Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My Computer Is Infected - Please help


  • Please log in to reply

#1
snowfox217

snowfox217

    New Member

  • Member
  • Pip
  • 8 posts

Hello!

 

My computer has somehow become infected with a very mean virus. It's so mean, that it will not allow me to run any antivirus software to help get rid of it. I've tried using malware bytes, bitdefender, and avast!. And every time I try to use them (even in safe mode) they won't run. What I mean is when I try to run a scan, the antivirus will start scanning, but then it'll freeze up and a notification will pop up saying that the service is unresponsive, please try again. And when I try again, it still doesn't work. Also the computer will just randomly shut off for no reason. Please help! If you need any more information, please let me know. Below are the FRST.txt and Addition.txt copied and pasted one after the other.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-10-2017
Ran by Hayes 2 (administrator) on HAYES2-PC (17-10-2017 21:34:12)
Running from C:\Users\Hayes 2\Downloads
Loaded Profiles: Hayes 2 (Available Profiles: Hayes 2)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15120504 2016-02-17] (Logitech Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-10-17] (AVAST Software)
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [Conime] => C:\Windows\SysWOW64\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Hayes 2\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [44024 2017-06-04] (Glarysoft Ltd)
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\MountPoints2: {99d0025a-cba0-11e2-8e5d-0022684d9600} - I:\setup.exe -a
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\MountPoints2: {c06f1c69-77bc-11e2-bf16-0022684d9600} - I:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\MountPoints2: {d35e0ec0-b893-11dc-b94a-0022684d9600} - I:\KODAK_Camera_Setup_App.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCopy.lnk [2009-04-07]
ShortcutTarget: SmartCopy.lnk -> C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartLauncher.lnk [2009-04-07]
ShortcutTarget: SmartLauncher.lnk -> C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe (North Star com.)
BootExecute: autocheck autochk *  BootDefrag.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52680;https=127.0.0.1:52680
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{9712E214-2095-4240-BE72-812D046DB980}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{DB72EBFF-D75A-4BC8-B63D-E898BA946843}: [DhcpNameServer] 64.13.74.12 64.13.115.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1094520485-351602351-698667415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM-x32 -> DefaultScope {047C5C97-290A-4AF7-9439-266C08770795} URL =
SearchScopes: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> {6281C22D-CF32-4CDE-B498-51832E86A8BE} URL = hxxp://isearch.shopathome.com?user_id={090a07b7-1599-43e5-b988-8c29ad526194}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-22] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-10-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-22] (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-10-17] (AVAST Software)
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab

FireFox:
========
FF ProfilePath: C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287 [2017-10-17]
FF Extension: (Youtube Downloader mp3) - C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287\Extensions\@youtube_downloader.xpi [2017-10-15]
FF Extension: (Avast Online Security) - C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287\Extensions\[email protected] [2017-10-17]
FF Extension: (Save Button for Pinterest) - C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2017-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-07] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\I - Tunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @unity3d.com/UnityPlayer -> C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll [2008-01-04] (Unity Technologies ApS)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [2007-04-16] ()
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2013-09-27] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1094520485-351602351-698667415-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [2012-05-01] (doubleTwist Corporation)
FF Plugin HKU\S-1-5-21-1094520485-351602351-698667415-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Hayes 2\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll [2009-10-19] ()
FF Plugin HKU\S-1-5-21-1094520485-351602351-698667415-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hayes 2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1094520485-351602351-698667415-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-10-18] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Hayes 2\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default [2017-10-17]
CHR Extension: (hxxps://www.youtube.com/results?search_query=) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapfpinekdpglppiajnjacjabcbaoloa [2017-06-29]
CHR Extension: (Entanglement Web App) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-09-16]
CHR Extension: (Google Drive) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-04]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-04]
CHR Extension: (Savings Button: Deals + Cash Back) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2008-01-01]
CHR Extension: (Pandora) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-09-16]
CHR Extension: (Google Docs Offline) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-04]
CHR Extension: (Private Search) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\innpkjmckmjjpejjanemggpbhlnbbgcf [2017-01-25]
CHR Extension: (Chess Parlour) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlajmljkfdollkblobinchlijmficpof [2014-09-16]
CHR Extension: (Poppit!) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-09-16]
CHR Extension: (God is Love - 1920x1200) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\miifebnaijmglpekagcclomafchejlpk [2014-09-16]
CHR Extension: (Fantasy on Yahoo! Sports) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchojkpkbofjpjiahnabhbofpeaipjpo [2014-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (TypingClub) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2014-09-16]
CHR Profile: C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-10-15]
CHR Profile: C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-10-15]
CHR Extension: (Google Slides) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-26]
CHR Extension: (Google Docs) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-26]
CHR Extension: (Google Drive) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-26]
CHR Extension: (YouTube) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-26]
CHR Extension: (Google Search) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-26]
CHR Extension: (Google Sheets) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-02]
CHR Extension: (Gmail) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-26]
CHR Profile: C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-15]
CHR HKU\S-1-5-21-1094520485-351602351-698667415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1094520485-351602351-698667415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [knhpkjjdbjjchglnophlnghcdefpanlc] - <no Path/update_url>
CHR HKU\S-1-5-21-1094520485-351602351-698667415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - <no Path/update_url>
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\default_apps\search.crx [2015-07-31]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2008-01-01] (SUPERAntiSpyware.com)
S3 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [7084784 2016-01-16] (Emsisoft Ltd)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-17] (Adobe Systems Incorporated) [File not signed]
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7446024 2017-10-17] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-10-17] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-04-02] ()
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-25] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-26] (EasyAntiCheat Ltd) [File not signed]
S2 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [726016 2008-09-08] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-05] (WildTangent)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
S3 gupdate1c9e7c4d856c020; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
S4 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
S3 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160272 2008-05-02] (Logitech, Inc.)
S2 Live Updater Service; C:\Program Files\GATEWAY\Gateway Updater\UpdaterService.exe [257440 2016-06-08] (Acer Incorporated) [File not signed]
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-17] (Logitech Inc.)
S3 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-03-29] (NOS Microsystems Ltd.)
S2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [221696 2008-09-08] () [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-10-02] (Electronic Arts)
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-29] ()
S3 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [215160 2017-01-15] ()
S3 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S3 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [650560 2017-05-03] (WiseCleaner.com)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [321032 2017-10-17] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198976 2017-10-17] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343288 2017-10-17] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57736 2017-10-17] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [105128 2017-10-17] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [47008 2017-10-17] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [147776 2017-10-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [79232 2017-10-17] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84416 2017-10-17] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1020536 2017-10-17] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [587168 2017-10-17] (AVAST Software)
S3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [245416 2017-10-17] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [363440 2017-10-17] (AVAST Software)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-09] ()
S3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD64.sys [432256 2007-04-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [318336 2009-11-03] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2009-11-03] (Beceem communications pvt ltd.)
S1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [138920 2013-04-17] (Bitdefender SRL)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows ® Win 7 DDK provider)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [21704 2012-03-22] (Cambridge Silicon Radio Limited)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [22200 2016-01-09] () [File not signed]
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-08-02] (EldoS Corporation)
S1 epp64; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\epp64.sys [138504 2016-01-16] (Emsisoft GmbH)
S1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-29] (Glarysoft Ltd)
S1 Hmonitor45; C:\Windows\SysWOW64\drivers\hmonitor45.sys [14544 2011-07-28] (OpenLibSys.org)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-06-29] (REALiX™)
S3 ladfGSS; C:\Windows\System32\drivers\ladfGSS.sys [45200 2016-02-15] (Logitech Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-09] ()
S3 LTXMD_VAC; C:\Windows\System32\drivers\lmvac.sys [28944 2011-05-06] (Windows ® Win 7 DDK provider)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2005-08-27] (NVIDIA Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)
S0 qhpbzs; no ImagePath
S0 raeehd; no ImagePath
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [204288 2008-06-04] (Realtek Semiconductor Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-04-23] () [File not signed]
S3 WiseRegNotify; C:\Windows\WiseRegNotify.sys [29616 2016-10-01] (WiseCleaner.com) [File not signed]
S1 360FsFlt; system32\DRIVERS\360FsFlt.sys [X]
S0 avc3; system32\DRIVERS\avc3.sys [X]
S3 avckf; system32\DRIVERS\avckf.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 CsrBthAudioHF; system32\DRIVERS\CsrBthAudioHF.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrhfgcc; system32\DRIVERS\csrhfgcc.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 csr_bthav; system32\drivers\csrbthav.sys [X]
S4 gzflt; system32\DRIVERS\gzflt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S0 trufos; system32\DRIVERS\trufos.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-17 21:34 - 2017-10-17 21:35 - 000027394 _____ C:\Users\Hayes 2\Downloads\FRST.txt
2017-10-17 21:31 - 2017-10-17 21:34 - 000000000 ____D C:\FRST
2017-10-17 21:31 - 2017-10-17 21:31 - 002401792 _____ (Farbar) C:\Users\Hayes 2\Downloads\FRST64.exe
2017-10-17 21:31 - 2017-10-17 21:31 - 000007836 _____ C:\Windows\system32\PerfStringBackup.TMP
2017-10-17 20:21 - 2017-10-17 20:10 - 000105128 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-10-17 20:04 - 2017-10-17 20:04 - 000439744 _____ C:\Windows\system32\FNTCACHE.DAT
2017-10-17 20:02 - 2017-10-17 20:02 - 000125032 _____ C:\Users\Hayes 2\AppData\Local\GDIPFONTCACHEV1.DAT
2017-10-17 19:57 - 2017-10-17 19:57 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\AVAST Software
2017-10-17 19:56 - 2017-10-17 19:56 - 001020536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-10-17 19:56 - 2017-10-17 19:56 - 000587168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-10-17 19:56 - 2017-10-17 19:56 - 000401488 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-10-17 19:56 - 2017-10-17 19:56 - 000363440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-10-17 19:56 - 2017-10-17 19:56 - 000245416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-10-17 19:56 - 2017-10-17 19:56 - 000147776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-10-17 19:56 - 2017-10-17 19:56 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-10-17 19:56 - 2017-10-17 19:56 - 000079232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-10-17 19:56 - 2017-10-17 19:56 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-10-17 19:56 - 2017-10-17 19:56 - 000001787 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-10-17 19:56 - 2017-10-17 19:56 - 000000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2017-10-17 19:56 - 2017-10-17 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-10-17 19:56 - 2017-10-17 19:55 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-10-17 19:56 - 2017-10-17 19:55 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-10-17 19:56 - 2017-10-17 19:55 - 000198976 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-10-17 19:56 - 2017-10-17 19:55 - 000057736 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-10-17 19:54 - 2017-10-17 19:56 - 000000000 ____D C:\ProgramData\AVAST Software
2017-10-17 19:54 - 2017-10-17 19:54 - 006654960 _____ (AVAST Software) C:\Users\Hayes 2\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2017-10-17 19:54 - 2017-10-17 19:54 - 000000000 ____D C:\Program Files\AVAST Software
2017-10-17 19:48 - 2017-10-17 19:48 - 000044477 _____ C:\ProgramData\1508287719.1908.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000038421 _____ C:\ProgramData\1508287719.2036.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000037602 _____ C:\ProgramData\1508287714.bdinstall.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000004488 _____ C:\ProgramData\1508287719.1976.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000003945 _____ C:\ProgramData\1508287719.1972.bin
2017-10-17 19:47 - 2017-10-17 21:32 - 000965522 _____ C:\Windows\ntbtlog.txt
2017-10-15 22:19 - 2017-10-15 22:21 - 000000000 ____D C:\EEK
2017-10-15 22:03 - 2017-10-15 22:03 - 000000000 ____D C:\ProgramData\MB2Migration
2017-10-15 22:03 - 2017-10-15 22:03 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-26 08:04 - 2017-09-26 08:04 - 000079027 _____ C:\Users\Hayes 2\Downloads\Paystub_ACH_172124_from_CIS_OF_BRAZORIA_COUNTY_INC._3400.pdf
2017-09-25 15:37 - 2017-09-25 15:37 - 000000222 _____ C:\Users\Hayes 2\Desktop\ORION Prelude.url
2017-09-23 10:07 - 2017-09-23 10:07 - 000000000 ____D C:\Users\Hayes 2\AppData\LocalLow\Blizzard Entertainment
2017-09-23 10:05 - 2017-09-23 10:05 - 000000801 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2017-09-23 10:05 - 2017-09-23 10:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2017-09-23 10:01 - 2017-09-23 10:06 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2017-09-17 01:02 - 2017-09-17 01:02 - 000010769 _____ C:\Users\Hayes 2\Documents\Renfest 2017.odt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-17 21:25 - 2010-05-17 14:13 - 000000732 _____ C:\Users\Hayes 2\AppData\Local\d3d9caps64.dat
2017-10-17 21:20 - 2016-11-19 10:24 - 000000000 ____D C:\Users\Hayes 2\AppData\LocalLow\Mozilla
2017-10-17 21:16 - 2009-04-07 14:34 - 000000000 _____ C:\Windows\system32\LogConfigTemp.xml
2017-10-17 21:16 - 2006-11-02 10:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-17 21:16 - 2006-11-02 10:22 - 000004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-10-17 21:16 - 2006-11-02 10:22 - 000004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-10-17 20:41 - 2006-11-02 10:42 - 000032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-10-17 20:40 - 2011-10-29 15:59 - 000000000 ____D C:\Users\Hayes 2\AppData\Local\CrashDumps
2017-10-17 20:30 - 2006-11-02 07:46 - 000900728 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-17 19:59 - 2009-08-24 18:04 - 000000000 ____D C:\Windows\Minidump
2017-10-17 19:57 - 2009-08-21 00:28 - 000002032 _____ C:\Users\Hayes 2\AppData\Local\d3d9caps.dat
2017-10-17 13:46 - 2006-11-02 07:33 - 110886912 _____ C:\Windows\system32\config\software_previous
2017-10-17 13:45 - 2016-10-01 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-10-17 13:45 - 2016-10-01 16:02 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-10-17 13:45 - 2016-07-23 16:14 - 000000000 ____D C:\Users\Hayes 2\Desktop\AV's and Cleaners
2017-10-17 13:45 - 2016-01-02 11:45 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-10-17 13:45 - 2013-03-19 15:30 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\Wise Care 365
2017-10-17 13:45 - 2013-03-19 15:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Care 365
2017-10-17 13:45 - 2012-09-12 01:37 - 000000000 ____D C:\ProgramData\iolo
2017-10-17 13:45 - 2012-09-12 01:37 - 000000000 ____D C:\Program Files (x86)\iolo
2017-10-17 13:45 - 2011-12-24 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-10-17 13:45 - 2011-12-05 12:48 - 000000000 ____D C:\Users\Hayes 2\AppData\Local\Akamai
2017-10-17 13:45 - 2009-05-28 21:42 - 000000000 ____D C:\Program Files (x86)\CCleaner
2017-10-17 13:45 - 2009-05-19 22:00 - 000000000 ____D C:\Program Files (x86)\Steam
2017-10-17 13:45 - 2006-11-02 08:34 - 000000000 ____D C:\Windows\system32\spool
2017-10-17 13:45 - 2006-11-02 08:33 - 000000000 ____D C:\Windows\registration
2017-10-17 13:45 - 2006-11-02 08:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-10-17 13:45 - 2006-11-02 08:33 - 000000000 ____D C:\Windows\inf
2017-10-17 13:41 - 2006-11-02 07:33 - 048234496 _____ C:\Windows\system32\config\system_previous
2017-10-17 10:47 - 2009-05-19 18:22 - 000000000 ____D C:\Users\Hayes 2
2017-10-17 09:54 - 2006-11-02 07:33 - 076808192 _____ C:\Windows\system32\config\components_previous
2017-10-17 09:54 - 2006-11-02 07:33 - 000061440 _____ C:\Windows\system32\config\sam_previous
2017-10-17 06:46 - 2006-11-02 07:33 - 003932160 _____ C:\Windows\system32\config\default_previous
2017-10-17 06:46 - 2006-11-02 07:33 - 000028672 _____ C:\Windows\system32\config\security_previous
2017-10-16 14:37 - 2017-04-23 13:15 - 000001133 _____ C:\Users\Hayes 2\Desktop\nativelog.txt
2017-10-15 22:03 - 2016-10-01 16:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-06 09:27 - 2011-10-27 20:13 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\SoftGrid Client
2017-10-06 01:05 - 2017-05-09 22:27 - 000000000 ____D C:\Users\Hayes 2\Documents\SeaBounty
2017-10-05 23:58 - 2012-05-31 23:54 - 000000000 ____D C:\ProgramData\AlawarWrapper
2017-10-04 18:49 - 2013-07-29 19:13 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\.minecraft
2017-10-02 20:29 - 2014-04-13 20:59 - 000000000 ____D C:\Users\Hayes 2\AppData\Local\Daedalic Entertainment
2017-09-27 22:34 - 2017-05-07 00:02 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\Alawar
2017-09-25 15:37 - 2009-11-04 13:24 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-23 12:31 - 2014-02-11 20:21 - 000000000 ____D C:\Users\Hayes 2\AppData\Local\Battle.net
2017-09-23 10:07 - 2012-01-10 15:02 - 000000000 ____D C:\Program Files (x86)\StarCraft
2017-09-23 10:00 - 2014-02-11 20:21 - 000000000 ____D C:\Program Files (x86)\Battle.net
2017-09-21 18:14 - 2014-09-10 14:03 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-09-20 22:12 - 2012-07-10 23:40 - 000000000 ____D C:\ProgramData\Alawar Stargaze

==================== Files in the root of some directories =======

2012-10-23 23:01 - 2012-10-23 23:01 - 000062205 _____ () C:\Users\Hayes 2\AppData\Roaming\asdf turbo.csa
2012-10-24 01:21 - 2012-10-25 10:36 - 000061163 _____ () C:\Users\Hayes 2\AppData\Roaming\asdf.csa
2012-10-23 22:27 - 2002-08-08 15:31 - 000065690 _____ () C:\Users\Hayes 2\AppData\Roaming\Big Thunder.csa
2010-12-22 01:05 - 2010-12-22 01:05 - 000000002 _____ () C:\Users\Hayes 2\AppData\Roaming\ceville_console_history.txt
2012-10-22 20:54 - 2012-10-22 22:57 - 000059187 _____ () C:\Users\Hayes 2\AppData\Roaming\Corkscew.csa
2009-06-19 00:03 - 2009-06-19 00:03 - 000066780 _____ () C:\Users\Hayes 2\AppData\Roaming\CRAZY 1.csa
2009-06-19 00:30 - 2009-06-19 00:30 - 000059259 _____ () C:\Users\Hayes 2\AppData\Roaming\crazy 2.csa
2012-10-23 22:27 - 2002-08-14 21:06 - 000074886 _____ () C:\Users\Hayes 2\AppData\Roaming\Depth Charge.csa
2012-10-22 23:15 - 2012-10-22 23:15 - 000066781 _____ () C:\Users\Hayes 2\AppData\Roaming\Dizzy yet 1.csa
2012-10-23 22:27 - 2002-08-08 15:31 - 000065591 _____ () C:\Users\Hayes 2\AppData\Roaming\Fall Ratio.csa
2003-11-02 22:00 - 2012-10-23 22:15 - 000080658 _____ () C:\Users\Hayes 2\AppData\Roaming\Golden Rush.csa
2012-10-24 00:04 - 2012-10-24 00:46 - 000063543 _____ () C:\Users\Hayes 2\AppData\Roaming\I will rise.csa
2015-09-23 21:35 - 2015-09-23 21:35 - 000084926 _____ () C:\Users\Hayes 2\AppData\Roaming\icarus-dxdiag.xml
2010-11-07 14:34 - 2012-10-29 20:00 - 000002150 _____ () C:\Users\Hayes 2\AppData\Roaming\LoadCach.bin
2012-10-23 22:27 - 2002-08-08 15:31 - 000065019 _____ () C:\Users\Hayes 2\AppData\Roaming\Park Night.csa
2012-10-23 22:27 - 2002-08-08 15:31 - 000065359 _____ () C:\Users\Hayes 2\AppData\Roaming\Phire Werx.csa
2012-10-23 22:27 - 2002-08-08 15:31 - 000070501 _____ () C:\Users\Hayes 2\AppData\Roaming\Plum Crazy.csa
2009-06-18 23:39 - 2012-10-25 18:01 - 000000335 _____ () C:\Users\Hayes 2\AppData\Roaming\prefs.bin
2010-10-13 09:21 - 2010-10-13 09:21 - 000000760 _____ () C:\Users\Hayes 2\AppData\Roaming\setup_ldm.iss
2012-10-23 22:27 - 2002-08-08 15:31 - 000065239 _____ () C:\Users\Hayes 2\AppData\Roaming\Space Mountain Paris.csa
2015-10-03 08:54 - 2015-10-03 08:54 - 000001588 _____ () C:\Users\Hayes 2\AppData\Roaming\SpeedRunnersLog.txt
2012-10-25 18:11 - 2012-10-25 18:11 - 000060878 _____ () C:\Users\Hayes 2\AppData\Roaming\steele.csa
2012-10-23 22:27 - 2002-08-08 15:31 - 000063043 _____ () C:\Users\Hayes 2\AppData\Roaming\Tapeworm.csa
2015-12-27 17:35 - 2016-01-09 11:08 - 000000098 _____ () C:\Users\Hayes 2\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg
2012-10-23 22:27 - 2002-08-08 15:31 - 000064872 _____ () C:\Users\Hayes 2\AppData\Roaming\Toontown Twister.csa
2012-10-24 00:52 - 2012-10-24 00:52 - 000059025 _____ () C:\Users\Hayes 2\AppData\Roaming\tunnel.csa
2014-05-18 13:59 - 2014-05-18 13:59 - 000000043 _____ () C:\Users\Hayes 2\AppData\Roaming\WB.CFG
2009-11-18 10:15 - 2014-10-12 21:55 - 000000694 _____ () C:\Users\Hayes 2\AppData\Roaming\wklnhst.dat
2012-10-23 22:27 - 2002-08-08 15:31 - 000063863 _____ () C:\Users\Hayes 2\AppData\Roaming\X 25s.csa
2009-09-25 23:24 - 2009-09-25 23:24 - 000000552 _____ () C:\Users\Hayes 2\AppData\Local\d3d8caps.dat
2009-08-21 00:28 - 2017-10-17 19:57 - 000002032 _____ () C:\Users\Hayes 2\AppData\Local\d3d9caps.dat
2010-05-17 14:13 - 2017-10-17 21:25 - 000000732 _____ () C:\Users\Hayes 2\AppData\Local\d3d9caps64.dat
2009-05-26 01:59 - 2012-06-07 17:59 - 000198656 _____ () C:\Users\Hayes 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-22 19:23 - 2009-12-22 19:24 - 000014214 _____ () C:\Users\Hayes 2\AppData\Local\dd_depcheck_NETFX20_EXP_35.txt
2010-05-03 23:18 - 2015-02-16 11:01 - 002342398 _____ () C:\Users\Hayes 2\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2009-12-22 19:23 - 2009-12-22 19:24 - 000001506 _____ () C:\Users\Hayes 2\AppData\Local\dd_dotnetfx20error.txt
2009-12-22 19:23 - 2009-12-22 19:24 - 000055010 _____ () C:\Users\Hayes 2\AppData\Local\dd_dotnetfx20install.txt
2010-05-03 23:17 - 2010-05-03 23:17 - 000000002 _____ () C:\Users\Hayes 2\AppData\Local\dd_dotnetfx35error.txt
2010-05-03 23:17 - 2015-02-16 11:02 - 003724860 _____ () C:\Users\Hayes 2\AppData\Local\dd_dotnetfx35install.txt
2013-12-24 00:49 - 2013-12-24 00:49 - 002843734 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI159D.txt
2014-04-27 21:55 - 2014-04-27 21:56 - 002840706 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI3748.txt
2014-07-30 20:59 - 2014-07-30 21:00 - 002849892 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI3D4A.txt
2015-02-16 11:01 - 2015-02-16 11:02 - 002845846 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI4C27.txt
2010-11-24 20:04 - 2010-11-24 20:04 - 002320836 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI5FD9.txt
2013-01-05 01:40 - 2013-01-05 01:40 - 000411530 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0019.txt
2010-12-12 01:18 - 2010-12-12 01:18 - 000364890 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI006C.txt
2013-04-22 06:24 - 2013-04-22 06:24 - 000370474 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI01C2.txt
2014-06-28 07:16 - 2014-06-28 07:16 - 000369356 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0269.txt
2012-11-23 02:27 - 2012-11-23 02:27 - 000369416 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI03CB.txt
2010-01-15 12:40 - 2010-01-15 12:40 - 000440300 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0452.txt
2013-12-30 01:26 - 2013-12-30 01:27 - 000415216 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI06CF.txt
2015-07-22 20:08 - 2015-07-22 20:08 - 000423980 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0B50.txt
2012-11-22 23:51 - 2012-11-22 23:51 - 000367006 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0C65.txt
2013-08-21 12:38 - 2013-08-21 12:38 - 000387510 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0D79.txt
2013-08-21 12:38 - 2013-08-21 12:38 - 000377894 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0D8D.txt
2013-02-14 17:37 - 2013-02-14 17:37 - 000372202 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI11D7.txt
2014-10-24 18:41 - 2014-10-24 18:41 - 000377170 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI12E4.txt
2013-07-22 02:29 - 2013-07-22 02:29 - 000370460 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI13D5.txt
2013-03-23 10:29 - 2013-03-23 10:29 - 000371248 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI14BC.txt
2012-12-13 16:12 - 2012-12-13 16:12 - 000371528 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI167F.txt
2012-12-13 16:12 - 2012-12-13 16:12 - 000361352 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI1699.txt
2012-06-28 01:02 - 2012-06-28 01:02 - 000367112 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI173F.txt
2013-07-15 08:58 - 2013-07-15 08:58 - 000368702 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI1ACC.txt
2011-01-17 21:30 - 2011-01-17 21:30 - 000366992 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI1D22.txt
2013-06-22 09:12 - 2013-06-22 09:12 - 000412862 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI1FE4.txt
2013-12-03 22:52 - 2013-12-03 22:52 - 000418474 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI2141.txt
2011-07-27 11:52 - 2011-07-27 11:53 - 000367376 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI2E77.txt
2013-11-09 22:11 - 2013-11-09 22:11 - 000386868 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI2EBF.txt
2013-03-23 11:05 - 2013-03-23 11:05 - 000370094 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI3067.txt
2011-07-29 11:24 - 2011-07-29 11:24 - 000367098 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI34F2.txt
2013-07-16 21:48 - 2013-07-16 21:48 - 000349926 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI35E5.txt
2015-10-30 20:58 - 2015-10-30 20:58 - 000371774 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI36D4.txt
2015-10-30 20:58 - 2015-10-30 20:58 - 000360662 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI36EE.txt
2012-07-18 20:42 - 2012-07-18 20:43 - 000464870 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI397D.txt
2015-04-29 16:27 - 2015-04-29 16:27 - 000379464 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI3EBA.txt
2011-09-16 11:55 - 2011-09-16 11:55 - 000367098 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI40FC.txt
2012-11-25 14:20 - 2012-11-25 14:20 - 000422980 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4257.txt
2014-06-27 18:45 - 2014-06-27 18:45 - 000377540 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI440D.txt
2011-11-19 17:28 - 2011-11-19 17:28 - 000365692 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4895.txt
2013-07-16 22:13 - 2013-07-16 22:13 - 000369334 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4976.txt
2015-01-22 22:51 - 2015-01-22 22:51 - 000384178 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4A20.txt
2014-06-22 21:50 - 2014-06-22 21:50 - 000370274 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4AC6.txt
2015-02-16 11:02 - 2015-02-16 11:02 - 000369676 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4CD4.txt
2013-11-28 15:36 - 2013-11-28 15:36 - 000376236 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4D01.txt
2011-04-27 00:11 - 2011-04-27 00:11 - 000421250 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4F2D.txt
2011-10-10 13:17 - 2011-10-10 13:17 - 000363094 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5345.txt
2012-12-22 02:18 - 2012-12-22 02:18 - 000413420 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI56C6.txt
2011-06-24 13:09 - 2011-06-24 13:10 - 000366452 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI56F6.txt
2013-07-20 01:48 - 2013-07-20 01:48 - 000371484 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI57CE.txt
2015-01-01 11:36 - 2015-01-01 11:36 - 000380608 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5C74.txt
2009-11-23 23:55 - 2009-11-23 23:56 - 000427070 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5C90.txt
2011-10-19 12:09 - 2011-10-19 12:09 - 000367022 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5E00.txt
2010-11-24 20:02 - 2010-11-24 20:02 - 000368116 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5E6E.txt
2010-11-24 20:02 - 2010-11-24 20:02 - 000353234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5E7B.txt
2012-12-28 20:08 - 2012-12-28 20:08 - 000368926 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5EAF.txt
2011-10-19 12:11 - 2011-10-19 12:11 - 000418480 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI6007.txt
2012-11-22 14:32 - 2012-11-22 14:32 - 000369452 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI60D2.txt
2015-01-01 11:42 - 2015-01-01 11:42 - 000379144 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI6149.txt
2015-01-01 11:42 - 2015-01-01 11:42 - 000531090 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI616A.txt
2016-12-03 13:19 - 2016-12-03 13:19 - 000379296 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI6CD9.txt
2013-07-16 23:03 - 2013-07-16 23:03 - 000368944 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI6F7A.txt
2012-04-26 15:25 - 2012-04-26 15:25 - 000365796 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI7196.txt
2015-11-27 19:12 - 2015-11-27 19:13 - 000380566 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI71D2.txt
2012-04-26 12:38 - 2012-04-26 12:38 - 000366784 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI71F6.txt
2012-12-21 18:35 - 2012-12-21 18:35 - 000368214 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI746F.txt
2014-12-30 18:22 - 2014-12-30 18:22 - 000401200 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI76C9.txt
2012-11-24 14:27 - 2012-11-24 14:27 - 000367674 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI7946.txt
2012-10-27 12:03 - 2012-10-27 12:03 - 000367094 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI7FA7.txt
2013-01-05 01:40 - 2013-01-05 01:40 - 000092312 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0019.txt
2010-12-12 01:18 - 2010-12-12 01:18 - 000015530 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI006C.txt
2013-04-22 06:24 - 2013-04-22 06:24 - 000019726 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI01C2.txt
2014-06-28 07:16 - 2014-06-28 07:16 - 000012846 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0269.txt
2012-11-23 02:27 - 2012-11-23 02:27 - 000014038 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI03CB.txt
2010-01-15 12:40 - 2010-01-15 12:40 - 000011376 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0452.txt
2013-12-30 01:26 - 2013-12-30 01:27 - 000011248 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI06CF.txt
2015-07-22 20:08 - 2015-07-22 20:08 - 000020280 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0B50.txt
2012-11-22 23:51 - 2012-11-22 23:51 - 000013934 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0C65.txt
2013-08-21 12:38 - 2013-08-21 12:38 - 000074178 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0D79.txt
2013-08-21 12:38 - 2013-08-21 12:38 - 000074226 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0D8D.txt
2013-02-14 17:37 - 2013-02-14 17:37 - 000014126 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI11D7.txt
2014-10-24 18:41 - 2014-10-24 18:41 - 000012566 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI12E4.txt
2013-07-22 02:29 - 2013-07-22 02:29 - 000012894 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI13D5.txt
2013-03-23 10:29 - 2013-03-23 10:29 - 000229102 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI14BC.txt
2012-12-13 16:12 - 2012-12-13 16:12 - 000011450 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI167F.txt
2012-12-13 16:12 - 2012-12-13 16:12 - 000011434 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI1699.txt
2012-06-28 01:02 - 2012-06-28 01:02 - 000022470 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI173F.txt
2013-07-15 08:58 - 2013-07-15 08:58 - 000011170 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI1ACC.txt
2011-01-17 21:30 - 2011-01-17 21:30 - 000011218 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI1D22.txt
2013-06-22 09:12 - 2013-06-22 09:12 - 000054576 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI1FE4.txt
2013-12-03 22:52 - 2013-12-03 22:52 - 000011184 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI2141.txt
2011-07-27 11:52 - 2011-07-27 11:53 - 000011234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI2E77.txt
2013-11-09 22:11 - 2013-11-09 22:11 - 000023526 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI2EBF.txt
2013-03-23 11:05 - 2013-03-23 11:05 - 000229054 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI3067.txt
2011-07-29 11:24 - 2011-07-29 11:24 - 000011234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI34F2.txt
2013-07-16 21:48 - 2013-07-16 21:48 - 000024770 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI35E5.txt
2015-10-30 20:58 - 2015-10-30 20:58 - 000011482 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI36D4.txt
2015-10-30 20:58 - 2015-10-30 20:58 - 000011402 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI36EE.txt
2012-07-18 20:42 - 2012-07-18 20:43 - 000011478 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI397D.txt
2015-04-29 16:27 - 2015-04-29 16:27 - 000011218 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI3EBA.txt
2011-09-16 11:55 - 2011-09-16 11:55 - 000011234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI40FC.txt
2012-11-25 14:20 - 2012-11-25 14:20 - 000061072 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4257.txt
2014-06-27 18:45 - 2014-06-27 18:45 - 000011218 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI440D.txt
2011-11-19 17:28 - 2011-11-19 17:28 - 000011170 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4895.txt
2013-07-16 22:13 - 2013-07-16 22:13 - 000024754 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4976.txt
2015-01-22 22:51 - 2015-01-22 22:51 - 000042926 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4A20.txt
2014-06-22 21:50 - 2014-06-22 21:50 - 000011450 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4AC6.txt
2015-02-16 11:02 - 2015-02-16 11:02 - 000011402 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4CD4.txt
2013-11-28 15:36 - 2013-11-28 15:36 - 000011170 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4D01.txt
2011-04-27 00:11 - 2011-04-27 00:11 - 000014124 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4F2D.txt
2011-10-10 13:17 - 2011-10-10 13:17 - 000011392 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5345.txt
2012-12-22 02:18 - 2012-12-22 02:18 - 000076480 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI56C6.txt
2011-06-24 13:09 - 2011-06-24 13:10 - 000012846 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI56F6.txt
2013-07-20 01:48 - 2013-07-20 01:48 - 000023206 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI57CE.txt
2015-01-01 11:36 - 2015-01-01 11:36 - 000019950 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5C74.txt
2009-11-23 23:55 - 2009-11-23 23:56 - 000011658 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5C90.txt
2011-10-19 12:09 - 2011-10-19 12:09 - 000023058 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5E00.txt
2010-11-24 20:02 - 2010-11-24 20:02 - 000015554 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5E6E.txt
2010-11-24 20:02 - 2010-11-24 20:02 - 000015234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5E7B.txt
2012-12-28 20:08 - 2012-12-28 20:08 - 000035802 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5EAF.txt
2011-10-19 12:11 - 2011-10-19 12:11 - 000023056 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6007.txt
2012-11-22 14:32 - 2012-11-22 14:32 - 000011250 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI60D2.txt
2015-01-01 11:42 - 2015-01-01 11:42 - 000019940 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6149.txt
2015-01-01 11:42 - 2015-01-01 11:43 - 000021252 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI616A.txt
2011-02-24 19:51 - 2011-02-24 19:51 - 000018194 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6A6D.txt
2016-12-03 13:19 - 2016-12-03 13:19 - 000013862 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6CD9.txt
2013-07-16 23:03 - 2013-07-16 23:03 - 000024738 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6F7A.txt
2012-04-26 15:25 - 2012-04-26 15:25 - 000027910 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI7196.txt
2015-11-27 19:12 - 2015-11-27 19:13 - 000029726 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI71D2.txt
2012-04-26 12:38 - 2012-04-26 12:38 - 000027710 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI71F6.txt
2012-12-21 18:35 - 2012-12-21 18:35 - 000076754 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI746F.txt
2014-12-30 18:22 - 2014-12-30 18:22 - 000014248 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI76C9.txt
2012-11-24 14:27 - 2012-11-24 14:27 - 000015602 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI7946.txt
2012-10-27 12:03 - 2012-10-27 12:03 - 000015922 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI7FA7.txt
2010-02-22 08:29 - 2010-02-23 12:38 - 000008842 ___SH () C:\Users\Hayes 2\AppData\Local\e1wnOl
2009-08-20 21:10 - 2009-08-20 21:10 - 000000095 _____ () C:\Users\Hayes 2\AppData\Local\fusioncache.dat
2010-02-07 00:45 - 2010-02-07 00:45 - 000000036 _____ () C:\Users\Hayes 2\AppData\Local\housecall.guid.cache
2009-06-13 09:04 - 2009-06-13 09:30 - 000113116 _____ () C:\Users\Hayes 2\AppData\Local\installer.log
2012-10-04 17:28 - 2012-10-04 17:28 - 001145382 _____ () C:\Users\Hayes 2\AppData\Local\Tempmusic.ogg
2009-12-22 19:23 - 2015-02-16 11:02 - 000820556 _____ () C:\Users\Hayes 2\AppData\Local\uxeventlog.txt
2014-05-26 10:20 - 2014-05-26 10:20 - 000045310 _____ () C:\ProgramData\1401117604.bdinstall.bin
2014-05-26 10:21 - 2014-05-26 10:21 - 000002061 _____ () C:\ProgramData\1401117673.3724.bin
2014-05-26 10:21 - 2014-05-26 10:21 - 000041598 _____ () C:\ProgramData\1401117673.4676.bin
2014-05-26 10:34 - 2014-05-26 10:34 - 000202495 _____ () C:\ProgramData\1401118297.bdinstall.bin
2014-11-08 13:04 - 2014-11-08 13:04 - 000037602 _____ () C:\ProgramData\1415469871.bdinstall.bin
2014-11-08 13:06 - 2014-11-08 13:06 - 000095585 _____ () C:\ProgramData\1415469873.bdinstall.bin
2016-10-01 22:06 - 2016-10-01 22:06 - 000202696 _____ () C:\ProgramData\1475377497.bdinstall.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000037602 _____ () C:\ProgramData\1508287714.bdinstall.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000044477 _____ () C:\ProgramData\1508287719.1908.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000003945 _____ () C:\ProgramData\1508287719.1972.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000004488 _____ () C:\ProgramData\1508287719.1976.bin
2017-10-17 19:48 - 2017-10-17 19:48 - 000038421 _____ () C:\ProgramData\1508287719.2036.bin
2009-11-12 21:39 - 2013-07-22 16:29 - 000000088 __RSH () C:\ProgramData\CCBA285129.sys
2014-09-16 12:51 - 2014-09-16 12:53 - 000000320 _____ () C:\ProgramData\high.txt
2009-11-12 17:11 - 2013-07-22 16:30 - 000003350 ___SH () C:\ProgramData\KGyGaAvL.sys
2009-09-25 17:48 - 2009-09-25 17:48 - 000005184 _____ () C:\ProgramData\N360BUOptions.ini
2013-01-10 16:24 - 2013-01-10 16:24 - 000033958 _____ () C:\ProgramData\uninstaller.exe

Files to move or delete:
====================
C:\ProgramData\uninstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-17 20:14

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2017
Ran by Hayes 2 (17-10-2017 21:36:37)
Running from C:\Users\Hayes 2\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-04-07 19:28:06)
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1094520485-351602351-698667415-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1094520485-351602351-698667415-1005 - Limited - Enabled)
Guest (S-1-5-21-1094520485-351602351-698667415-501 - Limited - Enabled)
Hayes 2 (S-1-5-21-1094520485-351602351-698667415-1000 - Administrator - Enabled) => C:\Users\Hayes 2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1001 Nights: The Adventures Of Sindbad (HKLM-x32\...\1001 Nights: The Adventures Of Sindbad) (Version:  - Alawar Entertainment Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.102 - NOS Microsystems Ltd.)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Age of Enigma (HKLM-x32\...\{CDCE9215-CFB4-45A2-B4E1-7B95F87B0416}) (Version: 1.00.0000 - Valusoft)
Age of Mahjong (HKLM-x32\...\Age of Mahjong) (Version: 1.0 - Viva Media, LLC)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIM 6 (HKLM-x32\...\AIM_6) (Version:  - )
Aimersoft DRM Media Converter(Build 1.5.3.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
aioprnt (HKLM-x32\...\{59B73DDC-593A-4D02-B9CA-1D8C9F912324}) (Version: 4.00.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{074AED0D-DD1C-432A-B38D-F8733604033F}) (Version: 4.00.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alabama Smith - Escape from Pompeii (HKLM-x32\...\Alabama Smith - Escape from Pompeii) (Version: 1.0 - Viva Media, LLC)
Alabama Smith - Quest of Fate (HKLM-x32\...\Alabama Smith - Quest of Fate) (Version: 1.0 - Viva Media, LLC)
Alexandra Fortune - Mystery of the Lunar Archipelago (HKLM-x32\...\Alexandra Fortune - Mystery of the Lunar Archipelago) (Version: 1.0 - Viva Media, LLC)
Amanda Rose Game of Time (HKLM-x32\...\Amanda Rose Game of Time) (Version: 1.0 - Viva Media, LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5 (HKLM-x32\...\AVerMedia M791 PCIe Combo NTSC/ATSC) (Version: 6.104.64.5 - AVerMedia TECHNOLOGIES, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behind the Reflection (HKLM-x32\...\Behind the Reflection) (Version:  - Alawar Entertainment Inc.)
Bejeweled 2 Deluxe (remove only) (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - )
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout™ Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Cabela's Outdoor Adventures (HKLM-x32\...\{2FB82D0D-D118-41A6-A616-E8DC16358E03}) (Version: 1.00.0000 - Activision)
Cabela's Outdoor Adventures (HKLM-x32\...\{D0B2AA8F-CC52-4298-A48E-A9BA169546B6}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version: 1.7 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6321 - CDBurnerXP)
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\GOGPACKUNDYING_is1) (Version: 2.0.0.5 - GOG.com)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crimson Editor (remove only) (HKLM-x32\...\Crimson Editor) (Version:  - )
Crimson Editor SVN263 (HKLM-x32\...\Crimson Editor SVN263) (Version: SVN263 - Emerald Editor Community)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.5415 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2019 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2115 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2103a - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Derrick (HKLM-x32\...\Derrick) (Version:  - )
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.3 - Dolby)
Dolby Control Center (HKLM\...\{70E8EBD5-78C9-4258-B20A-5098CCA000F0}) (Version: 1.1.0601 - Dolby)
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.1.14961 - doubleTwist Corporation)
Dreamwoods 2 (HKLM-x32\...\Dreamwoods 2) (Version: 1.0 - Viva Media, LLC)
Dungeons & Dragons Online v2600.0045.9717.4070 (HKLM-x32\...\bc8a6440-918f-11dd-ad8b-0800200c9a66_is1) (Version: 2600.0045.9717.4070 - Standing Stone Games, LLC)
Echoes of Sorrow (HKLM-x32\...\Echoes of Sorrow) (Version: 1.0 - Alawar Entertainment Inc.)
Echoes of Sorrow 2 (HKLM-x32\...\Echoes of Sorrow 2) (Version: 1.0 - Viva Media, LLC)
Elementary My Dear Majesty! (HKLM-x32\...\Elementary My Dear Majesty! ) (Version: 1.0 - Alawar Entertainment Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 6.0 - Emsi Software GmbH)
Enchanted Cavern (HKLM-x32\...\Enchanted Cavern) (Version: 1.0 - Alawar Entertainment Inc.)
Enchanted Cavern 2 (HKLM-x32\...\Enchanted Cavern 2 ) (Version: 1.0 - Alawar Entertainment Inc.)
Epic Escapes Dark Seas (HKLM-x32\...\Epic Escapes Dark Seas) (Version: 1.0 - Viva Media, LLC)
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Fable - The Lost Chapters (HKLM-x32\...\{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
Fallout (HKLM-x32\...\Fallout) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FileZilla Client 3.25.1 (HKLM-x32\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
Finding Doggy (HKLM-x32\...\Finding Doggy) (Version: 1.0 - Alawar Entertainment Inc.)
Fishing Craze (HKLM-x32\...\WTA-05ee1757-16ac-4048-96d2-0495778f15e4) (Version: 2.2.0.97 - WildTangent) Hidden
FrostWire 5.5.1 (HKLM-x32\...\FrostWire 5) (Version: 5.5.1.0 - FrostWire Team)
Frozen Kingdom (HKLM-x32\...\Frozen Kingdom ) (Version: 1.0 - Alawar Entertainment Inc.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Gateway Incorporated)
getPlus® Download Manager for Corel (HKLM-x32\...\{459E93B6-150E-45d5-8D4B-45C66FC035FE}) (Version: 1.5.0.56 - NOS Microsystems Ltd.)
Glary Utilities 5.77 (HKLM-x32\...\Glary Utilities 5) (Version: 5.77.0.98 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
Gourmania (HKLM-x32\...\Gourmania) (Version:  - Alawar Entertainment Inc.)
Gourmania 2 Kitchen Confidential (HKLM-x32\...\Gourmania 2 Kitchen Confidential) (Version: 1.0 - Viva Media, LLC)
Gourmania 3: Zoo Zoom (HKLM-x32\...\Gourmania 3: Zoo Zoom) (Version: 1.0 - Alawar Entertainment Inc.)
Governor of Poker (HKLM-x32\...\{6972FD5E-01D0-4742-8EB0-A0D351CF28FF}) (Version: 1.0.0 - Youdagames)
Governor of Poker 2 SE (HKLM-x32\...\{394CD66F-A978-4F75-BFFB-1F0A0CAA8AE5}) (Version: 1.0.0 - Youdagames)
Grace's Quest: To Catch An Art Thief (HKLM-x32\...\Grace's Quest: To Catch An Art Thief) (Version:  - Alawar Entertainment Inc.)
Hamlet (HKLM-x32\...\Hamlet) (Version:  - Alawar Entertainment Inc.)
Haunted Domains (HKLM-x32\...\Haunted Domains) (Version: 1.0 - Alawar Entertainment Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes Of Hellas (HKLM-x32\...\Heroes Of Hellas) (Version:  - Alawar Entertainment Inc.)
Heroes of Hellas 2: Olympia (HKLM-x32\...\Heroes of Hellas 2: Olympia) (Version:  - Alawar Entertainment Inc.)
Hidden World (HKLM-x32\...\Hidden World) (Version: 1.0 - Alawar Entertainment Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Holly 2 - Magic Land (HKLM-x32\...\Holly 2 - Magic Land) (Version:  - Alawar Entertainment Inc.)
Holly. A Christmas Tale Deluxe (HKLM-x32\...\Holly. A Christmas Tale Deluxe) (Version: 1.0 - Alawar Entertainment Inc.)
Hunting Unlimited 2010 (HKLM-x32\...\WTA-d0fdda43-d4d3-474d-b373-59ddfe15c247) (Version: 2.2.0.95 - WildTangent) Hidden
Hunting Unlimited 2011 (HKLM-x32\...\WTA-d2d44924-fec9-43d8-8514-2432fffea385) (Version: 2.2.0.95 - WildTangent) Hidden
IL-2 Sturmovik 1946 (HKLM-x32\...\{79438F1E-DEC3-443D-9DCD-FECE2D68C605}) (Version: 1.00.0000 - Ubisoft) Hidden
IL-2 Sturmovik 1946 (HKLM-x32\...\InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}) (Version: 1.00.0000 - Ubisoft)
Impulse (HKLM-x32\...\{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}) (Version: 1.0 - Stardock Corporation) Hidden
Impulse (HKLM-x32\...\Impulse) (Version: 1.0 - Stardock)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Joan Jade and the Gates of Xibalba (HKLM-x32\...\Joan Jade and the Gates of Xibalba) (Version:  - Alawar Entertainment Inc.)
Journey of Hope (HKLM-x32\...\Journey of Hope) (Version:  - Alawar Entertainment Inc.)
Juniper Networks Network Connect 7.3.0 (HKLM-x32\...\Juniper Network Connect 7.3.0) (Version: 7.3.0.23377 - Juniper Networks)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
kgcbaby (HKLM-x32\...\{E18B549C-5D15-45DA-8D8F-8FD2BD946344}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (HKLM-x32\...\{11F3F858-4131-4FFA-A560-3FE282933B6E}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (HKLM-x32\...\{03EDED24-8375-407D-A721-4643D9768BE1}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (HKLM-x32\...\{9BD54685-1496-46A5-AB62-357CD140ED8B}) (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (HKLM-x32\...\{693C08A7-9E76-43FF-B11E-9A58175474C4}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (HKLM-x32\...\{A1588373-1D86-4D44-86C9-78ABD190F9CC}) (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (HKLM-x32\...\{8A8664E1-84C8-4936-891C-BC1F07797549}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
KhalInstallWrapper (HKLM\...\{F3F18612-7B5D-4C05-86C9-AB50F6F71727}) (Version: 4.60.122 - Logitech) Hidden
Kidnapped in the City (HKLM-x32\...\Kidnapped in the City) (Version: 1.0 - Viva Media, LLC)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\{95C5F81D-0779-4932-BE83-32AAF814F4B9}) (Version: 1.0020 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Legends of Eternity (HKLM-x32\...\{AD1D5DEA-63C8-4AA6-B29A-12B4D413F9B2}) (Version: 1.0.0 - On Hand Software)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.)
Loki ActiveX Control (HKLM-x32\...\Loki ActiveX Control) (Version: 3.1.0.05 - SkyhookWireless)
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Magic Encyclopedia - Moon Light (HKLM-x32\...\Magic Encyclopedia - Moon Light) (Version:  - Alawar Entertainment Inc.)
Magic Encyclopedia 3: Illusions (HKLM-x32\...\Magic Encyclopedia 3: Illusions) (Version:  - Alawar Entertainment Inc.)
Magic Encyclopedia. First Story (HKLM-x32\...\Magic Encyclopedia. First Story) (Version:  - Alawar Entertainment Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Meridian 59 (HKLM-x32\...\Meridian 59) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minds Eye - Secrets of the Forgotten (HKLM-x32\...\Minds Eye - Secrets of the Forgotten) (Version: 1.0 - Viva Media, LLC)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Monopoly (HKLM-x32\...\{6517CFDF-B7A4-77B6-2371-C76608D3C976}) (Version: 3.4.7.22 - Yahoo) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}) (Version: 13.02.1402 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.0.0 (HKLM\...\{C5A22A98-AC82-4404-BFB0-1E9F654EB176}) (Version: 6.0.0 - Motorola Inc.) Hidden
Mozilla Firefox 52.1.1 ESR (x86 en-US) (HKLM-x32\...\Mozilla Firefox 52.1.1 ESR (x86 en-US)) (Version: 52.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 52.1.1.6333 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mysteries of Ancient Inventors - Atlantis (HKLM-x32\...\Mysteries of Ancient Inventors - Atlantis) (Version: 1.0 - Viva Media, LLC)
Mysteries of Horus (HKLM-x32\...\Mysteries of Horus) (Version: 1.0 - Viva Media, LLC)
Mystery 101 (HKLM-x32\...\Mystery 101) (Version: 2.00.14.01.27 - Selectsoft Publishing)
Mystery Cookbook (HKLM-x32\...\Mystery Cookbook) (Version:  - Alawar Entertainment Inc.)
Mystery Cruise (HKLM-x32\...\Mystery Cruise) (Version:  - Alawar Entertainment Inc.)
Natalie Brooks - Mystery at Hillcrest High (HKLM-x32\...\Natalie Brooks - Mystery at Hillcrest High) (Version:  - Alawar Entertainment Inc.)
Natalie Brooks - Secrets of Treasure House (HKLM-x32\...\Natalie Brooks - Secrets of Treasure House) (Version:  - Alawar Entertainment Inc.)
Natalie Brooks - The Treasures of the Lost Kingdom (HKLM-x32\...\Natalie Brooks - The Treasures of the Lost Kingdom ) (Version: 1.0 - Alawar Entertainment Inc.)
National Geographic Plan It Green (HKLM-x32\...\{A20A8B9F-12CD-4E5A-8CB1-65964C1937DB}) (Version: 1.0.0 - Masque Publishing)
netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
nProtect Security Platform (HKLM-x32\...\{660906E9-B965-4678-88D6-B6AE237FE41D}) (Version: 3.00.0000 - INCAInternet) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version:  - )
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
OLYMPUS CAMEDIA Master 2.0 (HKLM-x32\...\OLYMPUS CAMEDIA Master 2.0) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Pet Show Craze (HKLM-x32\...\Pet Show Craze) (Version:  - Alawar Entertainment Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Pokémon Trading Card Game Online (HKLM-x32\...\{0A1F8721-8B7C-4100-9E9E-30A2CC597996}) (Version: 2.38.0 - The Pokémon Company International)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Port Royale 3 (HKLM-x32\...\{E07A21E5-1C16-41E7-9617-2D38CF3A642C}) (Version: 1.2.1.0 - Gaming Minds Studios GmbH)
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Pulse Secure Setup Client (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PVSonyDll (HKLM\...\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}) (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Quake - The Offering (HKLM-x32\...\1435828198_is1) (Version: 2.0.0.6 - GOG.com)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{EFC1B3CA-9B90-458D-AD7A-A0F2CD6F4A84}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Resonance (HKLM-x32\...\GOGPACKRESONANCE_is1) (Version: 2.0.0.8 - GOG.com)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
RivalGaming (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\RivalGaming) (Version:  - RivalGaming)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roblox Player for Hayes 2 (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio 2013 for Hayes 2 (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Sable Maze: Norwich Caves (HKLM-x32\...\BFG-Sable Maze - Norwich Caves) (Version:  - )
Sable Maze: Sullivan River (HKLM-x32\...\BFG-Sable Maze - Sullivan River) (Version:  - )
Sea Bounty - Dead Man's Chest (HKLM-x32\...\Sea Bounty - Dead Man's Chest) (Version:  - Alawar Entertainment Inc.)
Segoe UI (HKLM-x32\...\{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}) (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Settlement: Colossus (HKLM-x32\...\Settlement: Colossus) (Version:  - Alawar Entertainment Inc.)
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Sky Kingdoms (HKLM-x32\...\Sky Kingdoms) (Version:  - Alawar Entertainment Inc.)
SmartCopy (HKLM-x32\...\{B7BD291B-D415-4484-89A4-82077504BE93}_is1) (Version:  - Northstar Systems Corp.)
SmartLauncher (HKLM-x32\...\{57634571-FD82-4BEC-B822-A1ED7765474F}_is1) (Version:  - Northstar Systems Corp.)
Soul Journey (HKLM-x32\...\Soul Journey) (Version: 1.0 - Alawar Entertainment Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Sprill - The Mystery of The Bermuda Triangle (HKLM-x32\...\Sprill - The Mystery of The Bermuda Triangle) (Version:  - Alawar Entertainment Inc.)
Sprill and Ritchie - Adventures In Time (HKLM-x32\...\Sprill and Ritchie - Adventures In Time) (Version:  - Alawar Entertainment Inc.)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 12.0.0.15 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Summer Resort Mogul 1.0 (HKLM-x32\...\Summer Resort Mogul) (Version: 1.0 - Viva Media, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Checkup 3.3 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.3.2.9 - iolo technologies, LLC)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version:  - )
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
The Curse Of Montezuma (HKLM-x32\...\The Curse Of Montezuma) (Version:  - Alawar Entertainment Inc.)
The Enchanting Islands (HKLM-x32\...\The Enchanting Islands) (Version:  - Alawar Entertainment Inc.)
The Jolly Gang's Misadventures in Africa (HKLM-x32\...\The Jolly Gang's Misadventures in Africa) (Version: 1.0 - Alawar Entertainment Inc.)
The Lost Cases of Sherlock Holmes (HKLM-x32\...\The Lost Cases of Sherlock Holmes) (Version:  - )
The Saboteur (HKLM-x32\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Treasures Of Montezuma (HKLM-x32\...\The Treasures Of Montezuma) (Version:  - Alawar Entertainment Inc.)
The Treasures Of Montezuma 2 (HKLM-x32\...\The Treasures Of Montezuma 2) (Version:  - Alawar Entertainment Inc.)
The Treasures Of Mystery Island (HKLM-x32\...\The Treasures Of Mystery Island) (Version:  - Alawar Entertainment Inc.)
The Trouble With Robots (HKLM-x32\...\The Trouble With Robots) (Version: 1.0 - Viva Media, LLC)
The Ultimate DOOM (HKLM-x32\...\1435827232_is1) (Version: 2.0.0.3 - GOG.com)
Towers of Oz (HKLM-x32\...\Towers of Oz) (Version: 1.0 - Viva Media, LLC)
Treasure Masters, Inc. (HKLM-x32\...\Treasure Masters, Inc.) (Version:  - Alawar Entertainment Inc.)
Treasures of Mystery Island 2 Gates of Fate (HKLM-x32\...\Treasures of Mystery Island 2 Gates of Fate) (Version: 1.0 - Viva Media, LLC)
Typing Instructor Deluxe 17 (HKLM-x32\...\{849F666B-0C95-49AC-8E9B-90DDE2127D74}) (Version: 2.0 - Individual Software Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE3Redist (HKLM-x32\...\{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games) Hidden
UE3Redist (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
Ultima (HKLM-x32\...\1207662593_is1) (Version: 2.1.0.8 - GOG.com)
Undercover PI (HKLM-x32\...\Undercover PI) (Version:  - Alawar Entertainment Inc.)
Unity Web Player (HKLM-x32\...\UnityWebPlayer) (Version: 2.5.4b5_38 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vampire Mansion (HKLM-x32\...\Vampire Mansion) (Version: 1.0 - Viva Media, LLC)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Video Converter (HKLM-x32\...\Video Converter) (Version: 1 - SweetPacks) Hidden <==== ATTENTION
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Village Mage Spellbinder (HKLM-x32\...\Village Mage Spellbinder) (Version: 1.0 - Viva Media, LLC)
Visual Basic 5.0 (HKLM-x32\...\ST5UNST #1) (Version:  - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Warcraft III) (Version:  - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway) (Version: 4.0.10.5 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wise Care 365 4.64 (HKLM-x32\...\Wise Care 365_is1) (Version: 4.64 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.87 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.87 - WiseCleaner.com, Inc.)
Witch Hunters: Stolen Beauty (HKLM-x32\...\BFG-Witch Hunters - Stolen Beauty) (Version:  - )
WordPerfect Lightning - EN (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE2100}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - IPM (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE2020}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE2010}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (HKLM-x32\...\{F6EE49FD-B736-4888-A05A-115F3B1160FA}) (Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE2000}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Office X4 - Common (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Content (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - EN (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Filters (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Graphics (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - ICA (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM T EN (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529046}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - MAIL (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}) (Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - Migration Manager (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - PerfectExperts (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - PR (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - QP (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Skins (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - System (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - WP (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 (HKLM-x32\...\_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}) (Version:  - Corel Corporation)
WordPerfect Office X4 (HKLM-x32\...\{000AB2ED-5741-4C30-A1A4-0FCB8A529000}) (Version: 14.2 - Corel Corporation) Hidden
WORLD of JOYSTICKS Emulator Extreme Edition (HKLM-x32\...\{845D7EFF-9CC8-41F1-A055-D2CBD041F47C}) (Version: 1.6.3 - Timur Terekhov)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Youda Fairy (HKLM-x32\...\{566124BE-D9C3-47F5-89C2-186AFE183A85}) (Version: 1.0.0 - Youdagames)
Youda Farmer (HKLM-x32\...\{CA256FA1-4CF9-492C-98A6-6E451F83AEC3}) (Version: 1.0.0 - Youdagames)
Youda Farmer 2 - Save the village (HKLM-x32\...\{0767C3F2-6BB7-41BC-82FB-5E59AA0A6B37}) (Version: 1.0.0 - Youdagames)
Youda Legend The Curse of the Amsterdam Diamond (HKLM-x32\...\{43F1F130-66ED-4D50-8475-393312149C5D}) (Version: 1.0.0 - Youdagames)
Youda Legend The Golden Bird of Paradise (HKLM-x32\...\{463BAA5A-E934-4D21-90D8-862D72A8E5F9}) (Version: 1.0.0 - Youdagames)
Youda Marina (HKLM-x32\...\{5411B815-2958-4F4F-B985-AFF0C38A15B2}) (Version: 1.0.0 - Youdagames)
Youda Safari (HKLM-x32\...\{03E148A0-D333-4E49-9F39-EE19900E0642}) (Version: 1.0.0 - Youdagames)
Youda Survivor (HKLM-x32\...\{7CCA1187-B1A5-44F1-BB26-2DAD6B6061C2}) (Version: 1.0.0 - Youdagames)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers1: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2016-03-02] (Bitdefender)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
ContextMenuHandlers2-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files (x86)\Emsisoft Anti-Malware\a2contmenu.dll [2015-03-20] (Emsisoft GmbH)
ContextMenuHandlers2-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files (x86)\Emsisoft Anti-Malware\a2contmenu64.dll [2015-03-20] (Emsisoft GmbH)
ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers2-x32-x32: [QuickFinderMenu] -> {fa5934ef-b87c-4e63-b33c-30d066cac810} => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\PFSE140.DLL [2009-06-22] (Corel Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ContextMenuHandlers3-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files (x86)\Emsisoft Anti-Malware\a2contmenu.dll [2015-03-20] (Emsisoft GmbH)
ContextMenuHandlers3-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files (x86)\Emsisoft Anti-Malware\a2contmenu64.dll [2015-03-20] (Emsisoft GmbH)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {fa5934ef-b87c-4e63-b33c-30d066cac810} => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\PFSE140.DLL [2009-06-22] (Corel Corporation)
ContextMenuHandlers4-x32: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-01-22] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\Program Files (x86)\Emsisoft Anti-Malware\a2contmenu.dll [2015-03-20] (Emsisoft GmbH)
ContextMenuHandlers6-x32: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\Program Files (x86)\Emsisoft Anti-Malware\a2contmenu64.dll [2015-03-20] (Emsisoft GmbH)
ContextMenuHandlers6-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-10-17] (AVAST Software)
ContextMenuHandlers6-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers6-x32: [Gonzales] -> {A50F8401-953F-4C11-8B77-1278C6C7C3F4} => C:\Program Files\Bitdefender\Antivirus Free Edition\GzShellIntegration.dll [2016-03-02] (Bitdefender)
ContextMenuHandlers6-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6-x32: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4F80DEFD-9D40-4818-8A95-07CB3AB4B35A} - \StormFall W2 -> No File <==== ATTENTION
Task: {520E53B0-E31A-4925-9D49-AA065419B9A7} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {75A5A8EE-3536-40D3-9EC1-CC899A2D9762} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7771D528-CF1C-4266-A422-9A905914B4DB} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {85495B00-F837-48AC-AD86-5CC11129FB5A} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {97DCF4CE-02C4-4793-8AE3-287729078C12} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-22] (Adobe Systems Incorporated)
Task: {A0CD9CC2-2C2F-4D08-9BD1-F1429B75E9C0} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {A4C2E3C8-4351-4411-B0B7-1381A99EE5A6} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {B8005F37-64D6-49CB-B81D-63413A9734DE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-06-04] (Glarysoft Ltd)
Task: {B979B860-A2A3-4121-8223-7C6B1E277EA7} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {BDAC6DAA-9E45-4904-BFFE-5D34C5A5B1A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {C36E3838-A250-47FF-8135-1E7CE3AF8A46} - \StormFall TW2 -> No File <==== ATTENTION
Task: {CB2AECD0-3EA4-4C34-83AA-658ECE2D21C0} - System32\Tasks\{AE739225-3A1A-4EE9-B9FE-A37AF684E8C5} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=wow_enus --displayname="World of Warcraft"
Task: {CF9186A2-B942-4279-A284-CD08CE7A5072} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D07003D1-EF00-4670-B7FC-33DB43736D87} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-06-04] (Glarysoft Ltd)
Task: {F724D2C7-9320-43E8-B4C0-4624A8384F10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {F7CB2C4B-2A30-40DC-9350-9DBDE088EB6E} - System32\Tasks\Microsoft\Windows\RestartManager\{64CE0BC8-106E-484a-8EF6-01340BDC1C43} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {FB1EF333-43DA-4F18-A89D-68396503C936} - \StormFall TW1 -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Hayes 2\Desktop\Jessica - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Hayes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall\GetPose.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://plarium.com/play/en/stormfall/dragon04?adCampaign=23634&clickID=tDtD0F0F0DtDtDtCtC0EtD0CtCyC0BtD&publisherID=1_0_7_9_15_16_42_46_57_58 --app-window-size=1920,1080

==================== Loaded Modules (Whitelisted) ==============

2017-03-20 10:44 - 2017-03-20 10:44 - 000052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU [0]
AlternateDataStreams: C:\ProgramData\Temp:0B174FAE [141]
AlternateDataStreams: C:\ProgramData\Temp:1322DDBD [358]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [238]
AlternateDataStreams: C:\ProgramData\Temp:59540531 [228]
AlternateDataStreams: C:\ProgramData\Temp:A13B696A [328]
AlternateDataStreams: C:\ProgramData\Temp:D24294C1 [147]
AlternateDataStreams: C:\ProgramData\Temp:D346F792 [294]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\AdobeAIRInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\adobe_flash_setup_2132936387.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Adobe_Shockwave_Player_v12.2.9.199.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Battle.net-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\ccsetup530(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\ccsetup530.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\ccsetup531.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\CyberLink_LabelPrint_v2.5.0.6603(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\CyberLink_LabelPrint_v2.5.0.6603.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\FileZilla_Client_(64bit)_v3.25.2(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\FileZilla_Client_(64bit)_v3.25.2.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\FileZilla_Client_(64bit)_v3.26.2.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\flashplayer25_ga_install.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Glary_Utilities_v5.75.0.96.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Glary_Utilities_v5.76.0.97.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Glary_Utilities_v5.77.0.98.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\install_flash_player.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\setup_quake_the_offering_2.0.0.6.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\setup_the_ultimate_doom_2.0.0.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\WiseCare365(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\WiseCare365.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

IE trusted site: HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2010-03-01 00:42 - 000000875 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1094520485-351602351-698667415-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hayes 2\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Users^Hayes 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk => C:\Windows\pss\FrostWire On Startup.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Hayes 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe"
MSCONFIG\startupreg: Advanced SystemCare 5 => "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: Aim6 => "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => c:\program files (x86)\common files\aimersoft\aimersoft helper compact\ashelper.exe
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~2\AVG\AVG9\avgtray.exe
MSCONFIG\startupreg: Clearwire Connection Manager => "C:\Program Files (x86)\Clearwire\Connection Manager\ClearwireCM.exe" -a
MSCONFIG\startupreg: Comrade.exe => C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe
MSCONFIG\startupreg: ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaff
MSCONFIG\startupreg: Conime =>
MSCONFIG\startupreg: DATAMNGR => C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: Easy Dock => c:\users\hayes 2\desktop\documents\rca easyrip\ezdock.exe
MSCONFIG\startupreg: GameTracker => C:\Program Files (x86)\GameTracker\GTLite.exe
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
MSCONFIG\startupreg: HarmonyUserStartup => C:\Program Files\CSR\CSR Harmony Wireless Software Stack\HarmonyUserStartup.exe
MSCONFIG\startupreg: igndlm.exe => C:\Program Files (x86)\Download Manager\dlm.exe /windowsstart /startifwork
MSCONFIG\startupreg: Iminent => "C:\Program Files (x86)\Iminent\Iminent.exe" /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: IminentMessenger => "C:\Program Files (x86)\Iminent\Iminent.Messengers.exe" 7F87E5-A6BD-4922-A530-EDF63D7E9F8C"
MSCONFIG\startupreg: InnoSetupRegFile.0000000001 => "C:\Windows\is-11LI5.exe" /REG
MSCONFIG\startupreg: iTunesHelper => c:\program files\i - tunes\ituneshelper.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer =>
MSCONFIG\startupreg: Malwarebytes Anti-Malware (cleanup) => "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NVRaidService => c:\windows\system32\nvraidservice.exe
MSCONFIG\startupreg: QuickFinder Scheduler => "c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Retrogamer_2z Browser Plugin Loader => C:\PROGRA~2\RETROG~2\bar\1.bin\2zbrmon.exe
MSCONFIG\startupreg: SearchProtect => C:\Users\Hayes 2\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
MSCONFIG\startupreg: Shockwave Updater => C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6; FBSMTWB; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET4.0C)" -"http://www.shockwave...-grand-prix.jsp"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: WebCake Desktop => "C:\Users\Hayes 2\AppData\Roaming\Web Cake\WebCakeDesktop.exe"
MSCONFIG\startupreg: Windows Defender => %programFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{1B42F944-37D0-4489-BD8D-B48BEA9B315D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4104AA77-862A-4930-8044-BB2521DFCFFE}] => (Allow) svchost.exe
FirewallRules: [{FC53E6EB-19E6-4867-BA34-8B33A3833C39}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{99162B7A-5D42-4799-8233-91CAEE626A92}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{66A12E47-3514-403C-A65C-1BB2D135FF7B}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{B650E539-3537-42AC-A402-21D053F475BD}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{74FFCFD9-EC65-4B56-94D9-BD3C0D9A54CF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{1052E6DF-75AA-4416-8119-5DC57ABBAA39}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A95450C9-E679-4AA6-8ABF-7DA251CF65BB}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{D0E004CE-FB8D-43A6-9467-C9FF53AEAF11}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{D81C2374-BE25-44B5-BE96-0946F61CC686}] => (Allow) LPort=9322
FirewallRules: [{FA01B357-F9F3-4D6A-8CBD-A3F82DEC6DD6}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{3C6DDB8B-B4E1-4CBE-8905-AB77D351E93C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{C64B0F47-164D-4F98-9457-652D2DDC17A5}] => (Allow) LPort=9323
FirewallRules: [{6ADF4F9A-90F7-400E-8F02-A82F911913F0}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0BA554CD-5F08-4D3D-ACC7-FB0B9635E7C1}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{032E82AC-904E-4899-A8EE-907D5AF8E000}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{3DC0E6EF-4B94-4023-8163-21B266F6AB85}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{7DCC8559-42C6-4756-A3B9-BE22AD7BE29A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{ABD3C284-F702-4DA9-A0BF-3316DD274BDA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{066BE634-79D8-4B37-AEB2-FE4CF5A3288A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{4D14173E-9F08-4890-90A7-3330B7A4BFB4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [TCP Query User{B0F2AA06-BA56-4D13-AFD2-B6710F3521CD}C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe
FirewallRules: [UDP Query User{4722280E-F4DF-4C94-9026-A6342638B098}C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe
FirewallRules: [TCP Query User{8B2383D8-C0D3-42A8-88C7-EC832465C0FC}C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe
FirewallRules: [UDP Query User{78158DF1-AB3B-47A2-9A87-2BEB79D642B9}C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe
FirewallRules: [{9D5EA4A9-DA68-4776-9A64-1F6DC10ADDF8}] => (Allow) LPort=8377
FirewallRules: [{8FB8750D-2FC6-46CE-B97E-A0E3F860FD45}] => (Allow) LPort=8377
FirewallRules: [{2D7CE884-9567-43CA-A113-CD53C66F238F}] => (Allow) LPort=8378
FirewallRules: [{801577DC-A693-45FA-A0D6-DA4BA96EA66E}] => (Allow) LPort=8378
FirewallRules: [TCP Query User{F4ACB6B1-55DD-4A0C-A6CA-ECC10AC3C461}C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe
FirewallRules: [UDP Query User{975C9C3A-EC20-46F8-BF78-3CEB0A99289C}C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe
FirewallRules: [{23C2F604-817C-4E38-9952-A72D3B4103CA}] => (Allow) LPort=9323
FirewallRules: [{E8B98290-C9BC-4C10-8B4E-B46D9061AB5C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4744DC9C-B265-401D-BE30-7AE78E81DFBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C7005ABF-24D2-4AF3-A634-07E0F472E000}] => (Allow) LPort=80
FirewallRules: [{FC70F993-9CAC-4D02-BF0C-945158472739}] => (Allow) LPort=80
FirewallRules: [{AD238692-69D7-4DE3-A0AF-855B826ADC27}] => (Allow) LPort=80
FirewallRules: [{2527064D-885C-4AC9-AF9B-444CD5646C3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9AA109B0-3E43-4971-B39B-4F376F2F6727}] => (Allow) LPort=2869
FirewallRules: [{9E68AFB1-8C6E-4072-9CA2-9DB1D3F723AE}] => (Allow) LPort=1900
FirewallRules: [{8A875709-62EF-46D2-986A-DC476199D843}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D5154013-3725-48BC-B4F6-26CF58120872}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{766D03CC-D352-484C-BFF4-89DDD7DEBE21}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6AE862AD-C6E3-43AD-8657-2052F169E09F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5CEC2842-775E-430A-B219-443BEB2895D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A686AA5D-675C-46EF-825F-D7F115981349}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EB2274A3-E768-4670-9490-F52B63368946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\half-life source\hl2.exe
FirewallRules: [{E3369916-1E2E-4147-8ACF-ED7EE6995729}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\half-life source\hl2.exe
FirewallRules: [{6800AA4E-EA38-40BE-A592-14D5661CF25B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{2EC208A4-2A82-4DE7-8289-0BB55679C534}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{A6EDAD51-8ADD-475F-80B6-448D62ECCF33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{F5B5539F-EEF3-4AB7-9EF6-140249A76228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{6D4C3D96-B43B-4B0D-AD4F-731BDCDE9592}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\opposing force\hl.exe
FirewallRules: [{5791C69C-A202-49F5-96A9-8BF00AD621AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\opposing force\hl.exe
FirewallRules: [{47C218C1-B2E2-4ACE-AA5B-1168EEF28D84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\counterstrike source beta\hl2.exe
FirewallRules: [{1B74D38E-5DE1-4E02-9A1B-D848E8F19EFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\counterstrike source beta\hl2.exe
FirewallRules: [TCP Query User{C5305C1B-4358-4798-802B-492930B3B11C}C:\users\hayes 2\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hayes 2\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{8F998088-C863-4DDE-A115-96931A1A6019}C:\users\hayes 2\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hayes 2\appdata\local\akamai\netsession_win.exe
FirewallRules: [{58520047-41B6-4FA4-A736-7B11632549BC}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{4F836038-BB2A-4FF4-9758-6416BE57F6BD}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{76D0BEC9-3D67-40A6-8D8B-FF30424B7F61}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{C3206D20-7A1D-42A6-8C69-1CB3C02747BF}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{A078D584-7A31-40A2-8D35-F8AD9D520E7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\ricochet\hl.exe
FirewallRules: [{78E80CFB-DBAE-4702-B45B-950A7F2AF39F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\ricochet\hl.exe
FirewallRules: [{CA4329FD-D520-4BE4-B5C3-6A33B6F2D1BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\condition zero\hl.exe
FirewallRules: [{9DE809C5-17EE-49E4-8F26-F732D613201E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\condition zero\hl.exe
FirewallRules: [TCP Query User{0709318B-933A-4CD0-9584-34CDA19DFBF3}C:\users\hayes 2\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hayes 2\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6480875C-19E6-4396-BBEE-FA8B1226EA9B}C:\users\hayes 2\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hayes 2\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2E30B959-9C3E-4284-8AE7-113F5352A78E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{FE5B969E-7788-4F54-AE8B-A2CC9CDD9BBE}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{27C54891-8A10-44BC-9D82-CF6814F8146B}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{921D06CD-4961-41FB-8597-6927C1EB535D}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{05BB095F-CB37-4645-BB7F-9896658C452A}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{BE52FC83-9802-465E-99D0-CD974359DADD}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{389A9988-1748-4589-8005-BC9833D49959}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{EE814E0C-0992-4D02-9B73-3EAA261F398F}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{A76850AD-B602-42B4-B694-4DD8F276E926}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{AA1E2F4F-BBB7-401D-93C2-5B131BE52B76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F53F1E32-BD6E-43F7-B66F-528A7EA6DA15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2467523-3418-44EA-B9F5-928958BF9526}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D7B027F-E312-4AFE-830B-AF0435B12945}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9729E7E7-0A3C-4E90-B326-83AA4AE5487F}] => (Allow) C:\Program Files\I - Tunes\iTunes.exe
FirewallRules: [TCP Query User{B6E69A96-7DD8-4022-9824-438E942E6744}C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe
FirewallRules: [UDP Query User{9FC5932C-B0DF-4218-BF5D-CDDC80700288}C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe
FirewallRules: [TCP Query User{7AE1B071-5245-45D0-88FD-909154F5ECD5}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{B05E281A-8414-4F6A-9911-BB2A2772A7F1}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{1892A1FD-BED4-4A34-9DD6-D7E0B69D5322}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{95D4860D-4742-4637-80F4-A74C691AD117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{FC038489-3C75-4BB1-8AE9-CF54079C9C08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{A2AC9C18-160F-48EE-AAB1-AEBF9F85306E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{96B95969-0269-44F5-967C-BC8C294F5FCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword 2\BrokenSword2.exe
FirewallRules: [{FCBE6C23-FDF7-4B53-91C3-41A426820CE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword 2\BrokenSword2.exe
FirewallRules: [{3659BCA1-B28E-44FA-93F6-698C2D0B3EF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword 3\BSTSD.exe
FirewallRules: [{FA7A8206-37E1-402D-A205-3BFA1EFA76F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword 3\BSTSD.exe
FirewallRules: [{2BACD5C3-F7C9-493E-9D9E-83D2E6AAA548}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\half-life source\hl2.exe
FirewallRules: [{C52255A2-14E1-4450-8F76-7FBCB77D6BF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\half-life source\hl2.exe
FirewallRules: [{3DD39A93-9A84-4CED-AAFA-04901CAD7485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{84DDF972-5A85-4D62-931B-0F5C6B247D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{193B7AE0-8786-49E1-B860-1460CD783ED7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{5281EDD1-9E7B-4B48-819F-913BDC7EC33A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{E30967D7-0346-4504-9981-5695E4B031CA}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{45748957-D739-4D4F-A098-7E8119432556}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{AB231274-F53D-4450-83E9-445D5C09FA7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{84860E9C-A4A9-473A-9250-F66BE944585B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{4853FC25-480F-4650-B34B-F9BEC46E73C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7AE8BA4C-04E2-43A3-9D00-1C91E650C4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{100EDDBE-8D0C-4D9A-A261-F32CA4F61E14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{362DBFD4-8CD0-4116-BA7E-75F6F9C5793F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E0E722E7-DA47-415E-B4B3-8D4B22A332EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B5232E3D-1956-4619-8DAA-5EFFB251F36C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{08317177-96F7-4823-B3CE-99516B495F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{621CF600-0299-4DB8-B622-158A35F0DA08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7E02173B-8D67-4894-8409-51D5DEF16188}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Secret of the Magic Crystal\Secret of the Magic Crystal.exe
FirewallRules: [{C0E1A9D5-6FA9-428D-B026-70C00C2E9E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Secret of the Magic Crystal\Secret of the Magic Crystal.exe
FirewallRules: [{9D504DA1-C509-45FD-9D52-A0EE94539510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{50E33A09-6640-4282-A02B-8BCB23C7ACC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A4EF7B37-F963-419E-B1DF-E3FF41E58710}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A0BB338D-905D-4300-A765-DAB18538E87A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6C7F180F-71D7-4761-A5EF-4F65C5BD6EFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{BDEE52F5-1B07-4590-A87C-ED03468B9498}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{36225618-0AF3-4EE6-BA35-F03DA1D7D030}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{4DC735C5-2C32-4E02-B996-51F4FBB9E61A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{1F1B9AA0-5711-4C90-A995-F749B93542B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC00C7EB-829C-45A0-B63A-B736461DE947}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F78ABA53-D904-4B54-AD98-311807AE633D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadHungryDiner\DHDSteam.exe
FirewallRules: [{176482B6-1B33-4E98-93BC-0CDD60D26C47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadHungryDiner\DHDSteam.exe
FirewallRules: [{63A29328-9D35-42AE-B202-7BB374DFD2D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Floras Fruit Farm\FlorasFruitFarm.exe
FirewallRules: [{03436203-1387-4E04-9AD0-C73C99790AB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Floras Fruit Farm\FlorasFruitFarm.exe
FirewallRules: [{2C31C47B-D33F-4DD1-9F15-1A109BC16EA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{B8100C45-AF8A-41E9-8E4B-F55F2086C196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{46A8B40A-21DC-43EB-A537-E7CA0EBD39EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{AE3F06AA-CD81-435E-B1D3-27FCE115D510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{80D8EDB4-3093-42E5-A9D4-0051322C8CF5}] => (Allow) C:\Program Files (x86)\Kalypso Media\Port Royale 3\PortRoyale3.exe
FirewallRules: [{781F6616-7521-4DAA-83E6-E38FC01EDF3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\counter-strike\hl.exe
FirewallRules: [{3DDA3ECA-BB38-4F73-92DE-9597415ACE25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\counter-strike\hl.exe
FirewallRules: [{D5D73634-BF52-49F3-826E-AC0B98E95A41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{3BEF56E0-201F-4108-BB20-6209B6998878}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{B207C966-D8D8-4554-B079-72E4793853D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{BE5BB13A-4B41-47BF-8165-84565DB0FCEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{711E5ADE-4D6E-4136-BC49-94FE06DBC37C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{6823F67B-5066-4CE2-A7D0-A9BFF0249B43}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F632B2FA-4834-41A5-8879-DB9A1F4E525E}] => (Allow) LPort=9322
FirewallRules: [{4020C7BD-29E8-462F-92BC-1F837983A70F}] => (Allow) LPort=5353
FirewallRules: [{A08DA14E-A081-474C-8B2A-C6365A30972D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{287E98AC-5E76-4E5D-AB0D-E1113583B09A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{99A9DB9C-8E81-4FE6-88C0-E8AF5A56B905}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{4F8B32BD-3EE0-46A5-B6E1-5F15BAA72098}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{6E3B738E-8723-4D6C-942D-3FD6DD871138}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{6D2F3664-3480-410F-9328-0A02D25CC8FF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{ED29654D-801C-4B61-84A6-10428F7CB7BD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{302DD01F-E55F-4BF6-B5B9-DFFF9EE43F2A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{67BAC4B3-C568-4B33-A123-F81415AC2E3F}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{788E652A-09D0-42D1-A818-0D083B697409}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{46D17544-AB41-42B7-93C4-C3FC60467C94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mirror Mysteries\mm.exe
FirewallRules: [{65C62ED6-D9BC-4C52-A939-9B830FE339D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mirror Mysteries\mm.exe
FirewallRules: [{BD54B948-A013-49E0-9954-033FEB4103A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millionaire Manor\THOS3.exe
FirewallRules: [{0F476507-B3D1-4E55-82DC-F7D4A50516B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millionaire Manor\THOS3.exe
FirewallRules: [{78A837CB-968A-4307-93B9-347959A8E54E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empress Of The Deep 2 Song Of The Blue Whale\EmpressoftheDeep2_SongoftheBlueWhale.exe
FirewallRules: [{EDDEA16E-6397-457E-A80F-6F4C0332B352}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empress Of The Deep 2 Song Of The Blue Whale\EmpressoftheDeep2_SongoftheBlueWhale.exe
FirewallRules: [{58527CEB-0C3C-4258-98B1-73C1DC3992B4}] => (Allow) C:\MyGames\steamapps\common\White Haven Mysteries\WhiteHaven.exe
FirewallRules: [{318CAD3F-4FA7-46C6-AB63-AFE88CD55346}] => (Allow) C:\MyGames\steamapps\common\White Haven Mysteries\WhiteHaven.exe
FirewallRules: [{2FBFCB95-DE5E-4CD5-826F-CE3DCB00BE14}] => (Allow) C:\MyGames\steamapps\common\Princess Isabella - Rise of an Heir\PrincessIsabella_TheRiseOfAnHeir.exe
FirewallRules: [{4B8A5B1E-BC37-4CA2-835A-A120952A6854}] => (Allow) C:\MyGames\steamapps\common\Princess Isabella - Rise of an Heir\PrincessIsabella_TheRiseOfAnHeir.exe
FirewallRules: [{A922DB4B-5C53-4C26-83EB-E6F018DC7184}] => (Allow) C:\MyGames\steamapps\common\Haunted Past Realm of Ghosts\HP-RealmofGhosts.exe
FirewallRules: [{CFC23563-C0BD-44CE-B62B-8B382C903968}] => (Allow) C:\MyGames\steamapps\common\Haunted Past Realm of Ghosts\HP-RealmofGhosts.exe
FirewallRules: [{AD52B1A0-3893-414F-92DE-C0C570C9C7F2}] => (Allow) C:\MyGames\steamapps\common\Escape The Museum\Museum.exe
FirewallRules: [{4B669F0E-32E2-4C28-B8AA-8F846BDD3A16}] => (Allow) C:\MyGames\steamapps\common\Escape The Museum\Museum.exe
FirewallRules: [{684ED7F1-F7DA-4CDD-A51E-7224804FF61C}] => (Allow) C:\MyGames\steamapps\common\Crystals of Time\Crystals of Time.exe
FirewallRules: [{35B5DD73-0F5D-4D20-A45F-5367D3A1D05C}] => (Allow) C:\MyGames\steamapps\common\Crystals of Time\Crystals of Time.exe
FirewallRules: [{82A49C39-8E29-4BB9-AEA6-7D3CE1EB56FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Isabella - Return of the Curse\PrincessIsabella_ReturnoftheCurse.exe
FirewallRules: [{3897E809-3CC2-43BD-A819-A2E463954004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Isabella - Return of the Curse\PrincessIsabella_ReturnoftheCurse.exe
FirewallRules: [{D3305A25-A60B-44E8-BCAB-F256FDB9F71A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{38BFCD1E-4266-4A7E-A19C-9A4039AEF352}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{8B0D3F45-F1F7-452A-BB1E-7250A574027A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\ys1plus.exe
FirewallRules: [{8CE063A8-4B74-4D5B-9A3B-09BFA91677D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\ys1plus.exe
FirewallRules: [{6349F9B7-7A22-419E-9132-10BDC01EA1F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\config.exe
FirewallRules: [{5F338F58-75E9-4814-B5EB-EA8AAC3604DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\config.exe
FirewallRules: [TCP Query User{AFA77D48-C0CE-42C4-A633-35BDC072F9A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A8DBABBD-07E1-47A1-98E9-A3336C7A2D6F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{8EE29E0B-FAEA-4539-AF97-AFB48CC32AD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{01F31B74-3025-4BD4-BB00-5722B086AE45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{20632F59-B361-4953-BFAD-C789AA3C0549}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{65C88493-F027-4F61-85D7-BE191C9D16FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8381DB31-1FCA-4F3B-B49D-CA808186D2CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{C87A0C31-361F-49D1-BD7F-EAE96F75011F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{630E01AE-5F83-4829-A5AB-28953E854D6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{C18B10A3-06EF-4EEB-AE44-C5484412D29B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{67C93C41-65B0-4013-8F6D-93542020FA33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7B6172CD-4B51-4827-BB86-92B975980017}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B599409A-068E-4BEE-8298-9C90A9A14E5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\RoA.exe
FirewallRules: [{95D18A4D-E345-4383-9B39-2D7884E57308}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\RoA.exe
FirewallRules: [{5F26F3D1-AA64-4E38-B0DA-BB52E56E1564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{E03439FB-975E-4EF9-9714-15E7F8CB9591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8BC057FB-A5AE-419D-88EE-05705FFD13DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe
FirewallRules: [{67E31BB6-B448-47C6-AF85-D0FAD8A8C67F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe
FirewallRules: [{F88983F6-6787-42AD-8405-4D700509E56A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Happy Hereafter\TheHappyHereafter.exe
FirewallRules: [{2EA90567-FD84-4200-B9A4-D2F873E0ACB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Happy Hereafter\TheHappyHereafter.exe
FirewallRules: [{25D57C0F-6391-442C-842B-BD44E7ACE873}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{76B2C249-BFA1-49CD-9DFD-FA4AC22CEFF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C350D5D7-5550-4FB1-9628-59454BCD8C04}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{642915C1-888C-4494-BBFA-19AC9361E42A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0B467F75-C8E5-447E-A5AD-58D88D4F097F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{868BFA4F-8AF8-4EEE-BCC8-29BFE67B0D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [TCP Query User{92CD1E76-2CBE-49C1-8A65-A57B01DA61CF}C:\program files (x86)\woj emulator extreme edition\wojemulatorextreme.exe] => (Allow) C:\program files (x86)\woj emulator extreme edition\wojemulatorextreme.exe
FirewallRules: [UDP Query User{1CDAFD97-B254-484D-BA66-401188B48B28}C:\program files (x86)\woj emulator extreme edition\wojemulatorextreme.exe] => (Allow) C:\program files (x86)\woj emulator extreme edition\wojemulatorextreme.exe
FirewallRules: [{6CC7448C-1467-4EAF-8A4A-CD8A969CF212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{AA79DFDF-4013-48E6-BBB0-9CD06D38DBF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{DB8703FD-F9B2-457C-8773-F910BAA0818D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robin's Quest\RobinsQuest.exe
FirewallRules: [{809B4EEE-55DE-4B5F-9838-580FDA38FC7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robin's Quest\RobinsQuest.exe
FirewallRules: [{21DC435E-ACB1-401F-9D18-9E74E6D3B9E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{624BF076-1E8F-4E07-B2FC-2A2231D0C9D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{51BC62FB-BC6B-4FAA-BDA0-5F216B6DC561}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A24666F6-E990-42CD-BF98-A314A38226FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5A2A2F06-ECAD-48AC-BA32-B13E20169CE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{D78F7B30-D6CF-4FFD-B5B0-F8CF72CAFC99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{6B9CB950-0BBC-451F-A8A4-2CF12F064569}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{958FF362-0F82-4873-89DD-833974D8A242}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{A7F569D7-9228-43BD-BD4B-4B4C2D374788}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5FCDDB06-0E01-41C8-914A-CFC9398B01CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7C088461-6858-4081-A5B1-CDC0972DDAF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{3ADA1B80-5A99-49A6-9C18-D191F17CFA9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{BF26D34B-4E17-416D-BD94-83311BE800A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sister’s Secrecy\SistersSecrecy_ArcanumBloodlines_Premium.exe
FirewallRules: [{CB82D88C-218B-4B37-AC45-F3C5FD0A2E68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sister’s Secrecy\SistersSecrecy_ArcanumBloodlines_Premium.exe
FirewallRules: [{E5E63362-9C4B-40D9-B86E-1567F2CFAF79}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{BD600C19-B093-4D36-8B57-621C79FA283E}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{6415ADF1-5497-46B1-817A-5AF104649889}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{CF5C3985-412D-4F9A-AC98-BD802CA6DD16}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{8BD0F658-A9C3-4731-8A90-D5CD34674F3C}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{E1CC4765-7A7D-4B6A-9F66-44B162402ED7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{57032B29-8057-4652-A5F5-4B773C70151D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{0C076193-3554-4B09-80FC-1F5489A83CC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{EF8D102D-2F66-414C-A737-24E19FEF1CBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9B9F67FB-502E-42A7-9C2E-D39142BF6012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{B882DC0F-F49E-4B55-A49E-51647A455107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{332A19C4-E790-4BCF-A2B1-CF98EE2E7070}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
FirewallRules: [{CE160321-275B-4BA2-85DD-EDBAC53618AB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
FirewallRules: [{AEEAC0E1-A6DB-49F6-8EE6-B5183FE4D990}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{EDB0DE18-F8EB-49D2-9C57-7FFF745EDE90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{216FAEBA-0B7D-4271-A8DC-CD043A450675}] => (Allow) C:\MyGames\steamapps\common\AWalkInTheDark\AWalkInTheDark.exe
FirewallRules: [{90D1C2B1-CF40-406D-947F-459F42661E80}] => (Allow) C:\MyGames\steamapps\common\AWalkInTheDark\AWalkInTheDark.exe
FirewallRules: [{1576935F-F52A-4F32-B984-D3FEE42A463F}] => (Allow) C:\MyGames\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{2E07477D-6FC4-4380-BEBE-6FBA2E3AD960}] => (Allow) C:\MyGames\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{ACB9D2D9-DD19-40EC-B9F5-A992E966903A}] => (Allow) C:\MyGames\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{801D23B8-00FD-4500-B631-1D531799AAF6}] => (Allow) C:\MyGames\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{4D957FE9-412F-4D43-9CC2-938DCDC42E43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{990B17E4-03B5-4E37-AAF0-10D8A4A5B28B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{C5119668-5C46-41BB-8A1B-598B24577051}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3111EB74-CC64-4C9C-B319-576DEFC2AB14}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{3A8BD383-F1AA-4F89-9122-16D05F246AE7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{D0BCF183-7E77-4D9E-875A-94056B09EBD5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{C6EBF593-3826-465E-B526-D98340812099}] => (Allow) C:\MyGames\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{F8A602FE-0E46-4880-9A83-D3776CC2A60C}] => (Allow) C:\MyGames\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{4EED53BA-0976-43A3-9E80-852BECB3AEF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{5C0D0557-83E8-46CC-87F3-1D1AD573C4B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{10689B64-5BA9-4338-AC48-BD86EBF384F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Syberia\Game.exe
FirewallRules: [{1B88367C-F6BB-4A71-98DF-3AE537CFB81E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Syberia\Game.exe
FirewallRules: [{D6FC207A-7744-494B-9490-A2F1B85B8846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{5D027F43-AB31-4535-BD12-4DE683EB9AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [TCP Query User{FD003AC7-6242-4497-95A3-8D8CDD30B5DA}C:\mygames\steamapps\common\guardians of ember\exedir\ruplatform.exe] => (Allow) C:\mygames\steamapps\common\guardians of ember\exedir\ruplatform.exe
FirewallRules: [UDP Query User{4B178EAF-008B-499F-A88F-B440E5CC05AB}C:\mygames\steamapps\common\guardians of ember\exedir\ruplatform.exe] => (Allow) C:\mygames\steamapps\common\guardians of ember\exedir\ruplatform.exe
FirewallRules: [TCP Query User{9C25882E-DAB4-4E5C-85DE-D82A4A48251D}C:\mygames\steamapps\common\guardians of ember\client_x86.exe] => (Block) C:\mygames\steamapps\common\guardians of ember\client_x86.exe
FirewallRules: [UDP Query User{AAFA26B7-20E3-4469-89F7-9DAA7878790F}C:\mygames\steamapps\common\guardians of ember\client_x86.exe] => (Block) C:\mygames\steamapps\common\guardians of ember\client_x86.exe
FirewallRules: [{9264D49D-81D3-4E02-AEE4-02B5F63E6E77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{20E34B84-ECF1-4992-A7F2-D62BE058A3BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{EA8BD9F1-48A6-4003-BDE2-0B832206469B}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{FCCEB72B-3B52-4380-B460-3A01D60C32C3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A9AFD583-6F55-4E8F-BE38-2E5F89EEF6E5}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{6853BE0D-58CC-4C39-B242-C035804A785F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{CA420FD2-AAE2-464F-90F1-CE77AE6642FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E49E1346-EF72-45EF-B4D2-823843B975E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{B97994DA-7C9B-4C76-B12D-63582FAD0DC1}] => (Allow) C:\Program Files (x86)\StarCraft\StarCraft.exe
FirewallRules: [{9AD8098E-21DD-435A-9FF8-D156ECAF41DE}] => (Allow) C:\Program Files (x86)\StarCraft\StarCraft.exe
FirewallRules: [{274ED66E-5981-47CF-A205-DC48D5A5E394}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{1E283065-BD6B-4DE7-8EF7-D7CB815B3218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{955DBFC8-79BF-4D8F-ABD1-917921597CED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{D71FA36C-6D3D-434D-B3F5-D941CEE3C2AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [TCP Query User{D3B2AF72-7426-49A2-A5A6-FFA0146F2C2F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{3698D09B-B8D2-4606-B572-BBFE87359371}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{C6CED57E-D369-4AAD-AA3B-F32C8C5B7ABE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{C50D806F-3619-4126-87EE-12A3215A0D32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{D324BE3F-22C9-4991-984B-146CE4C63568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe
FirewallRules: [{C597F414-04F0-4798-915E-CFEE2581C4EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe
FirewallRules: [{AFEF5478-3CC4-408F-BADB-63CC685C46FB}] => (Allow) C:\MyGames\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{D9893A14-773A-4532-8FEB-9563F6E2F2C6}] => (Allow) C:\MyGames\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{4CB769F7-7CFD-4748-95B9-D4C577232F2B}] => (Allow) C:\MyGames\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{0E955ECB-83BC-4A70-B8A0-065DB9658FBC}] => (Allow) C:\MyGames\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{7BD2B415-A91F-45CF-9919-2AA2B68D5757}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{C04C212D-9DAE-4B98-82D5-AA1008862D6D}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{91408490-A80F-4E67-BC71-9C8028172844}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{F991B1BB-814C-47FB-BFAF-16DD1AEA0E2E}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{D48ABB11-3A59-4864-B8DD-43099C25C2CE}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{22946170-6822-49FB-8A5E-EF9FDE94C7EF}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{5079D2DB-5A23-46E6-8FD7-8026D3E97F14}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{34995DC3-4893-4E2D-BEED-88C19AB54F13}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{23B0C37C-F45B-4BF8-8061-E1F116446119}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{5BE18D23-50C7-4B07-8C68-0F34DFEB5D26}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{128233F3-610C-432C-B44D-A8A9887926CE}] => (Allow) C:\MyGames\steamapps\common\DeadCore\DeadCore.exe
FirewallRules: [{4F981811-9448-4530-9019-8BBDD0241F7C}] => (Allow) C:\MyGames\steamapps\common\DeadCore\DeadCore.exe

==================== Restore Points =========================

11-10-2017 03:00:16 Windows Update
15-10-2017 03:00:11 Windows Update

==================== Faulty Device Manager Devices =============

Name: PS/2 Keyboard
Description: PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Mouse
Description: PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: eHome Infrared Receiver (USBCIR)
Description: eHome Infrared Receiver (USBCIR)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbcir
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (10/17/2017 09:38:26 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 70002. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (10/17/2017 09:38:23 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/17/2017 09:38:23 PM) (Source: LoadPerf) (EventID: 3001) (User: )
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 70002. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (10/17/2017 09:34:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (10/17/2017 09:33:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/17/2017 09:33:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/17/2017 09:33:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/17/2017 09:33:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/17/2017 09:33:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/17/2017 09:33:53 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (10/17/2017 09:34:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswbidsdriver
aswbidsh
aswblog
aswbuniv
aswRvrt
aswSnx
aswSP
aswVmm
avc3
bdftdif
cdrom
ElRawDisk
epp64
GUBootStartup
Hmonitor45
HWiNFO32
i8042prt
qhpbzs
raeehd
SASDIFSV
SASKUTIL
spldr
trufos
Wanarpv6

Error: (10/17/2017 09:34:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/17/2017 09:34:32 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (10/17/2017 09:33:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (10/17/2017 09:33:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (10/17/2017 09:33:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (10/17/2017 09:33:12 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (10/17/2017 09:33:05 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (10/17/2017 09:32:40 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (10/17/2017 09:32:36 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

CodeIntegrity:
===================================
  Date: 2017-10-17 21:17:16.383
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 21:17:15.197
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 20:36:11.598
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 20:36:09.742
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 20:05:45.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 20:05:44.013
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 19:37:48.616
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 19:37:47.664
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 10:47:53.235
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-10-17 10:47:52.283
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 13%
Total physical RAM: 8190.32 MB
Available physical RAM: 7045.9 MB
Total Virtual: 16433.61 MB
Available Virtual: 15573.63 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.52 GB) (Free:11.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: F4DCAE3E)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=27)
Partition 2: (Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Thank you for any help you can give! :)

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Vista/Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo.com/download_speccy/ (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#3
snowfox217

snowfox217

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you very much for your help Rkinner! I'll try this as soon as I get home from work tomorrow.
  • 0

#4
snowfox217

snowfox217

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Sorry for the delay. But after a couple of tries, i was finally able to get the text files that I think you will need. It seems like my computer kept wanting to crash on me after a svchost.exe process popped up on process explorer. That process would keep climbing past 2,000,000 mb (and keep going) and then my computer would crashed soon after. Needless to say, trying to get both the process explorer text file and the junk.txt (pasted below) saved together before my system crashed was very challenging to say the least.

 

The other thing that I noticed that might be helpful is that when trying to use the internet only my internet explorer will work without crashing the system (imagine that! lol). If i tried using google chrome or firefox on my computer, my system immediately crashes. Not sure if it's a related issue, but I just wanted to note that just in case it helps.

 

 

Anyways, Attached and below is the information you requested:

 

Thanks again for any help you can give! :)

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process < 0.01 0 K 24 K 0
TrustedInstaller.exe 22.31 27,796 K 39,620 K 3540 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 6.54 31,848 K 49,112 K 2708 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 2.31 1,772,120 K 1,779,748 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Interrupts < 0.01 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 1.15 39,832 K 63,968 K 1944 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
SmartCopy.exe 0.38 4,156 K 8,376 K 2788 SmartCopy MFC Application (No signature was present in the subject)
explorer.exe 0.38 44,460 K 65,152 K 2012 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
netsession_win.exe < 0.01 15,192 K 22,320 K 3664 Akamai NetSession Client Akamai Technologies, Inc. (Verified) Akamai Technologies
taskeng.exe < 0.01 12,592 K 14,976 K 1984 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
mHotkey.exe < 0.01 8,652 K 9,608 K 3232 Multimedia Keyboard Driver (No signature was present in the subject) 
netsession_win.exe < 0.01 3,840 K 9,948 K 3376 Akamai NetSession Client Akamai Technologies, Inc. (Verified) Akamai Technologies
WUDFHost.exe 3,724 K 6,688 K 3112
WmiPrvSE.exe 4,128 K 8,460 K 4024
WmiPrvSE.exe 9,248 K 13,940 K 3932
WMIADAP.exe 3,156 K 6,484 K 1892
winlogon.exe 3,464 K 8,152 K 916
wininit.exe 1,920 K 5,124 K 1020
UpdaterService.exe 1,440 K 4,584 K 2388 Updater Service Acer Incorporated (The digital signature of the object did not verify) Acer Incorporated
taskeng.exe 2,964 K 7,880 K 304
System 0.77 0 K 106,144 K 4
svchost.exe 164,292 K 170,616 K 996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,016 K 8,920 K 472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,352 K 8,424 K 624 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 6,480 K 10,608 K 2888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 11,092 K 17,468 K 528 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 19,012 K 24,588 K 1336 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 18,464 K 16,236 K 696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 20,716 K 21,024 K 1096 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,472 K 5,556 K 2980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,904 K 6,456 K 880 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sqlwriter.exe 4,664 K 9,428 K 2860 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
sqlbrowser.exe 1,568 K 4,540 K 2840 SQL Browser Service EXE Microsoft Corporation (Verified) Microsoft Corporation
spoolsv.exe 9,652 K 15,172 K 1308 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe 26,220 K 20,300 K 2440 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
smss.exe 572 K 1,108 K 844
SmartLauncher.exe 5,852 K 9,368 K 3372 SmartLauncher North Star com. (No signature was present in the subject) North Star com.
SLsvc.exe 9,220 K 14,280 K 852 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
sftvsa.exe 1,844 K 5,852 K 2820 Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
sftlist.exe 9,156 K 17,436 K 1512 Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
services.exe 4,652 K 8,480 K 468
SearchIndexer.exe 166,636 K 113,480 K 3012 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SASCORE64.EXE 3,008 K 4,504 K 1472
procexp.exe 7,168 K 11,092 K 2740 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
nvxdsync.exe 9,624 K 20,288 K 1544
nvvsvc.exe 4,904 K 9,032 K 904 NVIDIA Driver Helper Service, Version 361.75 NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe 6,232 K 14,568 K 1556
nvtray.exe 6,604 K 13,764 K 3436 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
NvNetworkService.exe 4,280 K 6,656 K 2492 NVIDIA Network Service NVIDIA Corporation (Verified) NVIDIA Corporation
NvBackend.exe 32,604 K 40,396 K 3452 NVIDIA Backend NVIDIA Corporation (Verified) NVIDIA Corporation
nSvcIp.exe 4,408 K 8,484 K 1728 NVIDIA Corporation (No signature was present in the subject)
nSvcAppFlt.exe 5,300 K 8,608 K 3064 app_filter Module (No signature was present in the subject) 
ModLEDKey.exe 1,940 K 5,624 K 1484 AccessL Chicony (No signature was present in the subject) Chicony
mDNSResponder.exe 2,484 K 5,536 K 2084 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe 3,384 K 5,596 K 616
lsass.exe 5,404 K 11,212 K 488 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LogiRegistryService.exe 1,732 K 4,856 K 2412 Logitech Surround Sound Service Logitech Inc. (Verified) Logitech Inc
ETService.exe 33,896 K 22,312 K 2112 Acer Empowering Technology Framework Service (No signature was present in the subject)
ehtray.exe 3,564 K 1,712 K 1172 Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
ehmsas.exe 2,924 K 7,448 K 1776 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 5,044 K 10,452 K 396
csrss.exe 3,024 K 8,112 K 460
CNYHKey.exe 2,260 K 6,820 K 3160 Creative Multimedia Driver Creative (No signature was present in the subject) Creative
ChiFuncExt.exe 1,936 K 5,576 K 3300 Input Assistant Software Kernel Chicony (No signature was present in the subject) Chicony
audiodg.exe 17,752 K 20,828 K 748
agr64svc.exe 1,376 K 3,232 K 2064 Agere Soft Modem Call Progress Service Agere Systems (Verified) Microsoft Windows Hardware Compatibility Publisher
 
Image Name                     PID Services                                    
========================= ======== ============================================
System Idle Process              0 N/A                                         
System                           4 N/A                                         
smss.exe                       844 N/A                                         
csrss.exe                      460 N/A                                         
wininit.exe                   1020 N/A                                         
csrss.exe                      396 N/A                                         
services.exe                   468 N/A                                         
lsass.exe                      488 SamSs                                       
lsm.exe                        616 N/A                                         
svchost.exe                    624 DcomLaunch, PlugPlay                        
winlogon.exe                   916 N/A                                         
nvvsvc.exe                     904 nvsvc                                       
svchost.exe                    472 RpcSs                                       
svchost.exe                    696 AudioSrv, Dhcp, Eventlog, lmhosts, wscsvc   
svchost.exe                    996 AudioEndpointBuilder, EMDMgmt, hidserv,     
                                   Netman, PcaSvc, SysMain,                    
                                   TabletInputService, UxSms, WdiSystemHost,   
                                   WPDBusEnum, wudfsvc                         
svchost.exe                    900 AeLookupSvc, Appinfo, BITS, Browser,        
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,      
                                   ProfSvc, RasMan, Schedule, seclogon, SENS,  
                                   ShellHWDetection, Themes, Winmgmt, wuauserv 
audiodg.exe                    748 N/A                                         
svchost.exe                    880 gpsvc                                       
SLsvc.exe                      852 slsvc                                       
svchost.exe                    528 EventSystem, fdPHost, FDResPub,             
                                   LanmanWorkstation, netprofm, nsi, SSDPSRV,  
                                   SstpSvc, upnphost, W32Time                  
svchost.exe                   1096 CryptSvc, Dnscache, NlaSvc, TapiSrv         
spoolsv.exe                   1308 Spooler                                     
svchost.exe                   1336 BFE, DPS, MpsSvc                            
nvxdsync.exe                  1544 N/A                                         
nvvsvc.exe                    1556 N/A                                         
dwm.exe                       1944 N/A                                         
taskeng.exe                   1984 N/A                                         
explorer.exe                  2012 N/A                                         
SASCORE64.EXE                 1472 !SASCORE                                    
agr64svc.exe                  2064 AgereModemAudio                             
mDNSResponder.exe             2084 Bonjour Service                             
ETService.exe                 2112 ETService                                   
UpdaterService.exe            2388 Live Updater Service                        
LogiRegistryService.exe       2412 LogiRegistryService                         
SMSvcHost.exe                 2440 NetTcpPortSharing                           
NvNetworkService.exe          2492 NvNetworkService                            
sftvsa.exe                    2820 sftvsa                                      
sqlbrowser.exe                2840 SQLBrowser                                  
sqlwriter.exe                 2860 SQLWriter                                   
svchost.exe                   2888 stisvc                                      
svchost.exe                   2980 WerSvc                                      
SearchIndexer.exe             3012 WSearch                                     
nSvcAppFlt.exe                3064 ForceWare Intelligent Application Manager (I
                                   AM)                                         
nSvcIp.exe                    1728 nSvcIp                                      
sftlist.exe                   1512 sftlist                                     
WUDFHost.exe                  3112 N/A                                         
nvtray.exe                    3436 N/A                                         
NvBackend.exe                 3452 N/A                                         
WmiPrvSE.exe                  3932 N/A                                         
taskeng.exe                    304 N/A                                         
SearchProtocolHost.exe        3296 N/A                                         
netsession_win.exe            3376 N/A                                         
ehtray.exe                    1172 N/A                                         
SmartCopy.exe                 2788 N/A                                         
SmartLauncher.exe             3372 N/A                                         
CNYHKey.exe                   3160 N/A                                         
mHotkey.exe                   3232 N/A                                         
ModLEDKey.exe                 1484 N/A                                         
ChiFuncExt.exe                3300 N/A                                         
ehmsas.exe                    1776 N/A                                         
netsession_win.exe            3664 N/A                                         
procexp.exe                   3672 N/A                                         
procexp64.exe                 3176 N/A                                         
notepad.exe                   3396 N/A                                         
WmiPrvSE.exe                  4024 N/A                                         
SearchFilterHost.exe          3392 N/A                                         
cmd.exe                       1500 N/A                                         
WMIADAP.exe                   1892 N/A                                         
TrustedInstaller.exe          3540 TrustedInstaller                            
tasklist.exe                  3728 N/A                                         
 
 
 
 

Attached Files


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP
svchost.exe 2.31 1,772,120 K 1,779,748 K 900 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
 
is the one eating your memory.  From the junk file we see that process ID 900 is:
 
svchost.exe                    900 AeLookupSvc, Appinfo, BITS, Browser,        
                                   IKEEXT, iphlpsvc, LanmanServer, MMCSS,      
                                   ProfSvc, RasMan, Schedule, seclogon, SENS,  
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
 
The usual culprit in the group of services running on this svchost is wuauserv which is Windows Update. 
 
If you go in to Services (search for SERVICES.MSC and hit Enter) then scroll down to Windows Update and right click and select Properties you should be able to Stop the service.  You can keep it stopped by changing the Startup Type: to Disabled. then APPLY.
 
Now bring up Process Explorer again and see if the svchost is still using so much memory.  The next most likely culprit is BITS.  This is the Background Intelligent Transfer Service which is responsible for downloading Windows Updates.  You can turn it off the same way.  Then look in Process Explorer and see if things change.
 
It appears that Windows is also trying to install something:
TrustedInstaller.exe 22.31 27,796 K 39,620 K 3540 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows

 

 

This is the Windows Modules Installer service.  I'm not sure if you can stop it or not.
 
There is some inconsistency in your Process Explorer log.  We are missing something that is using about 60% of the CPU.  Normally System Idle has about 90% and the remaining 10% is spread among a bunch of processes.  In your case System Idle is <.001 so where is the remaining %?  Possibly a rootkit?
 
Normally when we see a problem in Windows Update the solution is to run
System Update Readiness Tool for Windows Vista for x64-based systems
but this may not work with something hogging the CPU.  Try stopping Windows Update and BITS then see if things improve enough to run the tool.
 
Perhaps the thing to do first would be to rule out a rootkit:  Boot into Safe Mode with Networking
(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)
 
and then download MBAR:
 
 
Run it by right clicking on the downloaded file then Run As Admin while still in Safe Mode with Networking.
 
See if it finds anything.
 
Another possibility is to force a disk check then run SFC :

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs.  Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc.  This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.  Close nOtepad.  Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

Also post a new Process Explorer log.

  • 0

#6
snowfox217

snowfox217

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

So my computer is finally running a little bit better now :). After I stopped the windows update process, it's not wanting to crash 5 minutes after it starts up. So that's a plus.

 

The mbar anti rootkit program found 3 different malware files. I believe it was able to get rid of them, but I don't know for sure. I've attached the log just in case you might need it. I wasn't able to run the windows system update readiness tool or get rid of the windows modules installer service (which you weren't sure if I would be able to or not). But I was able to do everything else.

 

Below is the text from the junk.txt file and the three logs, per your request. Thanks again for all the help that you've given me! :)

 

Junk. txt file

 

2017-10-30 17:20:51, Info                  CSI    00000006 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:20:51, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2017-10-30 17:20:52, Info                  CSI    00000009 [SR] Verify complete
2017-10-30 17:20:53, Info                  CSI    0000000a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:20:53, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2017-10-30 17:20:54, Info                  CSI    0000000d [SR] Verify complete
2017-10-30 17:20:55, Info                  CSI    0000000e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:20:55, Info                  CSI    0000000f [SR] Beginning Verify and Repair transaction
2017-10-30 17:20:56, Info                  CSI    00000011 [SR] Verify complete
2017-10-30 17:20:57, Info                  CSI    00000012 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:20:57, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2017-10-30 17:20:59, Info                  CSI    00000015 [SR] Verify complete
2017-10-30 17:20:59, Info                  CSI    00000016 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:20:59, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:01, Info                  CSI    00000019 [SR] Verify complete
2017-10-30 17:21:02, Info                  CSI    0000001a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:02, Info                  CSI    0000001b [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:03, Info                  CSI    0000001d [SR] Verify complete
2017-10-30 17:21:04, Info                  CSI    0000001e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:04, Info                  CSI    0000001f [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:05, Info                  CSI    00000021 [SR] Verify complete
2017-10-30 17:21:06, Info                  CSI    00000022 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:06, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:08, Info                  CSI    00000025 [SR] Verify complete
2017-10-30 17:21:09, Info                  CSI    00000026 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:09, Info                  CSI    00000027 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:10, Info                  CSI    00000029 [SR] Verify complete
2017-10-30 17:21:11, Info                  CSI    0000002a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:11, Info                  CSI    0000002b [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:13, Info                  CSI    0000002d [SR] Verify complete
2017-10-30 17:21:13, Info                  CSI    0000002e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:13, Info                  CSI    0000002f [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:15, Info                  CSI    00000031 [SR] Verify complete
2017-10-30 17:21:16, Info                  CSI    00000032 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:16, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:17, Info                  CSI    00000035 [SR] Verify complete
2017-10-30 17:21:18, Info                  CSI    00000036 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:18, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:19, Info                  CSI    00000039 [SR] Verify complete
2017-10-30 17:21:20, Info                  CSI    0000003a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:20, Info                  CSI    0000003b [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:21, Info                  CSI    0000003d [SR] Verify complete
2017-10-30 17:21:22, Info                  CSI    0000003e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:22, Info                  CSI    0000003f [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:23, Info                  CSI    00000041 [SR] Verify complete
2017-10-30 17:21:24, Info                  CSI    00000042 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:24, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:25, Info                  CSI    00000045 [SR] Verify complete
2017-10-30 17:21:26, Info                  CSI    00000046 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:26, Info                  CSI    00000047 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:28, Info                  CSI    00000049 [SR] Verify complete
2017-10-30 17:21:29, Info                  CSI    0000004a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:29, Info                  CSI    0000004b [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:30, Info                  CSI    0000004d [SR] Verify complete
2017-10-30 17:21:31, Info                  CSI    0000004e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:31, Info                  CSI    0000004f [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:32, Info                  CSI    00000051 [SR] Verify complete
2017-10-30 17:21:33, Info                  CSI    00000052 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:33, Info                  CSI    00000053 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:34, Info                  CSI    00000055 [SR] Verify complete
2017-10-30 17:21:35, Info                  CSI    00000056 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:35, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:37, Info                  CSI    00000059 [SR] Verify complete
2017-10-30 17:21:37, Info                  CSI    0000005a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:37, Info                  CSI    0000005b [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:39, Info                  CSI    0000005d [SR] Verify complete
2017-10-30 17:21:40, Info                  CSI    0000005e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:40, Info                  CSI    0000005f [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:41, Info                  CSI    00000061 [SR] Verify complete
2017-10-30 17:21:42, Info                  CSI    00000062 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:42, Info                  CSI    00000063 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:43, Info                  CSI    00000065 [SR] Verify complete
2017-10-30 17:21:44, Info                  CSI    00000066 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:44, Info                  CSI    00000067 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:45, Info                  CSI    00000069 [SR] Verify complete
2017-10-30 17:21:46, Info                  CSI    0000006a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:46, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:47, Info                  CSI    0000006d [SR] Verify complete
2017-10-30 17:21:48, Info                  CSI    0000006e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:48, Info                  CSI    0000006f [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:49, Info                  CSI    00000071 [SR] Verify complete
2017-10-30 17:21:50, Info                  CSI    00000072 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:50, Info                  CSI    00000073 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:51, Info                  CSI    00000075 [SR] Verify complete
2017-10-30 17:21:52, Info                  CSI    00000076 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:52, Info                  CSI    00000077 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:53, Info                  CSI    00000079 [SR] Verify complete
2017-10-30 17:21:54, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:54, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:55, Info                  CSI    0000007d [SR] Verify complete
2017-10-30 17:21:56, Info                  CSI    0000007e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:56, Info                  CSI    0000007f [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:57, Info                  CSI    00000081 [SR] Verify complete
2017-10-30 17:21:58, Info                  CSI    00000082 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:21:58, Info                  CSI    00000083 [SR] Beginning Verify and Repair transaction
2017-10-30 17:21:59, Info                  CSI    00000085 [SR] Verify complete
2017-10-30 17:22:00, Info                  CSI    00000086 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:00, Info                  CSI    00000087 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:01, Info                  CSI    00000089 [SR] Verify complete
2017-10-30 17:22:02, Info                  CSI    0000008a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:02, Info                  CSI    0000008b [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:04, Info                  CSI    0000008d [SR] Verify complete
2017-10-30 17:22:04, Info                  CSI    0000008e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:04, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:06, Info                  CSI    00000091 [SR] Verify complete
2017-10-30 17:22:06, Info                  CSI    00000092 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:06, Info                  CSI    00000093 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:08, Info                  CSI    00000095 [SR] Verify complete
2017-10-30 17:22:09, Info                  CSI    00000096 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:09, Info                  CSI    00000097 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:10, Info                  CSI    00000099 [SR] Verify complete
2017-10-30 17:22:11, Info                  CSI    0000009a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:11, Info                  CSI    0000009b [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:13, Info                  CSI    0000009d [SR] Verify complete
2017-10-30 17:22:13, Info                  CSI    0000009e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:13, Info                  CSI    0000009f [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:15, Info                  CSI    000000a1 [SR] Verify complete
2017-10-30 17:22:16, Info                  CSI    000000a2 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:16, Info                  CSI    000000a3 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:19, Info                  CSI    000000a5 [SR] Verify complete
2017-10-30 17:22:19, Info                  CSI    000000a6 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:19, Info                  CSI    000000a7 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:21, Info                  CSI    000000a9 [SR] Verify complete
2017-10-30 17:22:22, Info                  CSI    000000aa [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:22, Info                  CSI    000000ab [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:23, Info                  CSI    000000ad [SR] Verify complete
2017-10-30 17:22:24, Info                  CSI    000000ae [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:24, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:26, Info                  CSI    000000b1 [SR] Verify complete
2017-10-30 17:22:27, Info                  CSI    000000b2 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:27, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:28, Info                  CSI    000000b5 [SR] Verify complete
2017-10-30 17:22:29, Info                  CSI    000000b6 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:29, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:30, Info                  CSI    000000b9 [SR] Verify complete
2017-10-30 17:22:31, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:31, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:32, Info                  CSI    000000bd [SR] Verify complete
2017-10-30 17:22:33, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:33, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:35, Info                  CSI    000000c1 [SR] Verify complete
2017-10-30 17:22:36, Info                  CSI    000000c2 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:36, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:37, Info                  CSI    000000c5 [SR] Verify complete
2017-10-30 17:22:38, Info                  CSI    000000c6 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:38, Info                  CSI    000000c7 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:39, Info                  CSI    000000c9 [SR] Verify complete
2017-10-30 17:22:40, Info                  CSI    000000ca [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:40, Info                  CSI    000000cb [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:43, Info                  CSI    000000cd [SR] Verify complete
2017-10-30 17:22:43, Info                  CSI    000000ce [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:43, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:44, Info                  CSI    000000d1 [SR] Verify complete
2017-10-30 17:22:45, Info                  CSI    000000d2 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:45, Info                  CSI    000000d3 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:47, Info                  CSI    000000d5 [SR] Verify complete
2017-10-30 17:22:47, Info                  CSI    000000d6 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:47, Info                  CSI    000000d7 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:48, Info                  CSI    000000d9 [SR] Verify complete
2017-10-30 17:22:49, Info                  CSI    000000da [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:49, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:51, Info                  CSI    000000dd [SR] Verify complete
2017-10-30 17:22:51, Info                  CSI    000000de [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:51, Info                  CSI    000000df [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:53, Info                  CSI    000000e1 [SR] Verify complete
2017-10-30 17:22:54, Info                  CSI    000000e2 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:54, Info                  CSI    000000e3 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:55, Info                  CSI    000000e5 [SR] Verify complete
2017-10-30 17:22:55, Info                  CSI    000000e6 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:55, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2017-10-30 17:22:57, Info                  CSI    000000e9 [SR] Verify complete
2017-10-30 17:22:58, Info                  CSI    000000ea [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:22:58, Info                  CSI    000000eb [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:02, Info                  CSI    000000ed [SR] Verify complete
2017-10-30 17:23:03, Info                  CSI    000000ee [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:03, Info                  CSI    000000ef [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:08, Info                  CSI    000000f1 [SR] Verify complete
2017-10-30 17:23:08, Info                  CSI    000000f2 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:08, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:13, Info                  CSI    000000f7 [SR] Verify complete
2017-10-30 17:23:14, Info                  CSI    000000f8 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:14, Info                  CSI    000000f9 [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:19, Info                  CSI    000000fc [SR] Verify complete
2017-10-30 17:23:20, Info                  CSI    000000fd [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:20, Info                  CSI    000000fe [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:25, Info                  CSI    00000102 [SR] Verify complete
2017-10-30 17:23:25, Info                  CSI    00000103 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:25, Info                  CSI    00000104 [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:31, Info                  CSI    00000106 [SR] Verify complete
2017-10-30 17:23:32, Info                  CSI    00000107 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:32, Info                  CSI    00000108 [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:38, Info                  CSI    00000129 [SR] Verify complete
2017-10-30 17:23:38, Info                  CSI    0000012a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:38, Info                  CSI    0000012b [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:44, Info                  CSI    00000130 [SR] Verify complete
2017-10-30 17:23:45, Info                  CSI    00000131 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:45, Info                  CSI    00000132 [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:50, Info                  CSI    00000134 [SR] Verify complete
2017-10-30 17:23:50, Info                  CSI    00000135 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:50, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
2017-10-30 17:23:57, Info                  CSI    00000138 [SR] Verify complete
2017-10-30 17:23:57, Info                  CSI    00000139 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:23:57, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2017-10-30 17:24:05, Info                  CSI    0000013c [SR] Verify complete
2017-10-30 17:24:06, Info                  CSI    0000013d [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:24:06, Info                  CSI    0000013e [SR] Beginning Verify and Repair transaction
2017-10-30 17:24:15, Info                  CSI    00000153 [SR] Verify complete
2017-10-30 17:24:15, Info                  CSI    00000154 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:24:15, Info                  CSI    00000155 [SR] Beginning Verify and Repair transaction
2017-10-30 17:24:27, Info                  CSI    00000157 [SR] Verify complete
2017-10-30 17:24:28, Info                  CSI    00000158 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:24:28, Info                  CSI    00000159 [SR] Beginning Verify and Repair transaction
2017-10-30 17:24:42, Info                  CSI    0000015b [SR] Verify complete
2017-10-30 17:24:42, Info                  CSI    0000015c [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:24:42, Info                  CSI    0000015d [SR] Beginning Verify and Repair transaction
2017-10-30 17:24:46, Info                  CSI    0000015f [SR] Verify complete
2017-10-30 17:24:46, Info                  CSI    00000160 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:24:46, Info                  CSI    00000161 [SR] Beginning Verify and Repair transaction
2017-10-30 17:24:49, Info                  CSI    00000163 [SR] Verify complete
2017-10-30 17:24:49, Info                  CSI    00000164 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:24:49, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2017-10-30 17:24:51, Info                  CSI    00000167 [SR] Verify complete
2017-10-30 17:24:51, Info                  CSI    00000168 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:24:51, Info                  CSI    00000169 [SR] Beginning Verify and Repair transaction
2017-10-30 17:24:58, Info                  CSI    0000017a [SR] Verify complete
2017-10-30 17:24:58, Info                  CSI    0000017b [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:24:58, Info                  CSI    0000017c [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:03, Info                  CSI    0000017f [SR] Verify complete
2017-10-30 17:25:03, Info                  CSI    00000180 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:03, Info                  CSI    00000181 [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:05, Info                  CSI    00000183 [SR] Verify complete
2017-10-30 17:25:06, Info                  CSI    00000184 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:06, Info                  CSI    00000185 [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:10, Info                  CSI    00000187 [SR] Verify complete
2017-10-30 17:25:10, Info                  CSI    00000188 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:10, Info                  CSI    00000189 [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:15, Info                  CSI    0000018b [SR] Verify complete
2017-10-30 17:25:17, Info                  CSI    0000018c [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:17, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:27, Info                  CSI    00000190 [SR] Verify complete
2017-10-30 17:25:27, Info                  CSI    00000191 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:27, Info                  CSI    00000192 [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:31, Info                  CSI    00000194 [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2017-10-30 17:25:31, Info                  CSI    00000197 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2017-10-30 17:25:32, Info                  CSI    0000019a [SR] Verify complete
2017-10-30 17:25:32, Info                  CSI    0000019b [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:32, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:35, Info                  CSI    0000019e [SR] Verify complete
2017-10-30 17:25:36, Info                  CSI    0000019f [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:36, Info                  CSI    000001a0 [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:44, Info                  CSI    000001a2 [SR] Verify complete
2017-10-30 17:25:44, Info                  CSI    000001a3 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:44, Info                  CSI    000001a4 [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:49, Info                  CSI    000001a6 [SR] Verify complete
2017-10-30 17:25:49, Info                  CSI    000001a7 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:25:49, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2017-10-30 17:25:59, Info                  CSI    000001ba [SR] Verify complete
2017-10-30 17:26:00, Info                  CSI    000001bb [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:26:00, Info                  CSI    000001bc [SR] Beginning Verify and Repair transaction
2017-10-30 17:26:08, Info                  CSI    000001c4 [SR] Verify complete
2017-10-30 17:26:08, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:26:08, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2017-10-30 17:26:24, Info                  CSI    000001c8 [SR] Verify complete
2017-10-30 17:26:24, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:26:24, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2017-10-30 17:26:36, Info                  CSI    000001cc [SR] Verify complete
2017-10-30 17:26:36, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:26:36, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2017-10-30 17:26:43, Info                  CSI    000001d0 [SR] Verify complete
2017-10-30 17:26:44, Info                  CSI    000001d1 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:26:44, Info                  CSI    000001d2 [SR] Beginning Verify and Repair transaction
2017-10-30 17:26:52, Info                  CSI    000001d4 [SR] Verify complete
2017-10-30 17:26:52, Info                  CSI    000001d5 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:26:52, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
2017-10-30 17:26:58, Info                  CSI    000001d8 [SR] Verify complete
2017-10-30 17:26:58, Info                  CSI    000001d9 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:26:58, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
2017-10-30 17:27:03, Info                  CSI    000001de [SR] Verify complete
2017-10-30 17:27:04, Info                  CSI    000001df [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:27:04, Info                  CSI    000001e0 [SR] Beginning Verify and Repair transaction
2017-10-30 17:27:08, Info                  CSI    000001e2 [SR] Verify complete
2017-10-30 17:27:08, Info                  CSI    000001e3 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:27:08, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2017-10-30 17:27:21, Info                  CSI    000001e6 [SR] Verify complete
2017-10-30 17:27:21, Info                  CSI    000001e7 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:27:21, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
2017-10-30 17:27:27, Info                  CSI    000001ea [SR] Verify complete
2017-10-30 17:27:27, Info                  CSI    000001eb [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:27:27, Info                  CSI    000001ec [SR] Beginning Verify and Repair transaction
2017-10-30 17:27:37, Info                  CSI    000001ee [SR] Verify complete
2017-10-30 17:27:37, Info                  CSI    000001ef [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:27:37, Info                  CSI    000001f0 [SR] Beginning Verify and Repair transaction
2017-10-30 17:27:38, Info                  CSI    000001f2 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-10-30 17:27:43, Info                  CSI    000001f4 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-10-30 17:27:43, Info                  CSI    000001f5 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2017-10-30 17:27:44, Info                  CSI    000001f7 [SR] Verify complete
2017-10-30 17:27:44, Info                  CSI    000001f8 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:27:44, Info                  CSI    000001f9 [SR] Beginning Verify and Repair transaction
2017-10-30 17:27:49, Info                  CSI    000001fb [SR] Verify complete
2017-10-30 17:27:50, Info                  CSI    000001fc [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:27:50, Info                  CSI    000001fd [SR] Beginning Verify and Repair transaction
2017-10-30 17:27:57, Info                  CSI    00000200 [SR] Verify complete
2017-10-30 17:27:58, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:27:58, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:08, Info                  CSI    00000204 [SR] Verify complete
2017-10-30 17:28:09, Info                  CSI    00000205 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:28:09, Info                  CSI    00000206 [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:14, Info                  CSI    00000208 [SR] Verify complete
2017-10-30 17:28:14, Info                  CSI    00000209 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:28:14, Info                  CSI    0000020a [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:20, Info                  CSI    0000020d [SR] Verify complete
2017-10-30 17:28:21, Info                  CSI    0000020e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:28:21, Info                  CSI    0000020f [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:26, Info                  CSI    00000212 [SR] Verify complete
2017-10-30 17:28:27, Info                  CSI    00000213 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:28:27, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:33, Info                  CSI    00000219 [SR] Verify complete
2017-10-30 17:28:34, Info                  CSI    0000021a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:28:34, Info                  CSI    0000021b [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:41, Info                  CSI    0000021d [SR] Verify complete
2017-10-30 17:28:42, Info                  CSI    0000021e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:28:42, Info                  CSI    0000021f [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:50, Info                  CSI    00000221 [SR] Verify complete
2017-10-30 17:28:51, Info                  CSI    00000222 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:28:51, Info                  CSI    00000223 [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:53, Info                  CSI    00000225 [SR] Verify complete
2017-10-30 17:28:53, Info                  CSI    00000226 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:28:53, Info                  CSI    00000227 [SR] Beginning Verify and Repair transaction
2017-10-30 17:28:59, Info                  CSI    00000229 [SR] Verify complete
2017-10-30 17:29:00, Info                  CSI    0000022a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:29:00, Info                  CSI    0000022b [SR] Beginning Verify and Repair transaction
2017-10-30 17:29:07, Info                  CSI    0000022d [SR] Verify complete
2017-10-30 17:29:08, Info                  CSI    0000022e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:29:08, Info                  CSI    0000022f [SR] Beginning Verify and Repair transaction
2017-10-30 17:29:15, Info                  CSI    00000231 [SR] Verify complete
2017-10-30 17:29:15, Info                  CSI    00000232 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:29:15, Info                  CSI    00000233 [SR] Beginning Verify and Repair transaction
2017-10-30 17:29:34, Info                  CSI    00000235 [SR] Verify complete
2017-10-30 17:29:34, Info                  CSI    00000236 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:29:34, Info                  CSI    00000237 [SR] Beginning Verify and Repair transaction
2017-10-30 17:29:39, Info                  CSI    00000239 [SR] Verify complete
2017-10-30 17:29:40, Info                  CSI    0000023a [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:29:40, Info                  CSI    0000023b [SR] Beginning Verify and Repair transaction
2017-10-30 17:29:45, Info                  CSI    0000023d [SR] Verify complete
2017-10-30 17:29:46, Info                  CSI    0000023e [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:29:46, Info                  CSI    0000023f [SR] Beginning Verify and Repair transaction
2017-10-30 17:29:54, Info                  CSI    0000024a [SR] Verify complete
2017-10-30 17:29:55, Info                  CSI    0000024b [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:29:55, Info                  CSI    0000024c [SR] Beginning Verify and Repair transaction
2017-10-30 17:29:59, Info                  CSI    0000024e [SR] Verify complete
2017-10-30 17:30:00, Info                  CSI    0000024f [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:00, Info                  CSI    00000250 [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:04, Info                  CSI    00000252 [SR] Verify complete
2017-10-30 17:30:05, Info                  CSI    00000253 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:05, Info                  CSI    00000254 [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:11, Info                  CSI    00000256 [SR] Verify complete
2017-10-30 17:30:11, Info                  CSI    00000257 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:11, Info                  CSI    00000258 [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:17, Info                  CSI    0000025a [SR] Verify complete
2017-10-30 17:30:18, Info                  CSI    0000025b [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:18, Info                  CSI    0000025c [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:20, Info                  CSI    0000025e [SR] Verify complete
2017-10-30 17:30:20, Info                  CSI    0000025f [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:20, Info                  CSI    00000260 [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:23, Info                  CSI    00000263 [SR] Verify complete
2017-10-30 17:30:24, Info                  CSI    00000264 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:24, Info                  CSI    00000265 [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:30, Info                  CSI    0000026a [SR] Verify complete
2017-10-30 17:30:31, Info                  CSI    0000026b [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:31, Info                  CSI    0000026c [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:42, Info                  CSI    00000272 [SR] Verify complete
2017-10-30 17:30:42, Info                  CSI    00000273 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:42, Info                  CSI    00000274 [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:50, Info                  CSI    00000284 [SR] Verify complete
2017-10-30 17:30:50, Info                  CSI    00000285 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:50, Info                  CSI    00000286 [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:53, Info                  CSI    00000288 [SR] Verify complete
2017-10-30 17:30:54, Info                  CSI    00000289 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:54, Info                  CSI    0000028a [SR] Beginning Verify and Repair transaction
2017-10-30 17:30:58, Info                  CSI    0000028c [SR] Verify complete
2017-10-30 17:30:59, Info                  CSI    0000028d [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:30:59, Info                  CSI    0000028e [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:03, Info                  CSI    00000293 [SR] Verify complete
2017-10-30 17:31:03, Info                  CSI    00000294 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:03, Info                  CSI    00000295 [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:08, Info                  CSI    0000029a [SR] Verify complete
2017-10-30 17:31:08, Info                  CSI    0000029b [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:08, Info                  CSI    0000029c [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:14, Info                  CSI    000002bd [SR] Verify complete
2017-10-30 17:31:14, Info                  CSI    000002be [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:14, Info                  CSI    000002bf [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:18, Info                  CSI    000002c1 [SR] Verify complete
2017-10-30 17:31:18, Info                  CSI    000002c2 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:18, Info                  CSI    000002c3 [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:23, Info                  CSI    000002c5 [SR] Verify complete
2017-10-30 17:31:23, Info                  CSI    000002c6 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:23, Info                  CSI    000002c7 [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:28, Info                  CSI    000002d7 [SR] Verify complete
2017-10-30 17:31:28, Info                  CSI    000002d8 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:28, Info                  CSI    000002d9 [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:39, Info                  CSI    000002db [SR] Verify complete
2017-10-30 17:31:39, Info                  CSI    000002dc [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:39, Info                  CSI    000002dd [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:44, Info                  CSI    000002eb [SR] Verify complete
2017-10-30 17:31:44, Info                  CSI    000002ec [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:44, Info                  CSI    000002ed [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:47, Info                  CSI    000002ef [SR] Verify complete
2017-10-30 17:31:48, Info                  CSI    000002f0 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:48, Info                  CSI    000002f1 [SR] Beginning Verify and Repair transaction
2017-10-30 17:31:54, Info                  CSI    000002f4 [SR] Verify complete
2017-10-30 17:31:55, Info                  CSI    000002f5 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:31:55, Info                  CSI    000002f6 [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:02, Info                  CSI    000002f9 [SR] Verify complete
2017-10-30 17:32:02, Info                  CSI    000002fa [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:02, Info                  CSI    000002fb [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:05, Info                  CSI    000002fd [SR] Verify complete
2017-10-30 17:32:05, Info                  CSI    000002fe [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:05, Info                  CSI    000002ff [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:12, Info                  CSI    00000301 [SR] Verify complete
2017-10-30 17:32:12, Info                  CSI    00000302 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:12, Info                  CSI    00000303 [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:16, Info                  CSI    00000305 [SR] Verify complete
2017-10-30 17:32:17, Info                  CSI    00000306 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:17, Info                  CSI    00000307 [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:23, Info                  CSI    0000031f [SR] Verify complete
2017-10-30 17:32:24, Info                  CSI    00000320 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:24, Info                  CSI    00000321 [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:30, Info                  CSI    00000326 [SR] Verify complete
2017-10-30 17:32:30, Info                  CSI    00000327 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:30, Info                  CSI    00000328 [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:44, Info                  CSI    0000032a [SR] Verify complete
2017-10-30 17:32:44, Info                  CSI    0000032b [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:44, Info                  CSI    0000032c [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:51, Info                  CSI    0000032e [SR] Verify complete
2017-10-30 17:32:51, Info                  CSI    0000032f [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:51, Info                  CSI    00000330 [SR] Beginning Verify and Repair transaction
2017-10-30 17:32:56, Info                  CSI    00000332 [SR] Verify complete
2017-10-30 17:32:56, Info                  CSI    00000333 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:32:56, Info                  CSI    00000334 [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:00, Info                  CSI    00000337 [SR] Verify complete
2017-10-30 17:33:01, Info                  CSI    00000338 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:01, Info                  CSI    00000339 [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:09, Info                  CSI    0000033b [SR] Verify complete
2017-10-30 17:33:10, Info                  CSI    0000033c [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:10, Info                  CSI    0000033d [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:15, Info                  CSI    0000033f [SR] Verify complete
2017-10-30 17:33:15, Info                  CSI    00000340 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:15, Info                  CSI    00000341 [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:19, Info                  CSI    00000343 [SR] Verify complete
2017-10-30 17:33:19, Info                  CSI    00000344 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:19, Info                  CSI    00000345 [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:24, Info                  CSI    00000348 [SR] Verify complete
2017-10-30 17:33:24, Info                  CSI    00000349 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:24, Info                  CSI    0000034a [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:28, Info                  CSI    0000034c [SR] Verify complete
2017-10-30 17:33:29, Info                  CSI    0000034d [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:29, Info                  CSI    0000034e [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:35, Info                  CSI    00000350 [SR] Verify complete
2017-10-30 17:33:35, Info                  CSI    00000351 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:35, Info                  CSI    00000352 [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:40, Info                  CSI    00000357 [SR] Verify complete
2017-10-30 17:33:41, Info                  CSI    00000358 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:41, Info                  CSI    00000359 [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:46, Info                  CSI    0000035b [SR] Verify complete
2017-10-30 17:33:46, Info                  CSI    0000035c [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:46, Info                  CSI    0000035d [SR] Beginning Verify and Repair transaction
2017-10-30 17:33:54, Info                  CSI    00000360 [SR] Verify complete
2017-10-30 17:33:54, Info                  CSI    00000361 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:33:54, Info                  CSI    00000362 [SR] Beginning Verify and Repair transaction
2017-10-30 17:34:01, Info                  CSI    00000364 [SR] Verify complete
2017-10-30 17:34:01, Info                  CSI    00000365 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:34:01, Info                  CSI    00000366 [SR] Beginning Verify and Repair transaction
2017-10-30 17:34:07, Info                  CSI    00000368 [SR] Verify complete
2017-10-30 17:34:07, Info                  CSI    00000369 [SR] Verifying 100 (0x0000000000000064) components
2017-10-30 17:34:07, Info                  CSI    0000036a [SR] Beginning Verify and Repair transaction
2017-10-30 17:34:13, Info                  CSI    0000036c [SR] Verify complete
2017-10-30 17:34:14, Info                  CSI    0000036d [SR] Verifying 50 (0x0000000000000032) components
2017-10-30 17:34:14, Info                  CSI    0000036e [SR] Beginning Verify and Repair transaction
2017-10-30 17:34:16, Info                  CSI    00000370 [SR] Verify complete
2017-10-30 17:34:16, Info                  CSI    00000371 [SR] Repairing 3 components
2017-10-30 17:34:16, Info                  CSI    00000372 [SR] Beginning Verify and Repair transaction
2017-10-30 17:34:16, Info                  CSI    00000374 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-10-30 17:34:16, Info                  CSI    00000376 [SR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch
2017-10-30 17:34:16, Info                  CSI    00000377 [SR] This component was referenced by [l:162{81}]"Package_17_for_KB948465~31bf3856ad364e35~amd64~~6.0.1.18005.948465-60_neutral_GDR"
2017-10-30 17:34:16, Info                  CSI    00000379 [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2017-10-30 17:34:16, Info                  CSI    0000037c [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2017-10-30 17:34:16, Info                  CSI    0000037f [SR] Repair complete
2017-10-30 17:34:16, Info                  CSI    00000380 [SR] Committing transaction
2017-10-30 17:34:17, Info                  CSI    00000384 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction  have been successfully repaired
 

--------------------

 

System Output Log

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 30/10/2017 5:55:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/10/2017 10:51:50 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- MS/MS-Pro USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_MS/MS-Pro&Rev_1.00\30000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:51:50 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SD/MMC USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SD/MMC&Rev_1.00\20000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:51:50 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SM/xD-Picture USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SM/xD-Picture&Rev_1.00\10000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:51:50 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- Compact Flash USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00\00000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:47:54 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- MS/MS-Pro USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_MS/MS-Pro&Rev_1.00\30000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:47:54 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SD/MMC USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SD/MMC&Rev_1.00\20000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:47:54 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SM/xD-Picture USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SM/xD-Picture&Rev_1.00\10000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:47:54 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- Compact Flash USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00\00000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:44:18 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- MS/MS-Pro USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_MS/MS-Pro&Rev_1.00\30000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:44:18 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SD/MMC USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SD/MMC&Rev_1.00\20000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:44:18 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SM/xD-Picture USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SM/xD-Picture&Rev_1.00\10000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:44:18 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- Compact Flash USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00\00000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:41:56 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- MS/MS-Pro USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_MS/MS-Pro&Rev_1.00\30000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:41:56 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SD/MMC USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SD/MMC&Rev_1.00\20000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:41:56 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SM/xD-Picture USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SM/xD-Picture&Rev_1.00\10000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:41:56 PM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- Compact Flash USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00\00000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 30/10/2017 10:41:54 PM
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk2\DR2.

Log: 'System' Date/Time: 30/10/2017 10:41:54 PM
Type: Error Category: 0
Event: 11 Source: disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 30/10/2017 10:18:09 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom qhpbzs raeehd

Log: 'System' Date/Time: 30/10/2017 10:18:09 PM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/10/2017 10:16:08 PM
Type: Warning Category: 0
Event: 1009 Source: Microsoft-Windows-DHCPv6-Client
A network error occurred when trying to send a message. The error code is: Element not found..

Log: 'System' Date/Time: 30/10/2017 1:34:17 AM
Type: Warning Category: 0
Event: 1009 Source: Microsoft-Windows-DHCPv6-Client
A network error occurred when trying to send a message. The error code is: Element not found..

 

 

 

--------------------

 

Application Output Log

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 30/10/2017 5:57:20 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/10/2017 10:54:22 PM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 30/10/2017 10:46:56 PM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 30/10/2017 10:46:19 PM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 30/10/2017 10:41:32 PM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 30/10/2017 10:41:18 PM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 30/10/2017 10:23:49 PM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 30/10/2017 10:23:49 PM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 30/10/2017 10:18:36 PM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 30/10/2017 10:18:26 PM
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Log: 'Application' Date/Time: 30/10/2017 10:18:26 PM
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Log: 'Application' Date/Time: 30/10/2017 10:17:47 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 30/10/2017 10:16:41 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application CVHSVC.EXE, version 14.0.7147.5000, time stamp 0x5509d673, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec36a2, exception code 0xc0000374, fault offset 0x000ac7eb, process id 0xce0, application start time 0x01d351ccc2b7ab6a.

Log: 'Application' Date/Time: 30/10/2017 2:42:05 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 30/10/2017 1:48:20 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 30/10/2017 1:41:51 AM
Type: Error Category: 0
Event: 3011 Source: Microsoft-Windows-LoadPerf
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Log: 'Application' Date/Time: 30/10/2017 1:41:51 AM
Type: Error Category: 0
Event: 3012 Source: Microsoft-Windows-LoadPerf
The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Log: 'Application' Date/Time: 30/10/2017 1:38:19 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 30/10/2017 1:38:19 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 30/10/2017 1:38:19 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 30/10/2017 1:38:19 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/10/2017 10:17:19 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.

Log: 'Application' Date/Time: 30/10/2017 10:17:19 PM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 30/10/2017 10:16:44 PM
Type: Warning Category: 3
Event: 3219 Source: Application Virtualization Client
{tid=C7C}
Failed unregistering callback tracking connected process termination (error: 997).

Log: 'Application' Date/Time: 30/10/2017 10:16:40 PM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=45C}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: HAYES2-PC Operating System: Windows Vista 64-bit Service Pack 2.0 Build 6002 OSD Command:

Log: 'Application' Date/Time: 30/10/2017 10:16:35 PM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=45C}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 30/10/2017 10:16:34 PM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 30/10/2017 10:16:12 PM
Type: Warning Category: 0
Event: 1036 Source: Microsoft-Windows-SpoolerSpoolss
InitializePrintProvider failed for provider win32spl.dll. This can occur because of system instability or a lack of system resources.

Log: 'Application' Date/Time: 30/10/2017 3:02:47 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1094520485-351602351-698667415-1000:
Process 2380 (\Device\HarddiskVolume2\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe) has opened key \REGISTRY\USER\S-1-5-21-1094520485-351602351-698667415-1000\Software\Logitech\Logitech Gaming Software\Audio Devices

Log: 'Application' Date/Time: 30/10/2017 1:36:24 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.

Log: 'Application' Date/Time: 30/10/2017 1:36:24 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 30/10/2017 1:35:27 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.

Log: 'Application' Date/Time: 30/10/2017 1:35:27 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 30/10/2017 1:34:43 AM
Type: Warning Category: 3
Event: 3219 Source: Application Virtualization Client
{tid=C58}
Failed unregistering callback tracking connected process termination (error: 997).

Log: 'Application' Date/Time: 30/10/2017 1:34:40 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=738}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: HAYES2-PC Operating System: Windows Vista 64-bit Service Pack 2.0 Build 6002 OSD Command:

Log: 'Application' Date/Time: 30/10/2017 1:34:35 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=738}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 30/10/2017 1:34:35 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 30/10/2017 1:34:20 AM
Type: Warning Category: 0
Event: 1036 Source: Microsoft-Windows-SpoolerSpoolss
InitializePrintProvider failed for provider win32spl.dll. This can occur because of system instability or a lack of system resources.

Log: 'Application' Date/Time: 29/10/2017 8:43:01 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 29/10/2017 8:43:01 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

 

----------------------------------------

 

Process Explorer Log

 

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.00 0 K 24 K 0   
iexplore.exe 1.92 202,016 K 213,452 K 2936 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
procexp64.exe 1.54 35,096 K 52,672 K 3476 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
dwm.exe 0.77 44,828 K 79,388 K 1804 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
SmartCopy.exe 0.38 8,156 K 12,324 K 2644 SmartCopy MFC Application  (No signature was present in the subject)
Interrupts 0.38 0 K 0 K n/a Hardware Interrupts and DPCs  
netsession_win.exe < 0.01 14,060 K 21,648 K 2364 Akamai NetSession Client Akamai Technologies, Inc. (Verified) Akamai Technologies
iexplore.exe < 0.01 111,620 K 117,568 K 3420 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
explorer.exe < 0.01 46,020 K 72,020 K 788 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe < 0.01 25,348 K 34,512 K 3696 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
mHotkey.exe < 0.01 8,652 K 9,724 K 2308 Multimedia Keyboard Driver  (No signature was present in the subject)
netsession_win.exe < 0.01 4,088 K 10,180 K 2860 Akamai NetSession Client Akamai Technologies, Inc. (Verified) Akamai Technologies
WUDFHost.exe  3,812 K 6,784 K 700   
WmiPrvSE.exe  3,948 K 7,988 K 3688   
WmiPrvSE.exe  6,368 K 12,676 K 4752   
winlogon.exe  3,436 K 8,104 K 1460   
wininit.exe  1,912 K 5,112 K 1520   
UpdaterService.exe  1,444 K 4,584 K 2372 Updater Service Acer Incorporated (The digital signature of the object did not verify) Acer Incorporated
taskeng.exe  12,804 K 15,320 K 940 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  3,004 K 8,032 K 3168   
System  0 K 106,748 K 4   
svchost.exe  27,536 K 39,296 K 132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  5,784 K 9,700 K 1904 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  4,252 K 8,396 K 1796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  203,148 K 208,432 K 1192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  21,904 K 18,804 K 736 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,820 K 6,428 K 1368 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  11,036 K 18,348 K 1468 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  20,184 K 21,204 K 384 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  26,284 K 32,180 K 1976 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  6,592 K 10,732 K 2892 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,464 K 5,556 K 2960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,652 K 7,236 K 2804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sqlwriter.exe  4,676 K 9,468 K 2852 SQL Server VSS Writer - 64 Bit Microsoft Corporation (Verified) Microsoft Corporation
sqlbrowser.exe  1,704 K 4,668 K 2828 SQL Browser Service EXE Microsoft Corporation (Verified) Microsoft Corporation
spoolsv.exe  9,280 K 14,364 K 1920 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SMSvcHost.exe  26,228 K 20,328 K 2424 SMSvcHost.exe Microsoft Corporation (Verified) Microsoft Corporation
smss.exe  576 K 1,108 K 1216   
SmartLauncher.exe  6,764 K 10,236 K 2700 SmartLauncher North Star com. (No signature was present in the subject) North Star com.
SLsvc.exe  9,196 K 14,260 K 1392 Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
sftvsa.exe  1,848 K 5,852 K 2792 Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation (Verified) Microsoft Corporation
sftlist.exe  9,196 K 17,512 K 924 Microsoft Application Virtualization Client Service Microsoft Corporation (Verified) Microsoft Corporation
services.exe  3,636 K 7,960 K 920   
SearchIndexer.exe  109,764 K 22,284 K 2996 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SASCORE64.EXE  3,012 K 4,500 K 1152   
procexp.exe  6,652 K 10,504 K 3112 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
nvxdsync.exe  9,552 K 20,340 K 1860   
nvvsvc.exe  4,984 K 9,140 K 1776 NVIDIA Driver Helper Service, Version 361.75 NVIDIA Corporation (Verified) NVIDIA Corporation
nvvsvc.exe  6,180 K 14,552 K 1856   
nvtray.exe  6,948 K 14,164 K 3428 NVIDIA Settings NVIDIA Corporation (Verified) NVIDIA Corporation
NvNetworkService.exe  4,272 K 6,648 K 2520 NVIDIA Network Service NVIDIA Corporation (Verified) NVIDIA Corporation
NvBackend.exe  37,232 K 45,076 K 3448 NVIDIA Backend NVIDIA Corporation (Verified) NVIDIA Corporation
nSvcIp.exe  4,440 K 8,528 K 456 NVIDIA Corporation  (No signature was present in the subject)
nSvcAppFlt.exe  5,308 K 8,620 K 3064 app_filter Module  (No signature was present in the subject)
ModLEDKey.exe  1,944 K 5,624 K 3376 AccessL Chicony (No signature was present in the subject) Chicony
mDNSResponder.exe  2,496 K 5,516 K 2076 Bonjour Service Apple Inc. (Verified) Apple Inc.
lsm.exe  3,312 K 5,652 K 1444   
lsass.exe  5,848 K 2,848 K 1228 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
LogiRegistryService.exe  1,736 K 4,872 K 2396 Logitech Surround Sound Service Logitech Inc. (Verified) Logitech Inc
FlashUtil32_25_0_0_127_ActiveX.exe  5,388 K 9,972 K 3760 Adobe® Flash® Player Installer/Uninstaller 25.0 r0 Adobe Systems Incorporated (Certificate expired) Adobe Systems Incorporated
ETService.exe  32,956 K 22,364 K 2104 Acer Empowering Technology Framework Service  (No signature was present in the subject)
ehtray.exe  3,656 K 2,320 K 3196 Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
ehmsas.exe  2,996 K 7,472 K 660 Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
csrss.exe  4,292 K 11,280 K 1292   
csrss.exe  2,976 K 8,104 K 1316   
CNYHKey.exe  2,264 K 7,016 K 2708 Creative Multimedia Driver Creative (No signature was present in the subject) Creative
ChiFuncExt.exe  1,936 K 5,624 K 956 Input Assistant Software Kernel Chicony (No signature was present in the subject) Chicony
audiodg.exe  17,748 K 20,728 K 628   
agr64svc.exe  1,376 K 3,232 K 2060 Agere Soft Modem Call Progress Service Agere Systems (Verified) Microsoft Windows Hardware Compatibility Publisher

 

Attached Files


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP

Process Explorer looks normal now.  Don't know if what MBAR removed was the problem or if perhaps the Windows Update service used up all of the memory and Process Explorer couldn't do its thing completely.

 

Since you now have Avast, uninstall:

 

BitDefender

Also uninstall:

Susperantispyware

FrostWire 5.5.1

Java 8 Update 131 (64-bit)

 

 

For these errors:

 

Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 30/10/2017 1:38:19 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 30/10/2017 1:38:19 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 30/10/2017 1:38:19 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.

 

 

 

Try using the Installer Cleanup Tool:

http://www.majorgeek...up_utility.html

 

Look for 67E03279-F703-408F-B4BF-46B5FC8D70CD and remove it.

 

try
Windows Repair all in one

http://www.tweaking....all_in_one.html

Download it and save it then run it.

You can skip to step 4 or 5 where it gives you the same picture as in the above link.

Make sure these are checked before hitting Start:


Repair Windows Updates
Repair CD/DVD Missing/Not Working

Reboot when done

 

This will probably restart Windows Updates so if it acts up again afterward you can go back in and stop the service as before.

 

 

I have a fixlist for you to remove some of the deadwood:

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   11.55KB   7 downloads

Run FRST and press Fix
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 

 

 

 

 


  • 0

#8
snowfox217

snowfox217

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Rkinner,

 

Sorry it's taken me so long to respond back to you. It's just been a really busy couple of weeks. But I finally was able get through all the tasks you had for me except for one that wouldn't work.

 

I wasn't able to use the installer cleanup tool to clean up that one file, because i couldn't find it (67E03279-F703-408F-B4BF-46B5FC8D70CD) when i was using the tool.

 

Also, just wanted to note that computer is still wanting to randomly crash on me for some reason.

 

Below are all the logs, per your request:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by Hayes 2 (18-11-2017 06:08:57) Run:2
Running from C:\Users\Hayes 2\Downloads
Loaded Profiles: Hayes 2 (Available Profiles: Hayes 2)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
BootExecute: autocheck autochk *  BootDefrag.exe
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52680;https=127.0.0.1:52680
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM -> {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKLM-x32 -> DefaultScope {047C5C97-290A-4AF7-9439-266C08770795} URL =
SearchScopes: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> {6281C22D-CF32-4CDE-B498-51832E86A8BE} URL = hxxp://isearch.shopathome.com?user_id={090a07b7-1599-43e5-b988-8c29ad526194}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKU\S-1-5-21-1094520485-351602351-698667415-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
S0 qhpbzs; no ImagePath
S0 raeehd; no ImagePath
S1 360FsFlt; system32\DRIVERS\360FsFlt.sys [X]
S0 avc3; system32\DRIVERS\avc3.sys [X]
S3 avckf; system32\DRIVERS\avckf.sys [X]
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 CsrBthAudioHF; system32\DRIVERS\CsrBthAudioHF.sys [X]
S3 CsrBtPort; system32\DRIVERS\CsrBtPort.sys [X]
S3 csrhfgcc; system32\DRIVERS\csrhfgcc.sys [X]
S3 csrpan; system32\DRIVERS\csrpan.sys [X]
S3 csrserial; system32\DRIVERS\csrserial.sys [X]
S3 csrusb; System32\Drivers\csrusb.sys [X]
S3 csr_bthav; system32\drivers\csrbthav.sys [X]
S4 gzflt; system32\DRIVERS\gzflt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [X]
S0 trufos; system32\DRIVERS\trufos.sys [X]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [X]
C:\ProgramData\uninstaller.exe
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers1: [LavasoftShellExt] -> {DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} =>  -> No File
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers4-x32: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
ContextMenuHandlers6-x32: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} =>  -> No File
ContextMenuHandlers6-x32: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
Task: {4F80DEFD-9D40-4818-8A95-07CB3AB4B35A} - \StormFall W2 -> No File <==== ATTENTION
Task: {C36E3838-A250-47FF-8135-1E7CE3AF8A46} - \StormFall TW2 -> No File <==== ATTENTION
Task: {FB1EF333-43DA-4F18-A89D-68396503C936} - \StormFall TW1 -> No File <==== ATTENTION
Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:0B174FAE [141]
AlternateDataStreams: C:\ProgramData\Temp:1322DDBD [358]
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\Temp:373E1720 [238]
AlternateDataStreams: C:\ProgramData\Temp:59540531 [228]
AlternateDataStreams: C:\ProgramData\Temp:A13B696A [328]
AlternateDataStreams: C:\ProgramData\Temp:D24294C1 [147]
AlternateDataStreams: C:\ProgramData\Temp:D346F792 [294]
HKLM\...\cmdfile\DefaultIcon: %SystemRoot%\System32\shell32.dll,-153 <==== ATTENTION
C:\Windows\Susyem32\Drivers\qhpbzs.sys
C:\Windows\Susyem32\Drivers\raeehd.sys
MSCONFIG\startupfolder: C:^Users^Hayes 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk => C:\Windows\pss\FrostWire On Startup.lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.9.696.8769\AdAwareTray.exe"
MSCONFIG\startupreg: Advanced SystemCare 5 => "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: AVG9_TRAY => C:\PROGRA~2\AVG\AVG9\avgtray.exe
MSCONFIG\startupreg: ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Conduit\CT3310511\plugins\TBVerifier.dll",RunConduitFloatingPlugin banjjklfojcdbofbhbgiedekefohoaff
MSCONFIG\startupreg: SearchProtect => C:\Users\Hayes 2\AppData\Roaming\SearchProtect\bin\cltmng.exe
MSCONFIG\startupreg: SearchProtectAll => "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe"
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
EMPTY TEMP:
CMD: bitsadmin /Reset

*****************

HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"C:\Windows\system32\GroupPolicy\Machine" => not found.
"C:\Windows\system32\GroupPolicy\User" => not found.
HKLM\SOFTWARE\Policies\Google => key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKLM\Software\Classes\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1094520485-351602351-698667415-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6281C22D-CF32-4CDE-B498-51832E86A8BE} => key not found.
HKLM\Software\Classes\CLSID\{6281C22D-CF32-4CDE-B498-51832E86A8BE} => key not found.
HKU\S-1-5-21-1094520485-351602351-698667415-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found.
HKLM\Software\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found.
HKU\S-1-5-21-1094520485-351602351-698667415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-1094520485-351602351-698667415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value not found.
HKLM\Software\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
HKU\S-1-5-21-1094520485-351602351-698667415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} => value not found.
HKLM\Software\Classes\CLSID\{30CEEEA2-3742-40E4-85DD-812BF1CBB83D} => key not found.
HKU\S-1-5-21-1094520485-351602351-698667415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value not found.
HKLM\Software\Classes\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => key not found.
HKU\S-1-5-21-1094520485-351602351-698667415-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value not found.
HKLM\Software\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
qhpbzs => service not found.
raeehd => service not found.
360FsFlt => service not found.
avc3 => service not found.
avckf => service not found.
BRDriver64_1_3_3_E02B25FC => service not found.
BTCFilterService => service not found.
CsrBthAudioHF => service not found.
CsrBtPort => service not found.
csrhfgcc => service not found.
csrpan => service not found.
csrserial => service not found.
csrusb => service not found.
csr_bthav => service not found.
gzflt => service not found.
IpInIp => service not found.
motccgp => service not found.
motccgpfl => service not found.
MotoSwitchService => service not found.
Motousbnet => service not found.
motusbdevice => service not found.
NwlnkFlt => service not found.
NwlnkFwd => service not found.
Rts516xIR => service not found.
trufos => service not found.
USBCCID => service not found.
"C:\ProgramData\uninstaller.exe" => not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\IObitUnstaler => key not found.
HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\LavasoftShellExt => key not found.
HKLM\Software\Classes\CLSID\{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} => key not found.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu => key not found.
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\IObitUnstaler => key not found.
HKLM\Software\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\UnLockerMenu => key not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\IObitUnstaler => key not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{B19ED566-D419-470b-B111-3C89040BC027} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UnLockerMenu => key not found.
HKLM\Software\Wow6432Node\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F80DEFD-9D40-4818-8A95-07CB3AB4B35A} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall W2 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C36E3838-A250-47FF-8135-1E7CE3AF8A46} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW2 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB1EF333-43DA-4F18-A89D-68396503C936} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StormFall TW1 => key not found.
C:\Windows\Tasks\Avast Emergency Update.job => not found.
"C:\ProgramData\Temp" => ":0B174FAE" ADS not found.
"C:\ProgramData\Temp" => ":1322DDBD" ADS not found.
"C:\ProgramData\Temp" => ":2CB9631F" ADS not found.
"C:\ProgramData\Temp" => ":373E1720" ADS not found.
"C:\ProgramData\Temp" => ":59540531" ADS not found.
"C:\ProgramData\Temp" => ":A13B696A" ADS not found.
"C:\ProgramData\Temp" => ":D24294C1" ADS not found.
"C:\ProgramData\Temp" => ":D346F792" ADS not found.
HKLM\Software\Classes\cmdfile\DefaultIcon\\Default => value restored successfully
"C:\Windows\Susyem32\Drivers\qhpbzs.sys" => not found.
"C:\Windows\Susyem32\Drivers\raeehd.sys" => not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Hayes 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk => key not found.
C:\Windows\pss\FrostWire On Startup.lnk.Startup => not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdAwareTray => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Advanced SystemCare 5 => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG9_TRAY => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ConduitFloatingPlugin_banjjklfojcdbofbhbgiedekefohoaff => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtect => key not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectAll => key not found.

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

========= End of CMD: =========

========= bitsadmin /Reset =========

BITSADMIN version 3.0 [ 7.0.6001 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

Unable to connect to BITS - 0x8007042c
The dependency service or group failed to start.

 

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 525646 B
Java, Flash, Steam htmlcache => 131564 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 6122443 B
Firefox => 103396 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66228 B
systemprofile32 => 66228 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 1844 B
NetworkService => 0 B
Hayes 2 => 13525436 B
UpdatusUser => 0 B

RecycleBin => 18232184 B
EmptyTemp: => 37 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 06:09:49 ====

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2017
Ran by Hayes 2 (administrator) on HAYES2-PC (18-11-2017 12:18:42)
Running from C:\Users\Hayes 2\Downloads
Loaded Profiles: Hayes 2 (Available Profiles: Hayes 2)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Agere Systems) C:\Windows\System32\agr64svc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Acer Incorporated) C:\Program Files\GATEWAY\Gateway Updater\UpdaterService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Akamai Technologies, Inc.) C:\Users\Hayes 2\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
(North Star com.) C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe
(Creative) C:\Windows\CNYHKey.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
() C:\Windows\mHotkey.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Chicony) C:\Windows\ModLEDKey.exe
(Akamai Technologies, Inc.) C:\Users\Hayes 2\AppData\Local\Akamai\netsession_win.exe
(Chicony) C:\Windows\ChiFuncExt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [253344 2017-11-11] (AVAST Software)
HKLM-x32\...\Run: [LedKey] => C:\Windows\CNYHKey.exe [339968 2008-04-23] (Creative)
HKLM-x32\...\Run: [LchDrvKey] => C:\Windows\LchDrvKey.exe [36864 2007-03-28] ()
HKLM-x32\...\Run: [Conime] => C:\Windows\SysWOW64\conime.exe [69120 2009-04-11] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Hayes 2\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Policies\Explorer: [NoLogOff] 0
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\MountPoints2: {99d0025a-cba0-11e2-8e5d-0022684d9600} - I:\setup.exe -a
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\MountPoints2: {c06f1c69-77bc-11e2-bf16-0022684d9600} - I:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\MountPoints2: {d35e0ec0-b893-11dc-b94a-0022684d9600} - I:\KODAK_Camera_Setup_App.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartCopy.lnk [2009-04-07]
ShortcutTarget: SmartCopy.lnk -> C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartLauncher.lnk [2009-04-07]
ShortcutTarget: SmartLauncher.lnk -> C:\Program Files (x86)\Northstar\SmartLauncher\SmartLauncher.exe (North Star com.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9 12 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 11 %windir%\system32\vsocklib.dll => No File
Winsock: Catalog9-x64 12 %windir%\system32\vsocklib.dll => No File
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{9712E214-2095-4240-BE72-812D046DB980}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{DB72EBFF-D75A-4BC8-B63D-E898BA946843}: [DhcpNameServer] 64.13.74.12 64.13.115.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1094520485-351602351-698667415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-11-11] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-11-11] (AVAST Software)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab

FireFox:
========
FF ProfilePath: C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287 [2017-11-18]
FF Extension: (Youtube Downloader mp3) - C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287\Extensions\@youtube_downloader.xpi [2017-10-15]
FF Extension: (Avast SafePrice) - C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287\Extensions\[email protected] [2017-11-11]
FF Extension: (Avast Online Security) - C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287\Extensions\[email protected] [2017-11-11]
FF Extension: (Save Button for Pinterest) - C:\Users\Hayes 2\AppData\Roaming\Mozilla\Firefox\Profiles\yrs7xynt.default-1454300189287\Extensions\{677a8f98-fd64-40b0-a883-b8c95d0cbf17}.xpi [2017-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-26] [Lagacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: (DivX Plus Web Player HTML5 <video>) - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-07] [Lagacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files\I - Tunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-05-26] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-14] (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll [No File]
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll [2013-09-27] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1094520485-351602351-698667415-1000: @doubletwist.com/NPPodcast -> C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll [2012-05-01] (doubleTwist Corporation)
FF Plugin HKU\S-1-5-21-1094520485-351602351-698667415-1000: @soe.sony.com/installer,version=1.0.3 -> C:\Users\Hayes 2\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll [2009-10-19] ()
FF Plugin HKU\S-1-5-21-1094520485-351602351-698667415-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hayes 2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1094520485-351602351-698667415-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2016-10-18] ()
FF Plugin ProgramFiles/Appdata: C:\Users\Hayes 2\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "chrome://apps/"
CHR Profile: C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default [2017-11-18]
CHR Extension: (hxxps://www.youtube.com/results?search_query=) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapfpinekdpglppiajnjacjabcbaoloa [2017-06-29]
CHR Extension: (Entanglement Web App) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-09-16]
CHR Extension: (Google Drive) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-04]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-07-04]
CHR Extension: (Savings Button: Deals + Cash Back) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2008-01-01]
CHR Extension: (Pandora) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2014-09-16]
CHR Extension: (Google Docs Offline) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-04]
CHR Extension: (Private Search) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\innpkjmckmjjpejjanemggpbhlnbbgcf [2017-01-25]
CHR Extension: (Chess Parlour) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlajmljkfdollkblobinchlijmficpof [2014-09-16]
CHR Extension: (Poppit!) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-09-16]
CHR Extension: (God is Love - 1920x1200) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\miifebnaijmglpekagcclomafchejlpk [2014-09-16]
CHR Extension: (Fantasy on Yahoo! Sports) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchojkpkbofjpjiahnabhbofpeaipjpo [2014-09-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (TypingClub) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\obdbgibnhfcjmmpfijkpcihjieedpfah [2014-09-16]
CHR Profile: C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-11-11]
CHR Profile: C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-11-11]
CHR Extension: (Google Slides) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-26]
CHR Extension: (Google Docs) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-26]
CHR Extension: (Google Drive) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-26]
CHR Extension: (YouTube) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-26]
CHR Extension: (Google Search) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-26]
CHR Extension: (Google Sheets) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-26]
CHR Extension: (Google Docs Offline) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-10-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-10-02]
CHR Extension: (Gmail) - C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-26]
CHR Profile: C:\Users\Hayes 2\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-11]
CHR HKU\S-1-5-21-1094520485-351602351-698667415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bakijjialdiiboeaknfpmflphhmljfkd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1094520485-351602351-698667415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [knhpkjjdbjjchglnophlnghcdefpanlc] - <no Path/update_url>
CHR HKU\S-1-5-21-1094520485-351602351-698667415-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nemfjadlboooiffmcelkafilagddogim] - <no Path/update_url>
CHR crx: C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.130\default_apps\search.crx [2015-07-30]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [272384 2017-06-17] (Adobe Systems Incorporated) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7549928 2017-11-11] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [281416 2017-11-11] (AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-04-02] ()
S4 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2014-10-25] (BitRaider, LLC)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-07-26] (EasyAntiCheat Ltd) [File not signed]
S4 ETService; C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [24576 2008-06-11] () [File not signed]
S4 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [726016 2008-09-08] () [File not signed]
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-05] (WildTangent)
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [67360 2009-12-17] (NOS Microsystems Ltd.)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
S4 gupdate1c9e7c4d856c020; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107912 2014-10-22] (Google Inc.)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S4 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [160272 2008-05-02] (Logitech, Inc.)
R2 Live Updater Service; C:\Program Files\GATEWAY\Gateway Updater\UpdaterService.exe [257440 2016-06-08] (Acer Incorporated) [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
S4 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-02-17] (Logitech Inc.)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [53248 2011-03-29] (NOS Microsystems Ltd.)
S4 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [221696 2008-09-08] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-10-02] (Electronic Arts)
S3 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-09-29] ()
S3 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [215160 2017-01-15] ()
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S3 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-06-29] () [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)
S4 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [650560 2017-05-03] (WiseCleaner.com)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [183584 2017-11-11] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [321032 2017-11-11] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [198968 2017-11-11] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [343288 2017-11-11] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [57728 2017-11-11] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [121304 2017-11-11] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [47008 2017-11-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [148288 2017-11-11] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr.sys [79232 2017-11-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [84416 2017-11-11] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1026232 2017-11-11] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [455384 2017-11-11] (AVAST Software)
R3 aswStmXP; C:\Windows\System32\drivers\aswStmXP.sys [247008 2017-11-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [364464 2017-11-11] (AVAST Software)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-10-09] ()
R3 AVer88xHD; C:\Windows\System32\drivers\AVer88xHD64.sys [432256 2007-04-10] (AVerMedia TECHNOLOGIES, Inc.)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [318336 2009-11-03] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2009-11-03] (Beceem communications pvt ltd.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-07-18] (Glarysoft Ltd)
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-30] (Windows ® Win 7 DDK provider)
S3 csrusbfilter; C:\Windows\System32\Drivers\csrusbfilter.sys [21704 2012-03-22] (Cambridge Silicon Radio Limited)
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [22200 2016-01-09] () [File not signed]
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-08-02] (EldoS Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-06-29] (Glarysoft Ltd)
R1 Hmonitor45; C:\Windows\SysWOW64\drivers\hmonitor45.sys [14544 2011-07-28] (OpenLibSys.org)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-06-29] (REALiX™)
S3 ladfGSS; C:\Windows\System32\drivers\ladfGSS.sys [45200 2016-02-15] (Logitech Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-10-09] ()
S3 LTXMD_VAC; C:\Windows\System32\drivers\lmvac.sys [28944 2011-05-06] (Windows ® Win 7 DDK provider)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-11-11] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-11-11] (Malwarebytes)
R0 nvamacpi; C:\Windows\System32\DRIVERS\NVAMACPI.sys [28192 2005-08-27] (NVIDIA Corporation)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-08-18] (NVIDIA Corporation)
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [204288 2008-06-04] (Realtek Semiconductor Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [28400 2016-04-23] () [File not signed]
S3 WiseRegNotify; C:\Windows\WiseRegNotify.sys [29616 2016-10-01] (WiseCleaner.com) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-18 12:18 - 2017-11-18 12:21 - 000024872 _____ C:\Users\Hayes 2\Downloads\FRST.txt
2017-11-18 06:08 - 2017-11-18 06:09 - 000015031 _____ C:\Users\Hayes 2\Downloads\Fixlog.txt
2017-11-12 10:43 - 2008-02-06 18:57 - 000114688 _____ (Viewpoint Corporation) C:\Users\Hayes 2\AppData\LocalLow\vmpremov.exe
2017-11-12 10:37 - 2017-11-12 10:37 - 000001019 _____ C:\Users\Hayes 2\Desktop\AML Free Registry Cleaner.lnk
2017-11-12 10:37 - 2017-11-12 10:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AML Free Registry Cleaner
2017-11-12 10:37 - 2017-11-12 10:37 - 000000000 ____D C:\Program Files (x86)\AML Products
2017-11-12 10:37 - 2002-01-05 11:37 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr70.dll
2017-11-12 10:37 - 2002-01-05 06:48 - 000974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2017-11-12 10:37 - 2002-01-05 05:40 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2017-11-12 10:35 - 2017-11-12 10:35 - 000001052 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
2017-11-12 10:35 - 2017-11-12 10:35 - 000001040 _____ C:\Users\Public\Desktop\Registry Repair.lnk
2017-11-12 10:35 - 2017-11-12 10:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2017-11-12 10:34 - 2017-11-12 10:34 - 005276496 _____ C:\Users\Hayes 2\Downloads\rrsetup.exe
2017-11-12 10:34 - 2017-11-12 10:34 - 000000000 ____D C:\Program Files (x86)\Glarysoft
2017-11-12 03:27 - 2017-11-18 06:00 - 001106034 _____ C:\Windows\ntbtlog.txt
2017-11-12 03:27 - 2017-11-12 03:27 - 000439744 _____ C:\Windows\system32\FNTCACHE.DAT
2017-11-11 17:08 - 2017-11-11 17:08 - 000151714 _____ C:\TDSSKiller.2.8.15.0_11.11.2017_17.08.05_log.txt
2017-11-11 17:03 - 2017-11-11 17:03 - 000125032 _____ C:\Users\Hayes 2\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-11 17:03 - 2017-11-11 17:03 - 000004264 _____ C:\TDSSKiller.2.8.15.0_11.11.2017_17.03.00_log.txt
2017-11-11 17:01 - 2017-11-11 17:01 - 000030590 _____ C:\Users\Hayes 2\Documents\cc_20171111_170106.reg
2017-11-11 15:53 - 2017-11-11 15:53 - 000000000 ____D C:\ProgramData\SWCUTemp
2017-11-11 15:43 - 2017-11-11 15:43 - 000000000 __SHD C:\found.009
2017-11-11 15:42 - 2017-11-11 15:42 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2017-11-11 15:30 - 2017-11-11 15:29 - 000121304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-11-11 15:29 - 2017-11-11 15:29 - 000001787 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-11-11 15:29 - 2017-11-11 15:29 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\AVAST Software
2017-11-11 15:29 - 2017-11-11 15:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-11-11 15:27 - 2017-11-11 15:26 - 001026232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-11-11 15:27 - 2017-11-11 15:26 - 000455384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-11-11 15:27 - 2017-11-11 15:26 - 000364464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-11-11 15:27 - 2017-11-11 15:26 - 000247008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2017-11-11 15:27 - 2017-11-11 15:26 - 000183584 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
2017-11-11 15:27 - 2017-11-11 15:26 - 000148288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-11-11 15:27 - 2017-11-11 15:26 - 000084416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-11-11 15:27 - 2017-11-11 15:26 - 000079232 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2017-11-11 15:27 - 2017-11-11 15:26 - 000047008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-11-11 15:27 - 2017-11-11 15:25 - 000343288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-11-11 15:27 - 2017-11-11 15:25 - 000321032 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-11-11 15:27 - 2017-11-11 15:25 - 000198968 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-11-11 15:27 - 2017-11-11 15:25 - 000057728 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-11-11 15:26 - 2017-11-11 15:26 - 000365168 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-11-11 15:24 - 2017-11-11 15:24 - 000000000 ____D C:\Program Files\AVAST Software
2017-11-05 21:11 - 2017-11-18 06:08 - 000000000 ____D C:\Users\Hayes 2\Downloads\FRST-OlderVersion
2017-11-05 17:46 - 2017-11-05 17:49 - 000044350 _____ C:\Users\Hayes 2\Documents\cc_20171105_174644.reg
2017-11-04 18:25 - 2017-11-04 18:25 - 000002833 _____ C:\Users\Hayes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
2017-11-04 18:23 - 2017-11-04 18:23 - 000000207 _____ C:\Windows\tweaking.com-regbackup-HAYES2-PC-Windows-Vista-™-Home-Premium-(64-bit).dat
2017-11-04 18:23 - 2017-11-04 18:23 - 000000000 ____D C:\RegBackup
2017-11-04 18:19 - 2017-11-04 18:25 - 000000000 ____D C:\Program Files (x86)\Windows Installer Clean Up
2017-11-04 18:19 - 2017-11-04 18:19 - 000003188 _____ C:\Windows\System32\Tasks\{B6CD049E-0988-4F77-A8EA-420BBF3CCFC0}
2017-11-04 18:15 - 2017-11-04 18:15 - 000359656 _____ (Microsoft Corporation) C:\Users\Hayes 2\Desktop\msicuu2.exe
2017-11-04 18:13 - 2017-11-04 18:13 - 000003660 _____ C:\Windows\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2017-11-04 18:13 - 2017-11-04 18:13 - 000001956 _____ C:\Users\Hayes 2\Desktop\Tweaking.com - Windows Repair.lnk
2017-11-04 18:13 - 2017-11-04 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-11-04 18:12 - 2017-11-04 18:12 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2017-11-04 18:06 - 2017-11-04 18:06 - 037454520 _____ (Tweaking.com) C:\Users\Hayes 2\Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-11-04 18:05 - 2017-11-04 18:05 - 000003188 _____ C:\Windows\System32\Tasks\{86C9C10E-D218-49A0-A4FC-8191B0A88DDB}
2017-11-04 17:46 - 2017-11-04 17:46 - 000359656 _____ (Microsoft Corporation) C:\Users\Hayes 2\Downloads\msicuu2.exe
2017-10-30 16:48 - 2017-10-30 16:57 - 000013462 _____ C:\VEW.txt
2017-10-30 16:46 - 2017-10-30 16:46 - 000061440 _____ ( ) C:\Users\Hayes 2\Desktop\VEW.exe
2017-10-29 14:02 - 2017-10-29 14:02 - 000000000 ___HT C:\Windows\wusa.lock
2017-10-29 14:02 - 2017-10-29 14:02 - 000000000 ____D C:\34a4171695f876efd9204d3bbb
2017-10-28 21:44 - 2017-10-28 21:44 - 218486747 _____ C:\Users\Hayes 2\Downloads\Windows6.0-KB947821-v35-x64.msu
2017-10-28 17:35 - 2017-10-28 17:35 - 000096836 _____ C:\ProgramData\1509233594.bdinstall.bin
2017-10-28 17:33 - 2017-10-28 17:33 - 000037611 _____ C:\ProgramData\1509233588.bdinstall.bin
2017-10-28 15:14 - 2017-10-28 21:39 - 000006401 _____ C:\junk.txt
2017-10-28 15:13 - 2017-10-28 15:13 - 000000044 _____ C:\Users\Hayes 2\commands.txt
2017-10-28 15:03 - 2017-10-28 14:29 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\Hayes 2\Desktop\procexp.exe
2017-10-25 16:18 - 2017-11-18 11:49 - 000004172 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-10-24 20:36 - 2017-10-24 20:37 - 000154096 _____ C:\TDSSKiller.2.8.15.0_24.10.2017_21.36.21_log.txt
2017-10-24 18:18 - 2017-10-29 14:37 - 000000000 ____D C:\Users\Hayes 2\Desktop\mbar
2017-10-24 18:14 - 2017-10-24 18:17 - 000161038 _____ C:\TDSSKiller.2.8.15.0_24.10.2017_19.14.25_log.txt
2017-10-24 18:09 - 2017-10-24 20:34 - 000000000 ____D C:\New Folder
2017-10-24 17:33 - 2017-11-11 17:12 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-24 17:30 - 2017-10-24 17:31 - 000155452 _____ C:\TDSSKiller.2.8.15.0_24.10.2017_18.30.58_log.txt
2017-10-23 20:39 - 2017-10-23 20:58 - 000000000 ____D C:\ProgramData\HitmanPro

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-18 12:18 - 2017-10-17 20:31 - 000000000 ____D C:\FRST
2017-11-18 12:17 - 2006-11-02 07:33 - 000000000 ____D C:\Windows\inf
2017-11-18 12:17 - 2006-11-02 06:46 - 000870358 _____ C:\Windows\system32\PerfStringBackup.INI
2017-11-18 12:11 - 2006-11-02 09:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-18 12:11 - 2006-11-02 09:22 - 000004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-18 12:11 - 2006-11-02 09:22 - 000004784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-18 12:11 - 2006-11-02 09:07 - 000000000 ___RD C:\Users\Public\Recorded TV
2017-11-18 06:08 - 2017-10-17 20:31 - 002392064 _____ (Farbar) C:\Users\Hayes 2\Downloads\FRST64.exe
2017-11-14 16:11 - 2006-11-02 06:34 - 000000460 _____ C:\Windows\win.ini
2017-11-14 16:08 - 2009-06-22 15:54 - 001008426 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-12 10:50 - 2011-11-26 11:53 - 000000000 ____D C:\Windows\system32\Macromed
2017-11-12 10:50 - 2011-10-29 14:59 - 000000000 ____D C:\Users\Hayes 2\AppData\Local\CrashDumps
2017-11-12 10:50 - 2009-01-18 05:10 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-11-12 10:49 - 2017-02-02 23:51 - 000000000 ____D C:\BigFishCache
2017-11-12 10:49 - 2014-12-12 08:25 - 000000000 ____D C:\ProgramData\Big Fish
2017-11-12 10:45 - 2009-08-08 18:08 - 000000000 ____D C:\Users\Hayes 2\AppData\Local\Yahoo
2017-11-12 10:43 - 2011-07-25 15:36 - 000000000 ____D C:\Program Files (x86)\Skyhook Wireless
2017-11-12 10:42 - 2011-08-20 18:00 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\Unity
2017-11-12 10:42 - 2010-01-08 08:29 - 000000000 ____D C:\Program Files (x86)\Unity
2017-11-12 10:41 - 2009-01-18 04:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-11-12 10:35 - 2011-05-23 20:03 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\GlarySoft
2017-11-12 10:22 - 2006-11-02 07:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-11-12 10:05 - 2009-04-07 13:34 - 000000000 _____ C:\Windows\system32\LogConfigTemp.xml
2017-11-11 17:10 - 2016-10-01 15:02 - 000192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-11-11 17:10 - 2016-10-01 15:02 - 000109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-11-11 17:10 - 2009-05-19 21:00 - 000000000 ____D C:\Program Files (x86)\Steam
2017-11-11 17:03 - 2016-10-01 15:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-11-11 17:03 - 2014-05-24 20:58 - 000000000 ____D C:\Program Files (x86)\Glary Utilities 5
2017-11-11 17:03 - 2013-03-19 14:30 - 000000000 ____D C:\Users\Hayes 2\AppData\Roaming\Wise Care 365
2017-11-11 17:02 - 2009-09-25 21:41 - 000000000 ____D C:\Windows\pss
2017-11-11 16:54 - 2016-11-19 09:24 - 000000000 ____D C:\Users\Hayes 2\AppData\LocalLow\Mozilla
2017-11-11 15:41 - 2006-11-02 09:42 - 000032586 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-11-11 15:24 - 2017-10-17 18:54 - 000000000 ____D C:\ProgramData\AVAST Software
2017-11-11 15:18 - 2014-09-08 18:46 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-11-11 15:18 - 2013-08-24 16:31 - 000000008 __RSH C:\Users\Hayes 2\ntuser.pol
2017-11-11 15:18 - 2009-05-19 17:22 - 000000000 ____D C:\Users\Hayes 2
2017-11-05 21:25 - 2009-11-22 22:54 - 000000000 ____D C:\Users\Hayes 2\AppData\LocalLow\Temp
2017-11-05 21:12 - 2006-11-02 07:34 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2017-11-05 21:12 - 2006-11-02 07:34 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-11-05 20:54 - 2006-11-02 06:34 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts_bak_307
2017-11-05 17:50 - 2016-07-23 15:14 - 000000000 ____D C:\Users\Hayes 2\Desktop\AV's and Cleaners
2017-11-04 18:19 - 2013-10-23 10:03 - 000000000 ____D C:\Program Files (x86)\MSECache
2017-10-29 14:38 - 2006-11-02 09:07 - 000000000 ____D C:\Windows\DigitalLocker
2017-10-28 17:54 - 2009-08-20 23:28 - 000002032 _____ C:\Users\Hayes 2\AppData\Local\d3d9caps.dat
2017-10-25 19:03 - 2012-02-27 15:22 - 000000000 ____D C:\Program Files (x86)\Respondus LockDown Browser
2017-10-25 19:03 - 2008-01-01 11:24 - 000000000 ____D C:\Program Files\LSI SoftModem
2017-10-25 19:03 - 2006-11-02 07:34 - 000000000 ____D C:\Windows\system32\spool
2017-10-25 19:03 - 2006-11-02 07:33 - 000000000 ____D C:\Windows\registration
2017-10-25 19:03 - 2006-11-02 06:33 - 110886912 _____ C:\Windows\system32\config\software_previous
2017-10-25 19:03 - 2006-11-02 06:33 - 048234496 _____ C:\Windows\system32\config\system_previous
2017-10-25 18:56 - 2006-11-02 06:33 - 076808192 _____ C:\Windows\system32\config\components_previous
2017-10-25 18:56 - 2006-11-02 06:33 - 000061440 _____ C:\Windows\system32\config\sam_previous
2017-10-25 18:56 - 2006-11-02 06:33 - 000028672 _____ C:\Windows\system32\config\security_previous
2017-10-24 21:15 - 2006-11-02 06:33 - 003932160 _____ C:\Windows\system32\config\default_previous
2017-10-19 14:49 - 2017-04-23 12:15 - 000001128 _____ C:\Users\Hayes 2\Desktop\nativelog.txt

==================== Files in the root of some directories =======

2012-10-23 22:01 - 2012-10-23 22:01 - 000062205 _____ () C:\Users\Hayes 2\AppData\Roaming\asdf turbo.csa
2012-10-24 00:21 - 2012-10-25 09:36 - 000061163 _____ () C:\Users\Hayes 2\AppData\Roaming\asdf.csa
2012-10-23 21:27 - 2002-08-08 14:31 - 000065690 _____ () C:\Users\Hayes 2\AppData\Roaming\Big Thunder.csa
2010-12-22 00:05 - 2010-12-22 00:05 - 000000002 _____ () C:\Users\Hayes 2\AppData\Roaming\ceville_console_history.txt
2012-10-22 19:54 - 2012-10-22 21:57 - 000059187 _____ () C:\Users\Hayes 2\AppData\Roaming\Corkscew.csa
2009-06-18 23:03 - 2009-06-18 23:03 - 000066780 _____ () C:\Users\Hayes 2\AppData\Roaming\CRAZY 1.csa
2009-06-18 23:30 - 2009-06-18 23:30 - 000059259 _____ () C:\Users\Hayes 2\AppData\Roaming\crazy 2.csa
2012-10-23 21:27 - 2002-08-14 20:06 - 000074886 _____ () C:\Users\Hayes 2\AppData\Roaming\Depth Charge.csa
2012-10-22 22:15 - 2012-10-22 22:15 - 000066781 _____ () C:\Users\Hayes 2\AppData\Roaming\Dizzy yet 1.csa
2012-10-23 21:27 - 2002-08-08 14:31 - 000065591 _____ () C:\Users\Hayes 2\AppData\Roaming\Fall Ratio.csa
2003-11-02 21:00 - 2012-10-23 21:15 - 000080658 _____ () C:\Users\Hayes 2\AppData\Roaming\Golden Rush.csa
2012-10-23 23:04 - 2012-10-23 23:46 - 000063543 _____ () C:\Users\Hayes 2\AppData\Roaming\I will rise.csa
2015-09-23 20:35 - 2015-09-23 20:35 - 000084926 _____ () C:\Users\Hayes 2\AppData\Roaming\icarus-dxdiag.xml
2010-11-07 13:34 - 2012-10-29 19:00 - 000002150 _____ () C:\Users\Hayes 2\AppData\Roaming\LoadCach.bin
2012-10-23 21:27 - 2002-08-08 14:31 - 000065019 _____ () C:\Users\Hayes 2\AppData\Roaming\Park Night.csa
2012-10-23 21:27 - 2002-08-08 14:31 - 000065359 _____ () C:\Users\Hayes 2\AppData\Roaming\Phire Werx.csa
2012-10-23 21:27 - 2002-08-08 14:31 - 000070501 _____ () C:\Users\Hayes 2\AppData\Roaming\Plum Crazy.csa
2009-06-18 22:39 - 2012-10-25 17:01 - 000000335 _____ () C:\Users\Hayes 2\AppData\Roaming\prefs.bin
2010-10-13 08:21 - 2010-10-13 08:21 - 000000760 _____ () C:\Users\Hayes 2\AppData\Roaming\setup_ldm.iss
2012-10-23 21:27 - 2002-08-08 14:31 - 000065239 _____ () C:\Users\Hayes 2\AppData\Roaming\Space Mountain Paris.csa
2015-10-03 07:54 - 2015-10-03 07:54 - 000001588 _____ () C:\Users\Hayes 2\AppData\Roaming\SpeedRunnersLog.txt
2012-10-25 17:11 - 2012-10-25 17:11 - 000060878 _____ () C:\Users\Hayes 2\AppData\Roaming\steele.csa
2012-10-23 21:27 - 2002-08-08 14:31 - 000063043 _____ () C:\Users\Hayes 2\AppData\Roaming\Tapeworm.csa
2015-12-27 16:35 - 2016-01-09 10:08 - 000000098 _____ () C:\Users\Hayes 2\AppData\Roaming\theHunterPrimal_LauncherSettings_live.cfg
2012-10-23 21:27 - 2002-08-08 14:31 - 000064872 _____ () C:\Users\Hayes 2\AppData\Roaming\Toontown Twister.csa
2012-10-23 23:52 - 2012-10-23 23:52 - 000059025 _____ () C:\Users\Hayes 2\AppData\Roaming\tunnel.csa
2014-05-18 12:59 - 2014-05-18 12:59 - 000000043 _____ () C:\Users\Hayes 2\AppData\Roaming\WB.CFG
2009-11-18 09:15 - 2014-10-12 20:55 - 000000694 _____ () C:\Users\Hayes 2\AppData\Roaming\wklnhst.dat
2012-10-23 21:27 - 2002-08-08 14:31 - 000063863 _____ () C:\Users\Hayes 2\AppData\Roaming\X 25s.csa
2009-09-25 22:24 - 2009-09-25 22:24 - 000000552 _____ () C:\Users\Hayes 2\AppData\Local\d3d8caps.dat
2009-08-20 23:28 - 2017-10-28 17:54 - 000002032 _____ () C:\Users\Hayes 2\AppData\Local\d3d9caps.dat
2010-05-17 13:13 - 2017-10-17 20:25 - 000000732 _____ () C:\Users\Hayes 2\AppData\Local\d3d9caps64.dat
2009-05-26 00:59 - 2012-06-07 16:59 - 000198656 _____ () C:\Users\Hayes 2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-12-22 18:23 - 2009-12-22 18:24 - 000014214 _____ () C:\Users\Hayes 2\AppData\Local\dd_depcheck_NETFX20_EXP_35.txt
2010-05-03 22:18 - 2015-02-16 10:01 - 002342398 _____ () C:\Users\Hayes 2\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2009-12-22 18:23 - 2009-12-22 18:24 - 000001506 _____ () C:\Users\Hayes 2\AppData\Local\dd_dotnetfx20error.txt
2009-12-22 18:23 - 2009-12-22 18:24 - 000055010 _____ () C:\Users\Hayes 2\AppData\Local\dd_dotnetfx20install.txt
2010-05-03 22:17 - 2010-05-03 22:17 - 000000002 _____ () C:\Users\Hayes 2\AppData\Local\dd_dotnetfx35error.txt
2010-05-03 22:17 - 2015-02-16 10:02 - 003724860 _____ () C:\Users\Hayes 2\AppData\Local\dd_dotnetfx35install.txt
2013-12-23 23:49 - 2013-12-23 23:49 - 002843734 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI159D.txt
2014-04-27 20:55 - 2014-04-27 20:56 - 002840706 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI3748.txt
2014-07-30 19:59 - 2014-07-30 20:00 - 002849892 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI3D4A.txt
2015-02-16 10:01 - 2015-02-16 10:02 - 002845846 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI4C27.txt
2010-11-24 19:04 - 2010-11-24 19:04 - 002320836 _____ () C:\Users\Hayes 2\AppData\Local\dd_NET_Framework35_x64_MSI5FD9.txt
2013-01-05 00:40 - 2013-01-05 00:40 - 000411530 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0019.txt
2010-12-12 00:18 - 2010-12-12 00:18 - 000364890 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI006C.txt
2013-04-22 05:24 - 2013-04-22 05:24 - 000370474 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI01C2.txt
2014-06-28 06:16 - 2014-06-28 06:16 - 000369356 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0269.txt
2012-11-23 01:27 - 2012-11-23 01:27 - 000369416 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI03CB.txt
2010-01-15 11:40 - 2010-01-15 11:40 - 000440300 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0452.txt
2013-12-30 00:26 - 2013-12-30 00:27 - 000415216 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI06CF.txt
2015-07-22 19:08 - 2015-07-22 19:08 - 000423980 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0B50.txt
2012-11-22 22:51 - 2012-11-22 22:51 - 000367006 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0C65.txt
2013-08-21 11:38 - 2013-08-21 11:38 - 000387510 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0D79.txt
2013-08-21 11:38 - 2013-08-21 11:38 - 000377894 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI0D8D.txt
2013-02-14 16:37 - 2013-02-14 16:37 - 000372202 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI11D7.txt
2014-10-24 17:41 - 2014-10-24 17:41 - 000377170 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI12E4.txt
2013-07-22 01:29 - 2013-07-22 01:29 - 000370460 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI13D5.txt
2013-03-23 09:29 - 2013-03-23 09:29 - 000371248 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI14BC.txt
2012-12-13 15:12 - 2012-12-13 15:12 - 000371528 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI167F.txt
2012-12-13 15:12 - 2012-12-13 15:12 - 000361352 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI1699.txt
2012-06-28 00:02 - 2012-06-28 00:02 - 000367112 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI173F.txt
2013-07-15 07:58 - 2013-07-15 07:58 - 000368702 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI1ACC.txt
2011-01-17 20:30 - 2011-01-17 20:30 - 000366992 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI1D22.txt
2013-06-22 08:12 - 2013-06-22 08:12 - 000412862 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI1FE4.txt
2013-12-03 21:52 - 2013-12-03 21:52 - 000418474 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI2141.txt
2011-07-27 10:52 - 2011-07-27 10:53 - 000367376 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI2E77.txt
2013-11-09 21:11 - 2013-11-09 21:11 - 000386868 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI2EBF.txt
2013-03-23 10:05 - 2013-03-23 10:05 - 000370094 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI3067.txt
2011-07-29 10:24 - 2011-07-29 10:24 - 000367098 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI34F2.txt
2013-07-16 20:48 - 2013-07-16 20:48 - 000349926 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI35E5.txt
2015-10-30 19:58 - 2015-10-30 19:58 - 000371774 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI36D4.txt
2015-10-30 19:58 - 2015-10-30 19:58 - 000360662 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI36EE.txt
2012-07-18 19:42 - 2012-07-18 19:43 - 000464870 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI397D.txt
2015-04-29 15:27 - 2015-04-29 15:27 - 000379464 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI3EBA.txt
2011-09-16 10:55 - 2011-09-16 10:55 - 000367098 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI40FC.txt
2012-11-25 13:20 - 2012-11-25 13:20 - 000422980 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4257.txt
2014-06-27 17:45 - 2014-06-27 17:45 - 000377540 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI440D.txt
2011-11-19 16:28 - 2011-11-19 16:28 - 000365692 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4895.txt
2013-07-16 21:13 - 2013-07-16 21:13 - 000369334 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4976.txt
2015-01-22 21:51 - 2015-01-22 21:51 - 000384178 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4A20.txt
2014-06-22 20:50 - 2014-06-22 20:50 - 000370274 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4AC6.txt
2015-02-16 10:02 - 2015-02-16 10:02 - 000369676 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4CD4.txt
2013-11-28 14:36 - 2013-11-28 14:36 - 000376236 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4D01.txt
2011-04-26 23:11 - 2011-04-26 23:11 - 000421250 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI4F2D.txt
2011-10-10 12:17 - 2011-10-10 12:17 - 000363094 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5345.txt
2012-12-22 01:18 - 2012-12-22 01:18 - 000413420 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI56C6.txt
2011-06-24 12:09 - 2011-06-24 12:10 - 000366452 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI56F6.txt
2013-07-20 00:48 - 2013-07-20 00:48 - 000371484 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI57CE.txt
2015-01-01 10:36 - 2015-01-01 10:36 - 000380608 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5C74.txt
2009-11-23 22:55 - 2009-11-23 22:56 - 000427070 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5C90.txt
2011-10-19 11:09 - 2011-10-19 11:09 - 000367022 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5E00.txt
2010-11-24 19:02 - 2010-11-24 19:02 - 000368116 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5E6E.txt
2010-11-24 19:02 - 2010-11-24 19:02 - 000353234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5E7B.txt
2012-12-28 19:08 - 2012-12-28 19:08 - 000368926 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI5EAF.txt
2011-10-19 11:11 - 2011-10-19 11:11 - 000418480 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI6007.txt
2012-11-22 13:32 - 2012-11-22 13:32 - 000369452 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI60D2.txt
2015-01-01 10:42 - 2015-01-01 10:42 - 000379144 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI6149.txt
2015-01-01 10:42 - 2015-01-01 10:42 - 000531090 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI616A.txt
2016-12-03 12:19 - 2016-12-03 12:19 - 000379296 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI6CD9.txt
2013-07-16 22:03 - 2013-07-16 22:03 - 000368944 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI6F7A.txt
2012-04-26 14:25 - 2012-04-26 14:25 - 000365796 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI7196.txt
2015-11-27 18:12 - 2015-11-27 18:13 - 000380566 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI71D2.txt
2012-04-26 11:38 - 2012-04-26 11:38 - 000366784 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI71F6.txt
2012-12-21 17:35 - 2012-12-21 17:35 - 000368214 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI746F.txt
2014-12-30 17:22 - 2014-12-30 17:22 - 000401200 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI76C9.txt
2012-11-24 13:27 - 2012-11-24 13:27 - 000367674 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI7946.txt
2012-10-27 11:03 - 2012-10-27 11:03 - 000367094 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistMSI7FA7.txt
2013-01-05 00:40 - 2013-01-05 00:40 - 000092312 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0019.txt
2010-12-12 00:18 - 2010-12-12 00:18 - 000015530 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI006C.txt
2013-04-22 05:24 - 2013-04-22 05:24 - 000019726 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI01C2.txt
2014-06-28 06:16 - 2014-06-28 06:16 - 000012846 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0269.txt
2012-11-23 01:27 - 2012-11-23 01:27 - 000014038 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI03CB.txt
2010-01-15 11:40 - 2010-01-15 11:40 - 000011376 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0452.txt
2013-12-30 00:26 - 2013-12-30 00:27 - 000011248 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI06CF.txt
2015-07-22 19:08 - 2015-07-22 19:08 - 000020280 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0B50.txt
2012-11-22 22:51 - 2012-11-22 22:51 - 000013934 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0C65.txt
2013-08-21 11:38 - 2013-08-21 11:38 - 000074178 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0D79.txt
2013-08-21 11:38 - 2013-08-21 11:38 - 000074226 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI0D8D.txt
2013-02-14 16:37 - 2013-02-14 16:37 - 000014126 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI11D7.txt
2014-10-24 17:41 - 2014-10-24 17:41 - 000012566 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI12E4.txt
2013-07-22 01:29 - 2013-07-22 01:29 - 000012894 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI13D5.txt
2013-03-23 09:29 - 2013-03-23 09:29 - 000229102 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI14BC.txt
2012-12-13 15:12 - 2012-12-13 15:12 - 000011450 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI167F.txt
2012-12-13 15:12 - 2012-12-13 15:12 - 000011434 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI1699.txt
2012-06-28 00:02 - 2012-06-28 00:02 - 000022470 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI173F.txt
2013-07-15 07:58 - 2013-07-15 07:58 - 000011170 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI1ACC.txt
2011-01-17 20:30 - 2011-01-17 20:30 - 000011218 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI1D22.txt
2013-06-22 08:12 - 2013-06-22 08:12 - 000054576 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI1FE4.txt
2013-12-03 21:52 - 2013-12-03 21:52 - 000011184 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI2141.txt
2011-07-27 10:52 - 2011-07-27 10:53 - 000011234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI2E77.txt
2013-11-09 21:11 - 2013-11-09 21:11 - 000023526 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI2EBF.txt
2013-03-23 10:05 - 2013-03-23 10:05 - 000229054 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI3067.txt
2011-07-29 10:24 - 2011-07-29 10:24 - 000011234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI34F2.txt
2013-07-16 20:48 - 2013-07-16 20:48 - 000024770 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI35E5.txt
2015-10-30 19:58 - 2015-10-30 19:58 - 000011482 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI36D4.txt
2015-10-30 19:58 - 2015-10-30 19:58 - 000011402 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI36EE.txt
2012-07-18 19:42 - 2012-07-18 19:43 - 000011478 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI397D.txt
2015-04-29 15:27 - 2015-04-29 15:27 - 000011218 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI3EBA.txt
2011-09-16 10:55 - 2011-09-16 10:55 - 000011234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI40FC.txt
2012-11-25 13:20 - 2012-11-25 13:20 - 000061072 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4257.txt
2014-06-27 17:45 - 2014-06-27 17:45 - 000011218 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI440D.txt
2011-11-19 16:28 - 2011-11-19 16:28 - 000011170 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4895.txt
2013-07-16 21:13 - 2013-07-16 21:13 - 000024754 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4976.txt
2015-01-22 21:51 - 2015-01-22 21:51 - 000042926 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4A20.txt
2014-06-22 20:50 - 2014-06-22 20:50 - 000011450 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4AC6.txt
2015-02-16 10:02 - 2015-02-16 10:02 - 000011402 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4CD4.txt
2013-11-28 14:36 - 2013-11-28 14:36 - 000011170 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4D01.txt
2011-04-26 23:11 - 2011-04-26 23:11 - 000014124 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI4F2D.txt
2011-10-10 12:17 - 2011-10-10 12:17 - 000011392 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5345.txt
2012-12-22 01:18 - 2012-12-22 01:18 - 000076480 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI56C6.txt
2011-06-24 12:09 - 2011-06-24 12:10 - 000012846 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI56F6.txt
2013-07-20 00:48 - 2013-07-20 00:48 - 000023206 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI57CE.txt
2015-01-01 10:36 - 2015-01-01 10:36 - 000019950 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5C74.txt
2009-11-23 22:55 - 2009-11-23 22:56 - 000011658 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5C90.txt
2011-10-19 11:09 - 2011-10-19 11:09 - 000023058 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5E00.txt
2010-11-24 19:02 - 2010-11-24 19:02 - 000015554 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5E6E.txt
2010-11-24 19:02 - 2010-11-24 19:02 - 000015234 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5E7B.txt
2012-12-28 19:08 - 2012-12-28 19:08 - 000035802 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI5EAF.txt
2011-10-19 11:11 - 2011-10-19 11:11 - 000023056 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6007.txt
2012-11-22 13:32 - 2012-11-22 13:32 - 000011250 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI60D2.txt
2015-01-01 10:42 - 2015-01-01 10:42 - 000019940 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6149.txt
2015-01-01 10:42 - 2015-01-01 10:43 - 000021252 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI616A.txt
2011-02-24 18:51 - 2011-02-24 18:51 - 000018194 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6A6D.txt
2016-12-03 12:19 - 2016-12-03 12:19 - 000013862 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6CD9.txt
2013-07-16 22:03 - 2013-07-16 22:03 - 000024738 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI6F7A.txt
2012-04-26 14:25 - 2012-04-26 14:25 - 000027910 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI7196.txt
2015-11-27 18:12 - 2015-11-27 18:13 - 000029726 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI71D2.txt
2012-04-26 11:38 - 2012-04-26 11:38 - 000027710 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI71F6.txt
2012-12-21 17:35 - 2012-12-21 17:35 - 000076754 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI746F.txt
2014-12-30 17:22 - 2014-12-30 17:22 - 000014248 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI76C9.txt
2012-11-24 13:27 - 2012-11-24 13:27 - 000015602 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI7946.txt
2012-10-27 11:03 - 2012-10-27 11:03 - 000015922 _____ () C:\Users\Hayes 2\AppData\Local\dd_vcredistUI7FA7.txt
2010-02-22 07:29 - 2010-02-23 11:38 - 000008842 ___SH () C:\Users\Hayes 2\AppData\Local\e1wnOl
2009-08-20 20:10 - 2009-08-20 20:10 - 000000095 _____ () C:\Users\Hayes 2\AppData\Local\fusioncache.dat
2010-02-06 23:45 - 2010-02-06 23:45 - 000000036 _____ () C:\Users\Hayes 2\AppData\Local\housecall.guid.cache
2009-06-13 08:04 - 2009-06-13 08:30 - 000113116 _____ () C:\Users\Hayes 2\AppData\Local\installer.log
2012-10-04 16:28 - 2012-10-04 16:28 - 001145382 _____ () C:\Users\Hayes 2\AppData\Local\Tempmusic.ogg
2009-12-22 18:23 - 2015-02-16 10:02 - 000820556 _____ () C:\Users\Hayes 2\AppData\Local\uxeventlog.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-18 12:19

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2017
Ran by Hayes 2 (18-11-2017 12:23:27)
Running from C:\Users\Hayes 2\Downloads
Windows Vista ™ Home Premium Service Pack 2 (X64) (2009-04-07 19:28:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1094520485-351602351-698667415-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1094520485-351602351-698667415-1005 - Limited - Enabled)
Guest (S-1-5-21-1094520485-351602351-698667415-501 - Limited - Enabled)
Hayes 2 (S-1-5-21-1094520485-351602351-698667415-1000 - Administrator - Enabled) => C:\Users\Hayes 2

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.102 - NOS Microsystems Ltd.)
Adobe Flash Player 25 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.)
Age of Mahjong (HKLM-x32\...\Age of Mahjong) (Version: 1.0 - Viva Media, LLC)
Agere Systems PCI-SV92PP Soft Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
AIM 6 (HKLM-x32\...\AIM_6) (Version:  - )
Aimersoft DRM Media Converter(Build 1.5.3.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
aioprnt (HKLM-x32\...\{59B73DDC-593A-4D02-B9CA-1D8C9F912324}) (Version: 4.00.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{074AED0D-DD1C-432A-B38D-F8733604033F}) (Version: 4.00.0000.0000 - Eastman Kodak Company) Hidden
aioscnnr (HKLM-x32\...\{EF53BFAB-4C10-40DB-A82D-9B07111715C6}) (Version: 7.6.13.10 - Your Company Name) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alabama Smith - Escape from Pompeii (HKLM-x32\...\Alabama Smith - Escape from Pompeii) (Version: 1.0 - Viva Media, LLC)
Alabama Smith - Quest of Fate (HKLM-x32\...\Alabama Smith - Quest of Fate) (Version: 1.0 - Viva Media, LLC)
Alexandra Fortune - Mystery of the Lunar Archipelago (HKLM-x32\...\Alexandra Fortune - Mystery of the Lunar Archipelago) (Version: 1.0 - Viva Media, LLC)
Amanda Rose Game of Time (HKLM-x32\...\Amanda Rose Game of Time) (Version: 1.0 - Viva Media, LLC)
AML Free Registry Cleaner 4.25 (HKLM-x32\...\{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1) (Version:  - AML SOFT, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
AVerMedia M791 PCIe Combo NTSC/ATSC 6.104.64.5 (HKLM-x32\...\AVerMedia M791 PCIe Combo NTSC/ATSC) (Version: 6.104.64.5 - AVerMedia TECHNOLOGIES, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behind the Reflection (HKLM-x32\...\Behind the Reflection) (Version:  - Alawar Entertainment Inc.)
Bejeweled 2 Deluxe (remove only) (HKLM-x32\...\Bejeweled 2 Deluxe) (Version:  - )
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout™ Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\{B32C4059-6E7A-41EF-AD20-56DF1872B923}) (Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Business Contact Manager for Outlook 2007 SP2 (HKLM-x32\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)
Cabela's Outdoor Adventures (HKLM-x32\...\{2FB82D0D-D118-41A6-A616-E8DC16358E03}) (Version: 1.00.0000 - Activision)
Cabela's Outdoor Adventures (HKLM-x32\...\{D0B2AA8F-CC52-4298-A48E-A9BA169546B6}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision)
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version: 1.6 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version: 1.7 - Activision) Hidden
Call of Duty® 4 - Modern Warfare™ 1.7 Patch (HKLM-x32\...\InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}) (Version:  - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)
CCScore (HKLM-x32\...\{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}) (Version: 7.00.0000.0001 - EASTMAN KODAK Company) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6321 - CDBurnerXP)
center (HKLM-x32\...\{56BA241F-580C-43D2-8403-947241AAE633}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
CleanUp! (HKLM-x32\...\CleanUp!) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\{631A0B87-B0B7-4B47-00A2-119A4B942EB6}) (Version:  - )
Clive Barker's Undying (HKLM-x32\...\GOGPACKUNDYING_is1) (Version: 2.0.0.5 - GOG.com)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WordPerfect Office - iFilter 64 Bit (HKLM\...\{1B45B85C-99E8-4523-8FB3-0248B3DECFC8}) (Version: 1.01.000 - Corel Corporation)
CPUID HWMonitor 1.31 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crimson Editor (remove only) (HKLM-x32\...\Crimson Editor) (Version:  - )
Crimson Editor SVN263 (HKLM-x32\...\Crimson Editor SVN263) (Version: SVN263 - Emerald Editor Community)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.5415 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.2019 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2115 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2103a - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Derrick (HKLM-x32\...\Derrick) (Version:  - )
Desktop Icon Position Saver (64-bit) (HKLM-x32\...\dips64) (Version:  - )
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.3 - Dolby)
Dolby Control Center (HKLM\...\{70E8EBD5-78C9-4258-B20A-5098CCA000F0}) (Version: 1.1.0601 - Dolby)
doubleTwist (HKLM-x32\...\doubleTwist) (Version: 3.2.1.14961 - doubleTwist Corporation)
Dreamwoods 2 (HKLM-x32\...\Dreamwoods 2) (Version: 1.0 - Viva Media, LLC)
Echoes of Sorrow (HKLM-x32\...\Echoes of Sorrow) (Version: 1.0 - Alawar Entertainment Inc.)
Echoes of Sorrow 2 (HKLM-x32\...\Echoes of Sorrow 2) (Version: 1.0 - Viva Media, LLC)
Elementary My Dear Majesty! (HKLM-x32\...\Elementary My Dear Majesty! ) (Version: 1.0 - Alawar Entertainment Inc.)
Enchanted Cavern (HKLM-x32\...\Enchanted Cavern) (Version: 1.0 - Alawar Entertainment Inc.)
Enchanted Cavern 2 (HKLM-x32\...\Enchanted Cavern 2 ) (Version: 1.0 - Alawar Entertainment Inc.)
Epic Escapes Dark Seas (HKLM-x32\...\Epic Escapes Dark Seas) (Version: 1.0 - Viva Media, LLC)
ESSBrwr (HKLM-x32\...\{643EAE81-920C-4931-9F0B-4B343B225CA6}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (HKLM-x32\...\{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (HKLM-x32\...\{42938595-0D83-404D-9F73-F8177FDD531A}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
essentials (HKLM-x32\...\{BE94C681-68E2-4561-8ABC-8D2E799168B4}) (Version: 7.8.0.0 - Eastman Kodak Company) Hidden
ESSgui (HKLM-x32\...\{91517631-A9F3-4B7C-B482-43E0068FD55A}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (HKLM-x32\...\{8E92D746-CD9F-4B90-9668-42B74C14F765}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (HKLM-x32\...\{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (HKLM-x32\...\{8A502E38-29C9-49FA-BCFA-D727CA062589}) (Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (HKLM-x32\...\{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Fable - The Lost Chapters (HKLM-x32\...\{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Fable - The Lost Chapters (HKLM-x32\...\InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}) (Version: 1.00.0000 - Microsoft Game Studios)
Fallout (HKLM-x32\...\Fallout) (Version:  - )
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FileZilla Client 3.25.1 (HKLM-x32\...\FileZilla Client) (Version: 3.25.1 - Tim Kosse)
Finding Doggy (HKLM-x32\...\Finding Doggy) (Version: 1.0 - Alawar Entertainment Inc.)
Fishing Craze (HKLM-x32\...\WTA-05ee1757-16ac-4048-96d2-0495778f15e4) (Version: 2.2.0.97 - WildTangent) Hidden
Frozen Kingdom (HKLM-x32\...\Frozen Kingdom ) (Version: 1.0 - Alawar Entertainment Inc.)
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.0.0.0 - Futuremark Corporation)
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.1.3003 - Acer Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3503 - Gateway Incorporated)
getPlus® Download Manager for Corel (HKLM-x32\...\{459E93B6-150E-45d5-8D4B-45C66FC035FE}) (Version: 1.5.0.56 - NOS Microsystems Ltd.)
Glary Utilities 5.77 (HKLM-x32\...\Glary Utilities 5) (Version: 5.77.0.98 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.1 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.5 - Google Inc.) Hidden
Gourmania (HKLM-x32\...\Gourmania) (Version:  - Alawar Entertainment Inc.)
Gourmania 2 Kitchen Confidential (HKLM-x32\...\Gourmania 2 Kitchen Confidential) (Version: 1.0 - Viva Media, LLC)
Gourmania 3: Zoo Zoom (HKLM-x32\...\Gourmania 3: Zoo Zoom) (Version: 1.0 - Alawar Entertainment Inc.)
Governor of Poker (HKLM-x32\...\{6972FD5E-01D0-4742-8EB0-A0D351CF28FF}) (Version: 1.0.0 - Youdagames)
Governor of Poker 2 SE (HKLM-x32\...\{394CD66F-A978-4F75-BFFB-1F0A0CAA8AE5}) (Version: 1.0.0 - Youdagames)
Grace's Quest: To Catch An Art Thief (HKLM-x32\...\Grace's Quest: To Catch An Art Thief) (Version:  - Alawar Entertainment Inc.)
Hamlet (HKLM-x32\...\Hamlet) (Version:  - Alawar Entertainment Inc.)
Haunted Domains (HKLM-x32\...\Haunted Domains) (Version: 1.0 - Alawar Entertainment Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes Of Hellas (HKLM-x32\...\Heroes Of Hellas) (Version:  - Alawar Entertainment Inc.)
Heroes of Hellas 2: Olympia (HKLM-x32\...\Heroes of Hellas 2: Olympia) (Version:  - Alawar Entertainment Inc.)
Hidden World (HKLM-x32\...\Hidden World) (Version: 1.0 - Alawar Entertainment Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Holly 2 - Magic Land (HKLM-x32\...\Holly 2 - Magic Land) (Version:  - Alawar Entertainment Inc.)
Holly. A Christmas Tale Deluxe (HKLM-x32\...\Holly. A Christmas Tale Deluxe) (Version: 1.0 - Alawar Entertainment Inc.)
Hunting Unlimited 2010 (HKLM-x32\...\WTA-d0fdda43-d4d3-474d-b373-59ddfe15c247) (Version: 2.2.0.95 - WildTangent) Hidden
Hunting Unlimited 2011 (HKLM-x32\...\WTA-d2d44924-fec9-43d8-8514-2432fffea385) (Version: 2.2.0.95 - WildTangent) Hidden
IL-2 Sturmovik 1946 (HKLM-x32\...\{79438F1E-DEC3-443D-9DCD-FECE2D68C605}) (Version: 1.00.0000 - Ubisoft) Hidden
IL-2 Sturmovik 1946 (HKLM-x32\...\InstallShield_{79438F1E-DEC3-443D-9DCD-FECE2D68C605}) (Version: 1.00.0000 - Ubisoft)
Impulse (HKLM-x32\...\{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}) (Version: 1.0 - Stardock Corporation) Hidden
Impulse (HKLM-x32\...\Impulse) (Version: 1.0 - Stardock)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
JetClean (HKLM-x32\...\BlueSprig_JetClean_is1) (Version: 1.5.0 - BlueSprig)
Joan Jade and the Gates of Xibalba (HKLM-x32\...\Joan Jade and the Gates of Xibalba) (Version:  - Alawar Entertainment Inc.)
Journey of Hope (HKLM-x32\...\Journey of Hope) (Version:  - Alawar Entertainment Inc.)
Juniper Networks Network Connect 7.3.0 (HKLM-x32\...\Juniper Network Connect 7.3.0) (Version: 7.3.0.23377 - Juniper Networks)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KB0817 Keyboard Driver (HKLM-x32\...\{ED5DCA6F-5FEA-47CB-83DB-210A468C298B}) (Version: 1.30.0000 - Gateway)
kgcbaby (HKLM-x32\...\{E18B549C-5D15-45DA-8D8F-8FD2BD946344}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (HKLM-x32\...\{11F3F858-4131-4FFA-A560-3FE282933B6E}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (HKLM-x32\...\{03EDED24-8375-407D-A721-4643D9768BE1}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (HKLM-x32\...\{9BD54685-1496-46A5-AB62-357CD140ED8B}) (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (HKLM-x32\...\{693C08A7-9E76-43FF-B11E-9A58175474C4}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (HKLM-x32\...\{A1588373-1D86-4D44-86C9-78ABD190F9CC}) (Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (HKLM-x32\...\{8A8664E1-84C8-4936-891C-BC1F07797549}) (Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
KhalInstallWrapper (HKLM\...\{F3F18612-7B5D-4C05-86C9-AB50F6F71727}) (Version: 4.60.122 - Logitech) Hidden
Kidnapped in the City (HKLM-x32\...\Kidnapped in the City) (Version: 1.0 - Viva Media, LLC)
Kodak AIO Printer (HKLM\...\{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}) (Version: 7.8.1.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.8.5.2 - Eastman Kodak Company)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
League of Legends (HKLM-x32\...\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\{95C5F81D-0779-4932-BE83-32AAF814F4B9}) (Version: 1.0020 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Legends of Eternity (HKLM-x32\...\{AD1D5DEA-63C8-4AA6-B29A-12B4D413F9B2}) (Version: 1.0.0 - On Hand Software)
Logitech G430 Driver (HKLM-x32\...\G430_Driver) (Version: 8.53.0.2 - Logitech)
Logitech Gaming Software 8.81 (HKLM\...\Logitech Gaming Software) (Version: 8.81.15 - Logitech Inc.)
LSI PCI-SV92PP Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Magic Encyclopedia - Moon Light (HKLM-x32\...\Magic Encyclopedia - Moon Light) (Version:  - Alawar Entertainment Inc.)
Magic Encyclopedia 3: Illusions (HKLM-x32\...\Magic Encyclopedia 3: Illusions) (Version:  - Alawar Entertainment Inc.)
Magic Encyclopedia. First Story (HKLM-x32\...\Magic Encyclopedia. First Story) (Version:  - Alawar Entertainment Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Meridian 59 (HKLM-x32\...\Meridian 59) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM-x32\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM-x32\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM-x32\...\M979906) (Version:  - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Money Essentials (HKLM-x32\...\Money2007b) (Version: 16 - Microsoft)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Minds Eye - Secrets of the Forgotten (HKLM-x32\...\Minds Eye - Secrets of the Forgotten) (Version: 1.0 - Viva Media, LLC)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Monopoly (HKLM-x32\...\{6517CFDF-B7A4-77B6-2371-C76608D3C976}) (Version: 3.4.7.22 - Yahoo) Hidden
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.9 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{DEAD13D3-BC70-4AAE-AEF9-BE6297E106D1}) (Version: 13.02.1402 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.0.0 (HKLM\...\{C5A22A98-AC82-4404-BFB0-1E9F654EB176}) (Version: 6.0.0 - Motorola Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mysteries of Ancient Inventors - Atlantis (HKLM-x32\...\Mysteries of Ancient Inventors - Atlantis) (Version: 1.0 - Viva Media, LLC)
Mysteries of Horus (HKLM-x32\...\Mysteries of Horus) (Version: 1.0 - Viva Media, LLC)
Mystery 101 (HKLM-x32\...\Mystery 101) (Version: 2.00.14.01.27 - Selectsoft Publishing)
Mystery Cookbook (HKLM-x32\...\Mystery Cookbook) (Version:  - Alawar Entertainment Inc.)
Mystery Cruise (HKLM-x32\...\Mystery Cruise) (Version:  - Alawar Entertainment Inc.)
Natalie Brooks - Mystery at Hillcrest High (HKLM-x32\...\Natalie Brooks - Mystery at Hillcrest High) (Version:  - Alawar Entertainment Inc.)
Natalie Brooks - Secrets of Treasure House (HKLM-x32\...\Natalie Brooks - Secrets of Treasure House) (Version:  - Alawar Entertainment Inc.)
Natalie Brooks - The Treasures of the Lost Kingdom (HKLM-x32\...\Natalie Brooks - The Treasures of the Lost Kingdom ) (Version: 1.0 - Alawar Entertainment Inc.)
National Geographic Plan It Green (HKLM-x32\...\{A20A8B9F-12CD-4E5A-8CB1-65964C1937DB}) (Version: 1.0.0 - Masque Publishing)
netbrdg (HKLM-x32\...\{4537EA4B-F603-4181-89FB-2953FC695AB1}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
nProtect Security Platform (HKLM-x32\...\{660906E9-B965-4678-88D6-B6AE237FE41D}) (Version: 3.00.0000 - INCAInternet) Hidden
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM-x32\...\InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}) (Version:  - )
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OfotoXMI (HKLM-x32\...\{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}) (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
OLYMPUS CAMEDIA Master 2.0 (HKLM-x32\...\OLYMPUS CAMEDIA Master 2.0) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice.org 3.4 (HKLM-x32\...\{51071D66-D034-4239-94E0-723FCA10B6FE}) (Version: 3.4.9590 - OpenOffice.org)
Origin (HKLM-x32\...\Origin) (Version: 9.0.14.2148 - Electronic Arts, Inc.)
Pet Show Craze (HKLM-x32\...\Pet Show Craze) (Version:  - Alawar Entertainment Inc.)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Pokémon Trading Card Game Online (HKLM-x32\...\{0A1F8721-8B7C-4100-9E9E-30A2CC597996}) (Version: 2.38.0 - The Pokémon Company International)
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Port Royale 3 (HKLM-x32\...\{E07A21E5-1C16-41E7-9617-2D38CF3A642C}) (Version: 1.2.1.0 - Gaming Minds Studios GmbH)
PreReq (HKLM-x32\...\{DA5BDB2A-12F0-4343-8351-21AAEB293990}) (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
Pulse Secure Setup Client (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Juniper_Setup_Client) (Version: 8.1.6.61491 - Pulse Secure, LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
PVSonyDll (HKLM\...\{3D3E663D-4E7E-4577-A560-7ECDDD45548A}) (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Quake - The Offering (HKLM-x32\...\1435828198_is1) (Version: 2.0.0.6 - GOG.com)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{EFC1B3CA-9B90-458D-AD7A-A0F2CD6F4A84}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Registry Repair 5.0.1.86 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.86 - Glarysoft Ltd)
Resonance (HKLM-x32\...\GOGPACKRESONANCE_is1) (Version: 2.0.0.8 - GOG.com)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
RivalGaming (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\RivalGaming) (Version:  - RivalGaming)
ROBLOX Player (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
Roblox Player for Hayes 2 (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
ROBLOX Studio 2013 for Hayes 2 (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Sable Maze: Norwich Caves (HKLM-x32\...\BFG-Sable Maze - Norwich Caves) (Version:  - )
Sable Maze: Sullivan River (HKLM-x32\...\BFG-Sable Maze - Sullivan River) (Version:  - )
Sea Bounty - Dead Man's Chest (HKLM-x32\...\Sea Bounty - Dead Man's Chest) (Version:  - Alawar Entertainment Inc.)
Segoe UI (HKLM-x32\...\{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}) (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Settlement: Colossus (HKLM-x32\...\Settlement: Colossus) (Version:  - Alawar Entertainment Inc.)
SFR (HKLM-x32\...\{DB02F716-6275-42E9-B8D2-83BA2BF5100B}) (Version: 7.01.0000.0003 - Eastman Kodak Company) Hidden
SHASTA (HKLM-x32\...\{605A4E39-613C-4A12-B56F-DEFBE6757237}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
skin0001 (HKLM-x32\...\{5316DFC9-CE99-4458-9AB3-E8726EDE0210}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (HKLM-x32\...\{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Sky Kingdoms (HKLM-x32\...\Sky Kingdoms) (Version:  - Alawar Entertainment Inc.)
SmartCopy (HKLM-x32\...\{B7BD291B-D415-4484-89A4-82077504BE93}_is1) (Version:  - Northstar Systems Corp.)
SmartLauncher (HKLM-x32\...\{57634571-FD82-4BEC-B822-A1ED7765474F}_is1) (Version:  - Northstar Systems Corp.)
Soul Journey (HKLM-x32\...\Soul Journey) (Version: 1.0 - Alawar Entertainment Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Sprill - The Mystery of The Bermuda Triangle (HKLM-x32\...\Sprill - The Mystery of The Bermuda Triangle) (Version:  - Alawar Entertainment Inc.)
Sprill and Ritchie - Adventures In Time (HKLM-x32\...\Sprill and Ritchie - Adventures In Time) (Version:  - Alawar Entertainment Inc.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
staticcr (HKLM-x32\...\{8943CE61-53BD-475E-90E1-A580869E98A2}) (Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve)
Summer Resort Mogul 1.0 (HKLM-x32\...\Summer Resort Mogul) (Version: 1.0 - Viva Media, LLC)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Checkup 3.3 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.3.2.9 - iolo technologies, LLC)
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
The Curse Of Montezuma (HKLM-x32\...\The Curse Of Montezuma) (Version:  - Alawar Entertainment Inc.)
The Enchanting Islands (HKLM-x32\...\The Enchanting Islands) (Version:  - Alawar Entertainment Inc.)
The Jolly Gang's Misadventures in Africa (HKLM-x32\...\The Jolly Gang's Misadventures in Africa) (Version: 1.0 - Alawar Entertainment Inc.)
The Lost Cases of Sherlock Holmes (HKLM-x32\...\The Lost Cases of Sherlock Holmes) (Version:  - )
The Saboteur (HKLM-x32\...\1403000599_is1) (Version: 2.1.0.4 - GOG.com)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.69.43.024017 - Electronic Arts Inc.)
The Treasures Of Montezuma (HKLM-x32\...\The Treasures Of Montezuma) (Version:  - Alawar Entertainment Inc.)
The Treasures Of Montezuma 2 (HKLM-x32\...\The Treasures Of Montezuma 2) (Version:  - Alawar Entertainment Inc.)
The Treasures Of Mystery Island (HKLM-x32\...\The Treasures Of Mystery Island) (Version:  - Alawar Entertainment Inc.)
The Trouble With Robots (HKLM-x32\...\The Trouble With Robots) (Version: 1.0 - Viva Media, LLC)
The Ultimate DOOM (HKLM-x32\...\1435827232_is1) (Version: 2.0.0.3 - GOG.com)
Towers of Oz (HKLM-x32\...\Towers of Oz) (Version: 1.0 - Viva Media, LLC)
Treasure Masters, Inc. (HKLM-x32\...\Treasure Masters, Inc.) (Version:  - Alawar Entertainment Inc.)
Treasures of Mystery Island 2 Gates of Fate (HKLM-x32\...\Treasures of Mystery Island 2 Gates of Fate) (Version: 1.0 - Viva Media, LLC)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.0.9 - Tweaking.com)
Typing Instructor Deluxe 17 (HKLM-x32\...\{849F666B-0C95-49AC-8E9B-90DDE2127D74}) (Version: 2.0 - Individual Software Inc.)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
UE3Redist (HKLM-x32\...\{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games) Hidden
UE3Redist (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}) (Version: 1.00.0000 - Epic Games)
Ultima (HKLM-x32\...\1207662593_is1) (Version: 2.1.0.8 - GOG.com)
Undercover PI (HKLM-x32\...\Undercover PI) (Version:  - Alawar Entertainment Inc.)
Unity Web Player (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\UnityWebPlayer) (Version: 5.3.6f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vampire Mansion (HKLM-x32\...\Vampire Mansion) (Version: 1.0 - Viva Media, LLC)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
Video Converter (HKLM-x32\...\Video Converter) (Version: 1 - SweetPacks) Hidden <==== ATTENTION
Village Mage Spellbinder (HKLM-x32\...\Village Mage Spellbinder) (Version: 1.0 - Viva Media, LLC)
Visual Basic 5.0 (HKLM-x32\...\ST5UNST #1) (Version:  - )
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VPRINTOL (HKLM-x32\...\{999D43F4-9709-4887-9B1A-83EBB15A8370}) (Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Warcraft III) (Version:  - )
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway) (Version: 4.0.10.5 - WildTangent) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
WIRELESS (HKLM-x32\...\{F9593CFB-D836-49BC-BFF1-0E669A411D9F}) (Version: 7.02.0000.0001 - EASTMAN KODAK Company) Hidden
Wise Care 365 4.64 (HKLM-x32\...\Wise Care 365_is1) (Version: 4.64 - WiseCleaner.com, Inc.)
Wise Care 365 version 2.87 (HKLM-x32\...\{E864A1C8-EEE1-47D0-A7F8-00CC86D26D5E}_is1) (Version: 2.87 - WiseCleaner.com, Inc.)
Witch Hunters: Stolen Beauty (HKLM-x32\...\BFG-Witch Hunters - Stolen Beauty) (Version:  - )
WordPerfect Lightning - EN (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE2100}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - IPM (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE2020}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - Messages (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE2010}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Lightning - MSOM (HKLM-x32\...\{F6EE49FD-B736-4888-A05A-115F3B1160FA}) (Version: 1.1 - Corel Corporation) Hidden
WordPerfect Lightning (HKLM-x32\...\{4873CC58-69D8-490D-9E5C-001DC2EE2000}) (Version: 1.0 - Corel Corporation) Hidden
WordPerfect Office X4 - Common (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Content (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - EN (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Filters (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Graphics (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - ICA (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - IPM T EN (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529046}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - MAIL (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}) (Version: 14.1 - Corel Corporation) Hidden
WordPerfect Office X4 - Migration Manager (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - PerfectExperts (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - PR (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - QP (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - Skins (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - System (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 - WP (HKLM-x32\...\{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}) (Version: 14.2 - Corel Corporation) Hidden
WordPerfect Office X4 (HKLM-x32\...\_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}) (Version:  - Corel Corporation)
WordPerfect Office X4 (HKLM-x32\...\{000AB2ED-5741-4C30-A1A4-0FCB8A529000}) (Version: 14.2 - Corel Corporation) Hidden
WORLD of JOYSTICKS Emulator Extreme Edition (HKLM-x32\...\{845D7EFF-9CC8-41F1-A055-D2CBD041F47C}) (Version: 1.6.3 - Timur Terekhov)
Youda Fairy (HKLM-x32\...\{566124BE-D9C3-47F5-89C2-186AFE183A85}) (Version: 1.0.0 - Youdagames)
Youda Farmer (HKLM-x32\...\{CA256FA1-4CF9-492C-98A6-6E451F83AEC3}) (Version: 1.0.0 - Youdagames)
Youda Farmer 2 - Save the village (HKLM-x32\...\{0767C3F2-6BB7-41BC-82FB-5E59AA0A6B37}) (Version: 1.0.0 - Youdagames)
Youda Legend The Curse of the Amsterdam Diamond (HKLM-x32\...\{43F1F130-66ED-4D50-8475-393312149C5D}) (Version: 1.0.0 - Youdagames)
Youda Legend The Golden Bird of Paradise (HKLM-x32\...\{463BAA5A-E934-4D21-90D8-862D72A8E5F9}) (Version: 1.0.0 - Youdagames)
Youda Marina (HKLM-x32\...\{5411B815-2958-4F4F-B985-AFF0C38A15B2}) (Version: 1.0.0 - Youdagames)
Youda Safari (HKLM-x32\...\{03E148A0-D333-4E49-9F39-EE19900E0642}) (Version: 1.0.0 - Youdagames)
Youda Survivor (HKLM-x32\...\{7CCA1187-B1A5-44F1-BB26-2DAD6B6061C2}) (Version: 1.0.0 - Youdagames)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-11] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-11] (AVAST Software)
ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers2: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> No File
ContextMenuHandlers2: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} =>  -> No File
ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers2-x32: [QuickFinderMenu] -> {fa5934ef-b87c-4e63-b33c-30d066cac810} => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\PFSE140.DLL [2009-06-22] (Corel Corporation)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-11] (AVAST Software)
ContextMenuHandlers3: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> No File
ContextMenuHandlers3: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4-x32: [QuickFinderMenu] -> {fa5934ef-b87c-4e63-b33c-30d066cac810} => c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\PFSE140.DLL [2009-06-22] (Corel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-01-22] (NVIDIA Corporation)
ContextMenuHandlers6: [a-squared Anti-Malware Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} =>  -> No File
ContextMenuHandlers6: [a-squared Anti-Malware Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} =>  -> No File
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-11-11] (AVAST Software)
ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files (x86)\Glary Utilities 5\x64\ContextHandler.dll [2015-12-21] (Glarysoft Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {208E74AF-485D-4BA8-9659-4A64FE7118BC} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-11-11] (AVAST Software)
Task: {49491DF9-6B3A-43BD-8FC1-335240DD29B9} - System32\Tasks\{86C9C10E-D218-49A0-A4FC-8191B0A88DDB} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hayes 2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z6M9146S\msicuu2.exe" -d "C:\Users\Hayes 2\Desktop"
Task: {520E53B0-E31A-4925-9D49-AA065419B9A7} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {59B8EF8B-6142-4D77-9C04-8CDEEF0A9D1C} - System32\Tasks\{B6CD049E-0988-4F77-A8EA-420BBF3CCFC0} => C:\Windows\system32\pcalua.exe -a "C:\Users\Hayes 2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AXSQWNIJ\msicuu2.exe" -d "C:\Users\Hayes 2\Desktop"
Task: {75A5A8EE-3536-40D3-9EC1-CC899A2D9762} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7771D528-CF1C-4266-A422-9A905914B4DB} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {85495B00-F837-48AC-AD86-5CC11129FB5A} - System32\Tasks\googleupdatetaskmachineua => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {97DCF4CE-02C4-4793-8AE3-287729078C12} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe
Task: {A0CD9CC2-2C2F-4D08-9BD1-F1429B75E9C0} - System32\Tasks\MHotkey => C:\Windows\MHotKey.exe [2008-05-30] ()
Task: {A4C2E3C8-4351-4411-B0B7-1381A99EE5A6} - System32\Tasks\JetCleanLoginCheckUpdate => C:\Program Files (x86)\BlueSprig\JetClean\AutoUpdate.exe [2013-05-14] (BlueSprig)
Task: {B8005F37-64D6-49CB-B81D-63413A9734DE} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2017-06-04] (Glarysoft Ltd)
Task: {B979B860-A2A3-4121-8223-7C6B1E277EA7} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {BDAC6DAA-9E45-4904-BFFE-5D34C5A5B1A5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)
Task: {CB2AECD0-3EA4-4C34-83AA-658ECE2D21C0} - System32\Tasks\{AE739225-3A1A-4EE9-B9FE-A37AF684E8C5} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=wow_enus --displayname="World of Warcraft"
Task: {CF9186A2-B942-4279-A284-CD08CE7A5072} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D07003D1-EF00-4670-B7FC-33DB43736D87} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2017-06-04] (Glarysoft Ltd)
Task: {E97C835A-B271-4BBD-A719-902E360AD595} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {F724D2C7-9320-43E8-B4C0-4624A8384F10} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-17] (Adobe Systems Incorporated)
Task: {F7CB2C4B-2A30-40DC-9350-9DBDE088EB6E} - System32\Tasks\Microsoft\Windows\RestartManager\{64CE0BC8-106E-484a-8EF6-01340BDC1C43} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Hayes 2\Desktop\Jessica - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Hayes 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormFall\GetPose.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://plarium.com/play/en/stormfall/dragon04?adCampaign=23634&clickID=tDtD0F0F0DtDtDtCtC0EtD0CtCyC0BtD&publisherID=1_0_7_9_15_16_42_46_57_58 --app-window-size=1920,1080

==================== Loaded Modules (Whitelisted) ==============

2017-03-20 09:44 - 2017-03-20 09:44 - 000052392 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000067408 _____ () C:\Program Files\AVAST Software\Avast\x64\module_lifetime.dll
2017-11-11 15:25 - 2017-11-11 15:25 - 000169832 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000859216 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000292408 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2009-04-07 13:33 - 2008-08-11 17:57 - 000319488 _____ () C:\Program Files (x86)\Northstar\SmartCopy\SmartCopy.exe
2009-04-07 13:27 - 2008-05-30 11:50 - 000581120 _____ () C:\Windows\MHotkey.exe
2017-11-11 15:26 - 2017-11-11 15:26 - 000059040 _____ () C:\Program Files\AVAST Software\Avast\module_lifetime.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000167096 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000237808 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000244584 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000151104 _____ () C:\Program Files\AVAST Software\Avast\network_notifications.dll
2017-11-18 11:45 - 2017-11-18 11:45 - 005881408 _____ () C:\Program Files\AVAST Software\Avast\defs\17111802\algo.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000710056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 000245608 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2015-06-06 08:46 - 2015-12-08 19:53 - 000011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-11-11 15:26 - 2017-11-11 15:26 - 048936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-11-11 15:25 - 2017-11-11 15:25 - 000235816 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\AdobeAIRInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\adobe_flash_setup_2132936387.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Adobe_Shockwave_Player_v12.2.9.199.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Battle.net-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\ccsetup530(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\ccsetup530.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\ccsetup531.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\CyberLink_LabelPrint_v2.5.0.6603(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\CyberLink_LabelPrint_v2.5.0.6603.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\FileZilla_Client_(64bit)_v3.25.2(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\FileZilla_Client_(64bit)_v3.25.2.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\FileZilla_Client_(64bit)_v3.26.2.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\flashplayer25_ga_install.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Glary_Utilities_v5.75.0.96.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Glary_Utilities_v5.76.0.97.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\Glary_Utilities_v5.77.0.98.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\install_flash_player.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\setup_quake_the_offering_2.0.0.6.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\setup_the_ultimate_doom_2.0.0.3.exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\WiseCare365(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Hayes 2\Downloads\WiseCare365.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> 008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> 00hq.com
IE restricted site: HKU\.DEFAULT\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\.DEFAULT\...\01i.info -> 01i.info
IE restricted site: HKU\.DEFAULT\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\.DEFAULT\...\05p.com -> 05p.com
IE restricted site: HKU\.DEFAULT\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\.DEFAULT\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\.DEFAULT\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\.DEFAULT\...\0calories.net -> 0calories.net
IE restricted site: HKU\.DEFAULT\...\0cj.net -> 0cj.net
IE restricted site: HKU\.DEFAULT\...\0scan.com -> 0scan.com
IE restricted site: HKU\.DEFAULT\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1-se.com -> 1-se.com
IE restricted site: HKU\.DEFAULT\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\.DEFAULT\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\.DEFAULT\...\100gal.net -> 100gal.net
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more sites.

IE trusted site: HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1094520485-351602351-698667415-1000\...\aeriagames.com -> hxxp://aeriagames.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:34 - 2017-11-14 16:11 - 000000855 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1094520485-351602351-698667415-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hayes 2\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: BEService => 3
MSCONFIG\Services: BRSptStub => 3
MSCONFIG\Services: dsNcService => 3
MSCONFIG\Services: ETService => 2
MSCONFIG\Services: ForceWare Intelligent Application Manager (IAM) => 2
MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: GamesAppIntegrationService => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdate1c9e7c4d856c020 => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HiPatchService => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: LiveUpdateSvc => 3
MSCONFIG\Services: LogiRegistryService => 2
MSCONFIG\Services: Motorola Device Manager => 3
MSCONFIG\Services: nSvcIp => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: PSI_SVC_2 => 3
MSCONFIG\Services: PST Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: WiseBootAssistant => 3
MSCONFIG\startupfolder: C:^Users^Hayes 2^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup
MSCONFIG\startupreg: Aimersoft Helper Compact.exe => c:\program files (x86)\common files\aimersoft\aimersoft helper compact\ashelper.exe
MSCONFIG\startupreg: APSDaemon => c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
MSCONFIG\startupreg: iTunesHelper => c:\program files\i - tunes\ituneshelper.exe
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: NVRaidService => c:\windows\system32\nvraidservice.exe
MSCONFIG\startupreg: QuickFinder Scheduler => "c:\Program Files (x86)\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE"
MSCONFIG\startupreg: Windows Defender => %programFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{1B42F944-37D0-4489-BD8D-B48BEA9B315D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{4104AA77-862A-4930-8044-BB2521DFCFFE}] => (Allow) svchost.exe
FirewallRules: [{FC53E6EB-19E6-4867-BA34-8B33A3833C39}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{99162B7A-5D42-4799-8233-91CAEE626A92}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{66A12E47-3514-403C-A65C-1BB2D135FF7B}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{B650E539-3537-42AC-A402-21D053F475BD}] => (Allow) C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe
FirewallRules: [{74FFCFD9-EC65-4B56-94D9-BD3C0D9A54CF}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{1052E6DF-75AA-4416-8119-5DC57ABBAA39}] => (Allow) C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe
FirewallRules: [{A95450C9-E679-4AA6-8ABF-7DA251CF65BB}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{D0E004CE-FB8D-43A6-9467-C9FF53AEAF11}] => (Allow) C:\Program Files (x86)\AIM6\aim6.exe
FirewallRules: [{D81C2374-BE25-44B5-BE96-0946F61CC686}] => (Allow) LPort=9322
FirewallRules: [{FA01B357-F9F3-4D6A-8CBD-A3F82DEC6DD6}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{3C6DDB8B-B4E1-4CBE-8905-AB77D351E93C}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{C64B0F47-164D-4F98-9457-652D2DDC17A5}] => (Allow) LPort=9323
FirewallRules: [{6ADF4F9A-90F7-400E-8F02-A82F911913F0}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{0BA554CD-5F08-4D3D-ACC7-FB0B9635E7C1}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{032E82AC-904E-4899-A8EE-907D5AF8E000}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{3DC0E6EF-4B94-4023-8163-21B266F6AB85}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe
FirewallRules: [{7DCC8559-42C6-4756-A3B9-BE22AD7BE29A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{ABD3C284-F702-4DA9-A0BF-3316DD274BDA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{066BE634-79D8-4B37-AEB2-FE4CF5A3288A}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{4D14173E-9F08-4890-90A7-3330B7A4BFB4}] => (Allow) C:\Program Files (x86)\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [TCP Query User{B0F2AA06-BA56-4D13-AFD2-B6710F3521CD}C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe
FirewallRules: [UDP Query User{4722280E-F4DF-4C94-9026-A6342638B098}C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe
FirewallRules: [TCP Query User{8B2383D8-C0D3-42A8-88C7-EC832465C0FC}C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe
FirewallRules: [UDP Query User{78158DF1-AB3B-47A2-9A87-2BEB79D642B9}C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe
FirewallRules: [{9D5EA4A9-DA68-4776-9A64-1F6DC10ADDF8}] => (Allow) LPort=8377
FirewallRules: [{8FB8750D-2FC6-46CE-B97E-A0E3F860FD45}] => (Allow) LPort=8377
FirewallRules: [{2D7CE884-9567-43CA-A113-CD53C66F238F}] => (Allow) LPort=8378
FirewallRules: [{801577DC-A693-45FA-A0D6-DA4BA96EA66E}] => (Allow) LPort=8378
FirewallRules: [TCP Query User{F4ACB6B1-55DD-4A0C-A6CA-ECC10AC3C461}C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe
FirewallRules: [UDP Query User{975C9C3A-EC20-46F8-BF78-3CEB0A99289C}C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe] => (Block) C:\program files (x86)\steam\steamapps\[email protected]\half-life blue shift\hl.exe
FirewallRules: [{23C2F604-817C-4E38-9952-A72D3B4103CA}] => (Allow) LPort=9323
FirewallRules: [{E8B98290-C9BC-4C10-8B4E-B46D9061AB5C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4744DC9C-B265-401D-BE30-7AE78E81DFBD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C7005ABF-24D2-4AF3-A634-07E0F472E000}] => (Allow) LPort=80
FirewallRules: [{FC70F993-9CAC-4D02-BF0C-945158472739}] => (Allow) LPort=80
FirewallRules: [{AD238692-69D7-4DE3-A0AF-855B826ADC27}] => (Allow) LPort=80
FirewallRules: [{2527064D-885C-4AC9-AF9B-444CD5646C3F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{9AA109B0-3E43-4971-B39B-4F376F2F6727}] => (Allow) LPort=2869
FirewallRules: [{9E68AFB1-8C6E-4072-9CA2-9DB1D3F723AE}] => (Allow) LPort=1900
FirewallRules: [{8A875709-62EF-46D2-986A-DC476199D843}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{D5154013-3725-48BC-B4F6-26CF58120872}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{766D03CC-D352-484C-BFF4-89DDD7DEBE21}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6AE862AD-C6E3-43AD-8657-2052F169E09F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{5CEC2842-775E-430A-B219-443BEB2895D5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A686AA5D-675C-46EF-825F-D7F115981349}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{EB2274A3-E768-4670-9490-F52B63368946}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\half-life source\hl2.exe
FirewallRules: [{E3369916-1E2E-4147-8ACF-ED7EE6995729}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\half-life source\hl2.exe
FirewallRules: [{6800AA4E-EA38-40BE-A592-14D5661CF25B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{2EC208A4-2A82-4DE7-8289-0BB55679C534}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{A6EDAD51-8ADD-475F-80B6-448D62ECCF33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{F5B5539F-EEF3-4AB7-9EF6-140249A76228}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{6D4C3D96-B43B-4B0D-AD4F-731BDCDE9592}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\opposing force\hl.exe
FirewallRules: [{5791C69C-A202-49F5-96A9-8BF00AD621AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\opposing force\hl.exe
FirewallRules: [{47C218C1-B2E2-4ACE-AA5B-1168EEF28D84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\counterstrike source beta\hl2.exe
FirewallRules: [{1B74D38E-5DE1-4E02-9A1B-D848E8F19EFD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\counterstrike source beta\hl2.exe
FirewallRules: [TCP Query User{C5305C1B-4358-4798-802B-492930B3B11C}C:\users\hayes 2\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hayes 2\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{8F998088-C863-4DDE-A115-96931A1A6019}C:\users\hayes 2\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hayes 2\appdata\local\akamai\netsession_win.exe
FirewallRules: [{A078D584-7A31-40A2-8D35-F8AD9D520E7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\ricochet\hl.exe
FirewallRules: [{78E80CFB-DBAE-4702-B45B-950A7F2AF39F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\ricochet\hl.exe
FirewallRules: [{CA4329FD-D520-4BE4-B5C3-6A33B6F2D1BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\condition zero\hl.exe
FirewallRules: [{9DE809C5-17EE-49E4-8F26-F732D613201E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\condition zero\hl.exe
FirewallRules: [TCP Query User{0709318B-933A-4CD0-9584-34CDA19DFBF3}C:\users\hayes 2\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hayes 2\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{6480875C-19E6-4396-BBEE-FA8B1226EA9B}C:\users\hayes 2\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\hayes 2\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{2E30B959-9C3E-4284-8AE7-113F5352A78E}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{FE5B969E-7788-4F54-AE8B-A2CC9CDD9BBE}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{27C54891-8A10-44BC-9D82-CF6814F8146B}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [UDP Query User{921D06CD-4961-41FB-8597-6927C1EB535D}C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe] => (Block) C:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe
FirewallRules: [TCP Query User{05BB095F-CB37-4645-BB7F-9896658C452A}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{BE52FC83-9802-465E-99D0-CD974359DADD}C:\program files (x86)\warcraft iii\war3.exe] => (Allow) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{389A9988-1748-4589-8005-BC9833D49959}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{EE814E0C-0992-4D02-9B73-3EAA261F398F}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{A76850AD-B602-42B4-B694-4DD8F276E926}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{AA1E2F4F-BBB7-401D-93C2-5B131BE52B76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F53F1E32-BD6E-43F7-B66F-528A7EA6DA15}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E2467523-3418-44EA-B9F5-928958BF9526}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D7B027F-E312-4AFE-830B-AF0435B12945}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9729E7E7-0A3C-4E90-B326-83AA4AE5487F}] => (Allow) C:\Program Files\I - Tunes\iTunes.exe
FirewallRules: [TCP Query User{B6E69A96-7DD8-4022-9824-438E942E6744}C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe
FirewallRules: [UDP Query User{9FC5932C-B0DF-4218-BF5D-CDDC80700288}C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe] => (Allow) C:\program files (x86)\steam\steamapps\[email protected]\condition zero deleted scenes\hl.exe
FirewallRules: [TCP Query User{7AE1B071-5245-45D0-88FD-909154F5ECD5}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [UDP Query User{B05E281A-8414-4F6A-9911-BB2A2772A7F1}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe
FirewallRules: [{1892A1FD-BED4-4A34-9DD6-D7E0B69D5322}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{95D4860D-4742-4637-80F4-A74C691AD117}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{FC038489-3C75-4BB1-8AE9-CF54079C9C08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{A2AC9C18-160F-48EE-AAB1-AEBF9F85306E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\mirrors edge\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{96B95969-0269-44F5-967C-BC8C294F5FCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword 2\BrokenSword2.exe
FirewallRules: [{FCBE6C23-FDF7-4B53-91C3-41A426820CE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword 2\BrokenSword2.exe
FirewallRules: [{3659BCA1-B28E-44FA-93F6-698C2D0B3EF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword 3\BSTSD.exe
FirewallRules: [{FA7A8206-37E1-402D-A205-3BFA1EFA76F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Broken Sword 3\BSTSD.exe
FirewallRules: [{2BACD5C3-F7C9-493E-9D9E-83D2E6AAA548}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\half-life source\hl2.exe
FirewallRules: [{C52255A2-14E1-4450-8F76-7FBCB77D6BF9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\half-life source\hl2.exe
FirewallRules: [{3DD39A93-9A84-4CED-AAFA-04901CAD7485}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{84DDF972-5A85-4D62-931B-0F5C6B247D5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{193B7AE0-8786-49E1-B860-1460CD783ED7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{5281EDD1-9E7B-4B48-819F-913BDC7EC33A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{E30967D7-0346-4504-9981-5695E4B031CA}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [UDP Query User{45748957-D739-4D4F-A098-7E8119432556}C:\program files (x86)\steam\steam.exe] => (Allow) C:\program files (x86)\steam\steam.exe
FirewallRules: [{AB231274-F53D-4450-83E9-445D5C09FA7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{84860E9C-A4A9-473A-9250-F66BE944585B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{4853FC25-480F-4650-B34B-F9BEC46E73C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7AE8BA4C-04E2-43A3-9D00-1C91E650C4C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{100EDDBE-8D0C-4D9A-A261-F32CA4F61E14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{362DBFD4-8CD0-4116-BA7E-75F6F9C5793F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E0E722E7-DA47-415E-B4B3-8D4B22A332EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B5232E3D-1956-4619-8DAA-5EFFB251F36C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{08317177-96F7-4823-B3CE-99516B495F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{621CF600-0299-4DB8-B622-158A35F0DA08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{7E02173B-8D67-4894-8409-51D5DEF16188}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Secret of the Magic Crystal\Secret of the Magic Crystal.exe
FirewallRules: [{C0E1A9D5-6FA9-428D-B026-70C00C2E9E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Secret of the Magic Crystal\Secret of the Magic Crystal.exe
FirewallRules: [{9D504DA1-C509-45FD-9D52-A0EE94539510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{50E33A09-6640-4282-A02B-8BCB23C7ACC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A4EF7B37-F963-419E-B1DF-E3FF41E58710}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{A0BB338D-905D-4300-A765-DAB18538E87A}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6C7F180F-71D7-4761-A5EF-4F65C5BD6EFA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{BDEE52F5-1B07-4590-A87C-ED03468B9498}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
FirewallRules: [{36225618-0AF3-4EE6-BA35-F03DA1D7D030}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{4DC735C5-2C32-4E02-B996-51F4FBB9E61A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
FirewallRules: [{1F1B9AA0-5711-4C90-A995-F749B93542B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EC00C7EB-829C-45A0-B63A-B736461DE947}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F78ABA53-D904-4B54-AD98-311807AE633D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadHungryDiner\DHDSteam.exe
FirewallRules: [{176482B6-1B33-4E98-93BC-0CDD60D26C47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DeadHungryDiner\DHDSteam.exe
FirewallRules: [{63A29328-9D35-42AE-B202-7BB374DFD2D4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Floras Fruit Farm\FlorasFruitFarm.exe
FirewallRules: [{03436203-1387-4E04-9AD0-C73C99790AB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Floras Fruit Farm\FlorasFruitFarm.exe
FirewallRules: [{2C31C47B-D33F-4DD1-9F15-1A109BC16EA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{B8100C45-AF8A-41E9-8E4B-F55F2086C196}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{46A8B40A-21DC-43EB-A537-E7CA0EBD39EF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{AE3F06AA-CD81-435E-B1D3-27FCE115D510}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{80D8EDB4-3093-42E5-A9D4-0051322C8CF5}] => (Allow) C:\Program Files (x86)\Kalypso Media\Port Royale 3\PortRoyale3.exe
FirewallRules: [{781F6616-7521-4DAA-83E6-E38FC01EDF3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\counter-strike\hl.exe
FirewallRules: [{3DDA3ECA-BB38-4F73-92DE-9597415ACE25}] => (Allow) C:\Program Files (x86)\Steam\steamapps\[email protected]\counter-strike\hl.exe
FirewallRