-44DB-BD21-0361DCDE4974} - System32\Tasks\{E9E72DD7-513D-44C5-8674-1033763E4666} => pcalua.exe -a "C:\Program Files\GridinSoft Trojan Killer\uninst.exe"
Task: {E08149BD-08C8-47E3-8968-6ED999E30BAE} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {E21A04F5-8DF5-4881-9F8A-1A135D652576} - System32\Tasks\{86137A9A-E001-4D3A-868E-6E1B940BCCF8} => pcalua.exe -a C:\Users\Zac\Downloads\ns_install_v32.exe -d C:\Users\Zac\Downloads
Task: {ED321B88-9B79-4906-9FD4-82E4A6B03A20} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FD4389B3-8D05-49FF-B8E9-373982C65BA1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-11 14:40 - 2015-08-11 14:40 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-28 13:08 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2015-07-28 13:08 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2015-08-11 13:48 - 2013-05-07 01:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-08-19 13:20 - 2015-08-11 10:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2015-10-01 20:04 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 20:04 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 20:03 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-01 20:04 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 20:02 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 20:03 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 20:04 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-11 13:48 - 2015-10-21 23:37 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-08-11 13:48 - 2013-05-07 01:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-11-25 12:42 - 2013-05-13 23:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-03-12 23:52 - 2015-10-05 17:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-03-12 23:52 - 2015-07-03 17:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-03-12 23:52 - 2015-10-14 21:56 - 02423376 _____ () C:\Program Files (x86)\Steam\video.dll
2015-03-12 23:52 - 2015-07-03 17:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-03-12 23:52 - 2015-07-03 17:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-03-12 23:51 - 2015-09-24 01:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-03-12 23:51 - 2015-09-24 01:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-03-12 23:51 - 2015-09-24 01:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-03-12 23:51 - 2015-09-24 01:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-03-12 23:51 - 2015-09-24 01:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-03-12 23:52 - 2015-10-14 21:56 - 00705104 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 11:43 - 2015-10-09 19:13 - 00193024 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-01-28 22:55 - 2014-12-10 08:15 - 00626440 _____ () C:\Program Files (x86)\CyberLink\Power2Go10\CLMediaLibrary.dll
2015-10-19 20:47 - 2015-10-09 01:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll
2015-10-19 20:47 - 2015-10-09 01:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll
2015-03-12 23:52 - 2015-10-08 23:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Zac\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Zac\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\minecraft_166.cpl:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\mp32ogglab2004setup.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\PROWinx64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\RobloxPlayerLauncher (1).exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\setupLDD-PC-4_3_8 (1).exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\setupLDD-PC-4_3_8.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\Silverlight_x64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\simple_port_forwarding_setup.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\uTorrent.exe:BDU
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zac\Downloads\xpdh8OP.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "Persistence"
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\StartupApproved\Run: => "EvolveClient"
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\StartupApproved\Run: => "Power2GoExpress10"
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{4D16B602-0C29-47D5-8D64-8AD74B3A19F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{DC768C63-8217-49B3-9B2D-AD3C53C4BFFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{0C981138-FD91-4D27-B0C3-AD0B79A65554}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{55312C75-5276-43D7-B11E-DA17742BD647}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{72692635-5DB3-4C25-8359-8A4E27BF22AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6043D458-0465-4263-B89A-B5D03ED21FF7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{7D73D466-BA57-44ED-A716-BC13A0A31396}C:\games\cosmonautica v1.0.15.204\bin\cosmonautica.exe] => (Allow) C:\games\cosmonautica v1.0.15.204\bin\cosmonautica.exe
FirewallRules: [TCP Query User{1427730D-701D-4202-9B72-D43086A3BABA}C:\games\cosmonautica v1.0.15.204\bin\cosmonautica.exe] => (Allow) C:\games\cosmonautica v1.0.15.204\bin\cosmonautica.exe
FirewallRules: [UDP Query User{C1F0EE89-40BF-4B1A-8261-8EE6DE8E7220}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [TCP Query User{DA4A8464-B6A3-4146-BA4E-96AB792A7984}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{FE3CC27D-DC92-4D3D-BF91-DB0EC639177C}C:\program files (x86)\paradox interactive\naval war - arctic circle\nwac.exe] => (Allow) C:\program files (x86)\paradox interactive\naval war - arctic circle\nwac.exe
FirewallRules: [TCP Query User{4BA71006-0545-4500-8AD2-1E9DB732121A}C:\program files (x86)\paradox interactive\naval war - arctic circle\nwac.exe] => (Allow) C:\program files (x86)\paradox interactive\naval war - arctic circle\nwac.exe
FirewallRules: [{B2F507B8-68CD-4DAA-80F9-AE90C01FEC69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [{A3911F40-28C0-4CD9-A66E-E91D9665D860}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Guns of Icarus Online\workshop\Workshop.exe
FirewallRules: [UDP Query User{68EAF6A1-BB64-4D17-904C-C6C8B3EFD7F3}C:\users\zac\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\zac\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [TCP Query User{25A082F5-C791-4101-9DA4-4859E7F5CCCB}C:\users\zac\appdata\local\vghd\bin\virtuagirl_downloader.exe] => (Allow) C:\users\zac\appdata\local\vghd\bin\virtuagirl_downloader.exe
FirewallRules: [UDP Query User{106C337A-7119-4A85-A776-21F20D677DA0}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{BF8FB344-C9D6-45ED-83AA-29E7C05BA171}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{43D27D17-A0DD-47A1-B9A7-3F547ED85695}C:\program files (x86)\steam\steamapps\common\fallout tactics\bos_hr.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout tactics\bos_hr.exe
FirewallRules: [TCP Query User{CC59B57B-42D4-42ED-83D5-CA304044D4DD}C:\program files (x86)\steam\steamapps\common\fallout tactics\bos_hr.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout tactics\bos_hr.exe
FirewallRules: [{F5132141-F056-414B-9080-341FE67485A9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\Geck.exe
FirewallRules: [{894A3375-7A22-458D-B61D-E36CC1909904}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\Geck.exe
FirewallRules: [UDP Query User{9EC0A462-F4E3-436A-B899-74A5B0E8780D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CA8A0CE8-7A99-4C81-B0E9-D448F6747AF3}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{E613EB8D-7524-499E-A91E-7269F7A36A2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{A033D055-DFCB-4D61-8B72-B78E6D7951BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe
FirewallRules: [{3563BB75-D14C-4D43-883B-837FD46C1B8B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Pirates!\Pirates!.exe
FirewallRules: [{A57A1C65-B72A-4B3A-A863-626F469B8F56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Pirates!\Pirates!.exe
FirewallRules: [UDP Query User{4378D853-26CF-4068-B043-6F6C9EF1740C}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{00CAA812-30D9-4DC6-BEB2-359B542CD3A5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0DA78A26-95D7-4C15-BAA3-01E14A070F09}] => (Block) C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe
FirewallRules: [{F53816C8-0801-4682-A5BB-99580A5C4845}] => (Block) C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe
FirewallRules: [UDP Query User{7352A4D7-8666-46CA-8FD4-E32AEAD89D9A}C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe] => (Allow) C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe
FirewallRules: [TCP Query User{B608C2A9-E543-4455-B631-26B839B12D01}C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe] => (Allow) C:\program files (x86)\r.g. mechanics\total war - rome ii\rome2.exe
FirewallRules: [{8F76A323-F7A6-40D4-AA97-C7A595392CF6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{0DF742CA-0377-4F94-8B19-8B591A1DF0E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{A9527B1A-1B97-43A5-9B61-02548C4120DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{3F1644A4-8123-41A5-91A3-8D166C01CDB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 1 Source Deathmatch\hl2.exe
FirewallRules: [{915BBC29-89A6-4383-AD8A-9A7B343660C8}] => (Block) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe
FirewallRules: [{75CA7D6D-8F0B-4587-B143-4D0E78B41430}] => (Block) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe
FirewallRules: [UDP Query User{63E44BFE-8BA7-4474-B0DD-DD6D11E1F2B3}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe
FirewallRules: [TCP Query User{80B15D39-F03F-4AB7-98C0-54846727F633}C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\anno 1404\tools\anno4web.exe
FirewallRules: [{78E867A2-CBC3-4617-A9B6-94121FE0A5A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{55727B03-00DA-4430-894D-3CF0A5F7DA59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{674AF975-CE55-4607-9ADD-853C3A1D1D6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{59607DAF-0277-4950-B3F1-955A2C62A610}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{FDA42333-ADB9-4CCB-A328-47BBD2E87054}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{110D7BB3-7B6E-4A71-8E7D-9E1560956334}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{B3664A88-B77B-4F4B-8D1E-0A584D4F32F9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6FC4D210-3E54-4B7C-B23C-2FCB9214D2B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{06A13ED4-9622-4C52-B637-517286C52D53}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [TCP Query User{5252DF5C-37DE-4F29-9550-C3D2F8EDA3A3}C:\program files (x86)\ea games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\ea games\battlefield 1942\bf1942.exe
FirewallRules: [{D0BC60D2-AD81-4480-8C6D-26F8856909CA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E596658D-3A32-497D-9AFD-F685A2526123}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{32A81BB2-A424-4ED0-A66C-6174066FAEDE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FD1ECCF2-0F3C-4D72-8636-2E33AF805F24}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{F4BFDC04-AFF5-4DFD-A22A-C61F5B971046}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [TCP Query User{7611C7D6-7BF1-4540-9935-28288E888084}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe
FirewallRules: [{FC1323C3-ABF8-4291-84A7-069701072CC4}] => (Allow) C:\Users\Zac\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3386C913-7411-4A68-8B92-00211941176E}] => (Allow) C:\Users\Zac\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{676D68D3-7062-44C3-8433-2284D92DB538}C:\program files (x86)\1c company\men of war. assault squad\mow_assault_squad.exe] => (Allow) C:\program files (x86)\1c company\men of war. assault squad\mow_assault_squad.exe
FirewallRules: [TCP Query User{86C32853-8258-4235-B38F-6AC8C03BCD2C}C:\program files (x86)\1c company\men of war. assault squad\mow_assault_squad.exe] => (Allow) C:\program files (x86)\1c company\men of war. assault squad\mow_assault_squad.exe
FirewallRules: [UDP Query User{0CA5F179-F375-4C88-AEDC-DDB01CA7BB47}C:\users\zac\appdata\local\temp\ixp000.tmp\ez multiplayer gm8.exe] => (Allow) C:\users\zac\appdata\local\temp\ixp000.tmp\ez multiplayer gm8.exe
FirewallRules: [TCP Query User{4230DE8C-F44B-4387-90DA-DE02705DA2F0}C:\users\zac\appdata\local\temp\ixp000.tmp\ez multiplayer gm8.exe] => (Allow) C:\users\zac\appdata\local\temp\ixp000.tmp\ez multiplayer gm8.exe
FirewallRules: [UDP Query User{84AF79E3-0E50-4262-B11E-049574050BEF}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{17FB85E8-E878-4BBA-87CB-0105C579B345}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{DEED8B06-AFB1-4165-8109-1C72687D4E36}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{6BFFD3E2-74B0-4CB2-9F20-BF9472F280AA}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [UDP Query User{42F9E90D-B3AF-4521-91EC-5EAA654D0696}C:\program files (x86)\anno 1701\anno1701.exe] => (Allow) C:\program files (x86)\anno 1701\anno1701.exe
FirewallRules: [TCP Query User{5F4C6E8F-8D6E-413B-AF49-5781A13E890A}C:\program files (x86)\anno 1701\anno1701.exe] => (Allow) C:\program files (x86)\anno 1701\anno1701.exe
FirewallRules: [UDP Query User{FF0614E5-E86D-4C1A-AE4D-A2559B47A3A2}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{718869CA-1365-4EDF-B071-E4A6865E2C1C}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{FD215AD9-46DF-407B-8469-5F341A05030A}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{BD27A2C0-814F-4E6B-B7F2-BB010704ECE0}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{AEA1023B-8DF5-4C53-AD51-41646EE2FF5D}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [TCP Query User{19DE82E5-57F3-4608-A918-9C865D4F2EE6}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe
FirewallRules: [{CE8AF143-4FBF-4DCB-8B25-20E25E776B34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{18CF4733-9E56-43A9-9CE0-1F5B812C1C2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{89D1A1E6-3B53-41FC-8822-92CACF27D043}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{93BF43E9-49E1-44C7-9EDE-D38023D47873}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{0A9A3DA3-4FB2-4BCC-B58D-E2E08BE6D639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{412338A1-E505-4A7E-BB4C-09615740BC86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Trek Online\Star Trek Online.exe
FirewallRules: [{F6302B42-1C42-4211-9768-E4CC5B475609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{9D0BDF64-690F-421B-95C8-FA9751837262}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{33E1C174-632C-4722-8EB5-280874AC442C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{FAB01A3F-CB71-4537-A17D-955092BBDE90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Day of Defeat Source\hl2.exe
FirewallRules: [{8517914C-6A08-4130-AF16-76F6F966519D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{598FA6AD-825C-4767-97A1-32E86AEE02BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{3CFF9FE6-DC2F-4400-B03D-6E6F045E6F16}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{14F3C7B2-ECA2-43F9-B1AF-DB7F867730D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{8528CF2F-F01F-4234-BCC6-BDC6E70A8CC7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth SDK\Sid Meier's Civilization Beyond Earth SDK.exe
FirewallRules: [{EE016E7C-334A-4520-9201-98FE42CDA8F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth SDK\Sid Meier's Civilization Beyond Earth SDK.exe
FirewallRules: [{339016ED-0DBC-475E-AE2D-71784F7AA2F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{5033ECBF-9361-471C-9A03-4D8AD9AEF28C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Victoria 2\victoria2.exe
FirewallRules: [{FD8B656F-BE3A-4D6B-A062-A9743BCD6C56}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{3186E592-5EAB-4BB0-88EA-6973D1E33089}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{59A79A38-DFA8-4EFB-9A39-19CC64FCC425}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E26D5E26-8BD5-435F-BE19-47D45AF372CD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3DFAD2C9-7606-451E-A3EA-61EC10D5CB74}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{470B8AC7-3512-4620-9A1E-6E2B64249B5A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{5BFCDA75-5FC9-4141-A3A1-FFCDFE8E2626}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{6306288E-7F3F-4768-908B-853D59B7E1AA}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{9035F77F-0700-45B0-A6E7-7D845A6FA951}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{EB74D97A-15BE-4E0E-9B3C-14599DC3249F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{5B0C6FAD-837D-450E-AF5E-E1F690610EF3}] => (Allow) C:\Program Files (x86)\Haemimont Games\Grand Ages Rome - Gold Edition\Rome.exe
FirewallRules: [{414AE57F-2E24-4DF0-9877-7DC16779D26B}] => (Allow) C:\Program Files (x86)\Haemimont Games\Grand Ages Rome - Gold Edition\Rome.exe
FirewallRules: [{D4FE5A1F-5C0D-4B3B-B4A3-0934A7FB8D8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{C0B3B777-CB12-438C-9A4B-A959242ACA44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{9BE500AA-911C-4060-9C91-90F9A1F8B9DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E265B60D-8A2D-47BE-B7B9-315E03B41649}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{3B3D6AC8-2827-4E91-A1C2-12C8166DA551}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Starships\Starships64.exe
FirewallRules: [{A826979A-CF2B-4E69-B427-460A5DD7B488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Starships\Starships64.exe
FirewallRules: [{A3EC2FB5-8B28-4B4D-AFB6-B2457ADACF04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 2070\Anno5.exe
FirewallRules: [{5AA42339-EB82-44AB-BBD6-93128CE1BEAA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 2070\Anno5.exe
FirewallRules: [{5D925E93-5809-4C91-B572-AA75F99D14DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 2070\Anno5.exe
FirewallRules: [{DA22D5DA-1016-4878-ACF5-5A2E660993A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Anno 2070\Anno5.exe
FirewallRules: [{E1539092-C509-4C6E-A5AB-26E6552F16E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{767070E7-55E3-4085-9DEA-C2857B5A0D5F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_DX11.exe
FirewallRules: [{A805C279-13C3-48BD-8E77-C16F3648048D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{293A1375-970C-4B01-B4BC-1285E15C77FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization Beyond Earth\CivilizationBE_Mantle.exe
FirewallRules: [{DAABC628-9EB0-46D2-8260-52A7E434A355}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{B9E35611-725E-4947-B31D-2A9158B749D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [TCP Query User{3177956A-C50B-4199-9D6D-389CED897F99}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E5DDBB36-858B-4D07-9FEC-7F41ADA89371}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{770C81A1-659B-453A-A923-01F51A27A9F4}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [UDP Query User{EC9B58E6-334E-4B33-95BE-64CFEA874217}C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe] => (Allow) C:\program files (x86)\portforward\port forward network utilities\pfportchecker.exe
FirewallRules: [TCP Query User{6F3D6470-FA3D-4316-8125-4B119C048F09}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
FirewallRules: [UDP Query User{3FA2CE6A-2593-48CD-BEF9-625C93BE9C03}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
FirewallRules: [TCP Query User{0BB373F9-814D-4E00-B78F-606FD86AC1DF}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{9FDD14C7-893D-460F-B62C-23E5C7DFDF4D}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{A7BD2B40-55DE-49DA-AEBA-CA6650121F3C}C:\program files (x86)\r.g. mechanics\empire earth 2 gold edition\ee2x.exe] => (Allow) C:\program files (x86)\r.g. mechanics\empire earth 2 gold edition\ee2x.exe
FirewallRules: [UDP Query User{0D8124E3-4B30-427F-B9B5-4959480DF0E6}C:\program files (x86)\r.g. mechanics\empire earth 2 gold edition\ee2x.exe] => (Allow) C:\program files (x86)\r.g. mechanics\empire earth 2 gold edition\ee2x.exe
FirewallRules: [TCP Query User{2E2EF051-FDAE-4831-85B8-CB3EAE5FAF6C}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{D7B510DD-AB21-4046-BDAA-E7430EDBB255}C:\program files\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [{04A05EB2-4306-480C-B9DB-279357B8DD64}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{AC0F62A2-D39D-4C97-AEA3-38CB825AC376}] => (Allow) C:\Program Files (x86)\Simple Port Forwarding\spf.exe
FirewallRules: [{13C4960C-50DA-4BCB-AA6F-96794FB89D3A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{7AF7BDF4-EB67-4A3D-9DB8-597CCF8F50BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\RelicCOH.exe
FirewallRules: [{4887966E-3E08-4172-ABAF-077423B0323B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{48BB3E59-AF78-4EBE-A132-BEB393D05AA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{21AA2FD5-80CC-4670-BC38-25A01F42A4F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2 Tools\ModBuilder.exe
FirewallRules: [{9D41AD4A-8960-4FFE-B7DD-6D6C4196AD84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Company of Heroes 2 Tools\ModBuilder.exe
FirewallRules: [{B5DEDE36-3813-4A3E-8EE8-AC115C049647}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{6EAC152D-6742-4D26-B272-60B79973595B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Solar Empire Rebellion\Sins of a Solar Empire Rebellion.exe
FirewallRules: [{08E5E174-730D-40FF-AC6C-2D9522B6A2D3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/22/2015 02:37:58 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAC2)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/22/2015 02:24:47 AM) (Source: MsiInstaller) (EventID: 1013) (User: ZAC2)
Description: Product: Command & Conquer Generals -- 1: This installation cannot be run by directly launching the MSI package. You must run setup.exe.
 
Error: (10/22/2015 02:15:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program game.dat version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1b30
 
Start Time: 01d10c670862fee0
 
Termination Time: 1
 
Application Path: C:\Program Files (x86)\EA GAMES\Command and Conquer Generals\game.dat
 
Report Id: 573543b3-785a-11e5-830a-a0a8cda02bd8
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/22/2015 02:04:07 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (10/21/2015 10:03:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpyHunter4.exe version 4.20.9.4533 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 12b4
 
Start Time: 01d10c0feb202914
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
 
Report Id: a37b2791-7830-11e5-8309-a0a8cda02bd8
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (10/21/2015 09:47:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAC2)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/21/2015 09:44:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAC2)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/21/2015 07:30:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAC2)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/21/2015 05:55:55 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAC2)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (10/21/2015 05:43:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: ZAC2)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (10/22/2015 02:38:09 AM) (Source: DCOM) (EventID: 10010) (User: ZAC2)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (10/22/2015 02:38:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
 
Error: (10/22/2015 02:38:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session1 service to connect.
 
Error: (10/22/2015 02:38:08 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_Session1 service, but this action failed with the following error: 
%%1056
 
Error: (10/22/2015 02:37:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/22/2015 02:37:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/22/2015 02:37:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/22/2015 02:37:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/22/2015 02:37:58 AM) (Source: DCOM) (EventID: 10010) (User: ZAC2)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (10/21/2015 11:39:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2015-10-21 23:37:35.314
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-21 23:37:35.104
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-19 23:50:15.589
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-19 23:50:15.254
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-19 23:23:55.467
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-19 23:23:41.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-19 20:43:18.672
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-19 20:43:18.604
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-17 00:53:13.432
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\lirsgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-10-17 00:53:00.164
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\atksgt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G3250 @ 3.20GHz
Percentage of memory in use: 70%
Total physical RAM: 3968.17 MB
Available physical RAM: 1171.45 MB
Total Virtual: 8832.17 MB
Available Virtual: 5174.57 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:450.44 GB) (Free:145.48 GB) NTFS
Drive d: (Fallout2_CD) (CDROM) (Total:0.59 GB) (Free:0 GB) UDF
Drive e: (GeneralsZH1) (CDROM) (Total:0.39 GB) (Free:0 GB) CDFS
Drive f: (GENERALSZH2) (CDROM) (Total:0.54 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 37B20BDA)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
I have also noticed in your log file you are using uTorrent P2P program. We at Geeks to go ! Recommend removing these type of programs, they are a known cause of Malware infections. When you use file sharing programs like this you can never be sure of the file content and you are put at a much greater risk for infection. I strongly recommend you remove this program before we begin our work.

I also suggest you refrain from using Hitman pro without guidance. I have 3 computers that are now unbootable because of it.

Next

A few items to fix. You will need to save this fixlog.txt to your C:\Users\Zac\Downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Open notepad (Start =>All Programs => Accessories => Notepad).
Copy/Paste the contents of the code box below into Notepad.
 
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {477f7e48-4400-11e5-82fd-a0a8cda02bd8} - "G:\autorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {57ffb0c9-1991-11e5-82e9-a0a8cda02bd8} - "F:\noautorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {5d75fbb8-166e-11e5-82e9-a0a8cda02bd8} - "E:\autorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {a9b539e5-46af-11e5-82fd-a0a8cda02bd8} - "H:\CDCheck.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKU\S-1-5-21-2720369324-4127131470-97375407-1001 -> DefaultScope {A904FB8A-F392-4FCE-83CD-EA278C31A76A} URL = 
SearchScopes: HKU\S-1-5-21-2720369324-4127131470-97375407-1001 -> {A904FB8A-F392-4FCE-83CD-EA278C31A76A} URL = 
U5 REALPLAYERUPDATESVC; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-09-27 12:39 - 2015-10-22 01:20 - 00000000 ____D C:\Users\Zac\AppData\LocalLow\uTorrent
2015-10-22 02:37 - 2014-12-29 16:53 - 00000000 ____D C:\Users\Zac\AppData\Roaming\uTorrent
2015-10-19 20:34 - 2015-02-20 21:49 - 00000000 __SHD C:\Users\Zac\AppData\Local\EmieUserList
2015-10-19 20:34 - 2015-02-20 21:49 - 00000000 __SHD C:\Users\Zac\AppData\Local\EmieSiteList
2015-07-28 12:56 - 2015-07-28 12:56 - 0045251 _____ () C:\ProgramData\1438084554.bdinstall.bin
2015-07-28 13:00 - 2015-07-28 13:00 - 0040216 _____ () C:\ProgramData\1438084827.5716.bin
2015-07-28 13:00 - 2015-07-28 13:00 - 0002048 _____ () C:\ProgramData\1438084827.6616.bin
2015-07-28 13:09 - 2015-07-28 13:09 - 0203266 _____ () C:\ProgramData\1438085146.bdinstall.bin
AlternateDataStreams: C:\Users\Zac\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Zac\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\minecraft_166.cpl:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\mp32ogglab2004setup.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\PROWinx64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\RobloxPlayerLauncher (1).exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\setupLDD-PC-4_3_8 (1).exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\setupLDD-PC-4_3_8.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\Silverlight_x64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\simple_port_forwarding_setup.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\uTorrent.exe:BDU
 CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
  • Click Format and ensure Wordwrap is unchecked.
  • Save as Fixlist.txt to your C:\Users\Zac\Downloads (Must be in this location)
  • Run FRST/FRST64 and press the Fix button just once and wait.
  • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
  • The tool will make a log located here==> C:\Users\Zac\Downloads (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.



    Next

    Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at "C"

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.


    In your next reply post;
  • Fixlog.txt
  • The AdwCleaner [SO].txt Log
  • The JRT.txt Log

  • 0

#5
Legocadet

Legocadet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Here is the Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:21-10-2015 01
Ran by Zac (2015-10-22 17:59:41) Run:2
Running from C:\Users\Zac\Downloads
Loaded Profiles: Zac (Available Profiles: Zac)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {477f7e48-4400-11e5-82fd-a0a8cda02bd8} - "G:\autorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {57ffb0c9-1991-11e5-82e9-a0a8cda02bd8} - "F:\noautorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {5d75fbb8-166e-11e5-82e9-a0a8cda02bd8} - "E:\autorun.exe" 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\...\MountPoints2: {a9b539e5-46af-11e5-82fd-a0a8cda02bd8} - "H:\CDCheck.exe" 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = 
SearchScopes: HKU\S-1-5-21-2720369324-4127131470-97375407-1001 -> DefaultScope {A904FB8A-F392-4FCE-83CD-EA278C31A76A} URL = 
SearchScopes: HKU\S-1-5-21-2720369324-4127131470-97375407-1001 -> {A904FB8A-F392-4FCE-83CD-EA278C31A76A} URL = 
U5 REALPLAYERUPDATESVC; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-09-27 12:39 - 2015-10-22 01:20 - 00000000 ____D C:\Users\Zac\AppData\LocalLow\uTorrent
2015-10-22 02:37 - 2014-12-29 16:53 - 00000000 ____D C:\Users\Zac\AppData\Roaming\uTorrent
2015-10-19 20:34 - 2015-02-20 21:49 - 00000000 __SHD C:\Users\Zac\AppData\Local\EmieUserList
2015-10-19 20:34 - 2015-02-20 21:49 - 00000000 __SHD C:\Users\Zac\AppData\Local\EmieSiteList
2015-07-28 12:56 - 2015-07-28 12:56 - 0045251 _____ () C:\ProgramData\1438084554.bdinstall.bin
2015-07-28 13:00 - 2015-07-28 13:00 - 0040216 _____ () C:\ProgramData\1438084827.5716.bin
2015-07-28 13:00 - 2015-07-28 13:00 - 0002048 _____ () C:\ProgramData\1438084827.6616.bin
2015-07-28 13:09 - 2015-07-28 13:09 - 0203266 _____ () C:\ProgramData\1438085146.bdinstall.bin
AlternateDataStreams: C:\Users\Zac\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Zac\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\minecraft_166.cpl:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\mp32ogglab2004setup.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\PROWinx64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\RobloxPlayerLauncher (1).exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\setupLDD-PC-4_3_8 (1).exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\setupLDD-PC-4_3_8.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\Silverlight_x64.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\simple_port_forwarding_setup.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\UnityWebPlayer.exe:BDU
AlternateDataStreams: C:\Users\Zac\Downloads\uTorrent.exe:BDU
 CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset catalog
CMD: ipconfig /flushdns
RemoveProxy:
hosts:
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{477f7e48-4400-11e5-82fd-a0a8cda02bd8} => key not found. 
HKCR\CLSID\{477f7e48-4400-11e5-82fd-a0a8cda02bd8} => key not found. 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57ffb0c9-1991-11e5-82e9-a0a8cda02bd8} => key not found. 
HKCR\CLSID\{57ffb0c9-1991-11e5-82e9-a0a8cda02bd8} => key not found. 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d75fbb8-166e-11e5-82e9-a0a8cda02bd8} => key not found. 
HKCR\CLSID\{5d75fbb8-166e-11e5-82e9-a0a8cda02bd8} => key not found. 
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9b539e5-46af-11e5-82fd-a0a8cda02bd8} => key not found. 
HKCR\CLSID\{a9b539e5-46af-11e5-82fd-a0a8cda02bd8} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key not found. 
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A904FB8A-F392-4FCE-83CD-EA278C31A76A} => key not found. 
HKCR\CLSID\{A904FB8A-F392-4FCE-83CD-EA278C31A76A} => key not found. 
REALPLAYERUPDATESVC => service not found.
wfpcapture => service not found.
"C:\Users\Zac\AppData\LocalLow\uTorrent" => not found.
"C:\Users\Zac\AppData\Roaming\uTorrent" => not found.
"C:\Users\Zac\AppData\Local\EmieUserList" => not found.
"C:\Users\Zac\AppData\Local\EmieSiteList" => not found.
"C:\ProgramData\1438084554.bdinstall.bin" => not found.
"C:\ProgramData\1438084827.5716.bin" => not found.
"C:\ProgramData\1438084827.6616.bin" => not found.
"C:\ProgramData\1438085146.bdinstall.bin" => not found.
"C:\Users\Zac\SkyDrive" => ":ms-properties" ADS not found.
"C:\Users\Zac\Downloads\FRST64.exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\mbam-setup-2.2.0.1024.exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\minecraft_166.cpl" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\mp32ogglab2004setup.exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\PROWinx64.exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\RobloxPlayerLauncher (1).exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\setupLDD-PC-4_3_8 (1).exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\setupLDD-PC-4_3_8.exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\Silverlight_x64.exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\simple_port_forwarding_setup.exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\UnityWebPlayer.exe" => ":BDU" ADS not found.
"C:\Users\Zac\Downloads\uTorrent.exe" => ":BDU" ADS not found.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2720369324-4127131470-97375407-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 2 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:04:03 ====

 

Here is the AdwCleaner log

 

# AdwCleaner v5.014 - Logfile created 19/10/2015 at 23:17:38
# Updated 18/10/2015 by Xplode
# Database : 2015-10-18.5 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Zac - ZAC2
# Running from : C:\Users\Zac\Downloads\adwcleaner_5.014.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Common Files\4f596ec3-77fb-4fc3-82cb-691c42c71d77
Folder Found : C:\Program Files (x86)\Common Files\7d981f9d-43ff-4844-a2f8-499114283074
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\{19639328-61d2-605d-1963-3932861d4ca1}
Folder Found : C:\ProgramData\4f596ec3-77fb-4fc3-82cb-691c42c71d77
Folder Found : C:\ProgramData\7d981f9d-43ff-4844-a2f8-499114283074
Folder Found : C:\Users\Zac\AppData\Roaming\Nosibay
Folder Found : C:\Users\Zac\AppData\Roaming\Store
Folder Found : C:\Users\Zac\AppData\Roaming\WTools
 
***** [ Files ] *****
 
File Found : C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\Zac\AppData\Roaming\Bubble Dock.boostrap.log
File Found : C:\Users\Zac\AppData\Roaming\Bubble Dock.installation.log
File Found : C:\Users\Zac\AppData\Roaming\Selection Tools.installation.log
File Found : C:\Users\Zac\AppData\Roaming\WindApp.boostrap.log
File Found : C:\Users\Zac\AppData\Roaming\WindApp.installation.log
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : amiupdaterExd
Task Found : amiupdaterExi
 
***** [ Registry ] *****
 
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
Key Found : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found : HKCU\Software\Nosibay
Key Found : HKCU\Software\Store
Key Found : HKCU\Software\UpdateStar
Key Found : HKCU\Software\WTools
Key Found : HKCU\Software\OB
Key Found : HKCU\Software\WEBAPP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 228200
Key Found : [x64] HKCU\Software\Nosibay
Key Found : [x64] HKCU\Software\Store
Key Found : [x64] HKCU\Software\UpdateStar
Key Found : [x64] HKCU\Software\WTools
Key Found : [x64] HKCU\Software\OB
Key Found : [x64] HKCU\Software\WEBAPP
 
***** [ Web browsers ] *****
 
[C:\Users\Zac\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3433 bytes] ##########
 

 

Here is the JRT log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Pro x64
Ran by Zac on 22/10/15 at 18:16:45.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\WINDOWS\SysWOW64\REN3084.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\REN4453.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\RENB3B1.tmp
Successfully deleted: [File] C:\WINDOWS\SysWOW64\REND9F0.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Zac\Appdata\Local\1610
 
 
 
~~~ Chrome
 
 
[C:\Users\Zac\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Zac\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\Zac\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Zac\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/10/15 at 18:21:10.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hello,

On the adwCleaner part make sure you run the clean option so it removes the files, you presently ran the scan option, so do a scan, click log file, then click clean.

Lets run a Malwarebytes scan as well;
 
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.


    Posting the Malwarebytes log.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.


  • 0

#7
Legocadet

Legocadet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Here is the log 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 22/10/15
Scan Time: 10:06 PM
Logfile: Byte log.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.10.22.05
Rootkit Database: v2015.10.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Zac
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 358136
Time Elapsed: 31 min, 14 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 8
PUP.Optional.Amonitize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}, , [7c81de7b6526f34399d912e43ec3dd23], 
PUP.Optional.Amonitize, HKLM\SOFTWARE\CLASSES\dream.capture.1, , [7c81de7b6526f34399d912e43ec3dd23], 
PUP.Optional.Amonitize, HKLM\SOFTWARE\CLASSES\dream.capture, , [7c81de7b6526f34399d912e43ec3dd23], 
PUP.Optional.Amonitize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dream.capture, , [7c81de7b6526f34399d912e43ec3dd23], 
PUP.Optional.Amonitize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dream.capture, , [7c81de7b6526f34399d912e43ec3dd23], 
PUP.Optional.Amonitize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dream.capture.1, , [7c81de7b6526f34399d912e43ec3dd23], 
PUP.Optional.Amonitize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dream.capture.1, , [7c81de7b6526f34399d912e43ec3dd23], 
PUP.Optional.Amonitize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}, , [7c81de7b6526f34399d912e43ec3dd23], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.DownLoadAdmin, C:\Users\Zac\Downloads\minecraft_166.cpl, , [24d9a7b2602b191d331bad995da413ed], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hello,

How is the computer ?
  • 0

#9
Legocadet

Legocadet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

The computer is running fine the ads are clearing up on the pages, thank you for the help.


  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Hello,

It's important to clean up the tools I had you download and log files. Defix will do that for us.

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#11
Legocadet

Legocadet

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Here is the report for you

 

# DelFix v1.011 - Logfile created 23/10/2015 at 01:40:46
# Updated 18/08/2015 by Xplode
# Username : Zac - ZAC2
# Operating System : Windows 10 Pro  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Zac\Desktop\JRT.txt
Deleted : C:\Users\Zac\Downloads\Addition.txt
Deleted : C:\Users\Zac\Downloads\adwcleaner_5.014.exe
Deleted : C:\Users\Zac\Downloads\Fixlog.txt
Deleted : C:\Users\Zac\Downloads\FRST.txt
Deleted : C:\Users\Zac\Downloads\FRST64.exe
Deleted : C:\Users\Zac\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Cleaning system restore ...
 
Deleted : RP #19 [Scheduled Checkpoint | 10/09/2015 18:00:53]
Deleted : RP #21 [paint.net 4.0.6 | 10/12/2015 20:45:33]
Deleted : RP #22 [Installed DirectX | 10/16/2015 23:41:58]
Deleted : RP #23 [Installed DirectX | 10/19/2015 18:03:51]
Deleted : RP #24 [Installed Command & Conquer Generals | 10/22/2015 01:03:41]
Deleted : RP #26 [Restore Point Created by FRST | 10/22/2015 16:54:51]
Deleted : RP #28 [Restore Point Created by FRST | 10/22/2015 16:59:42]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,799 posts
Looks good thanks,

You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: Adware Removal

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP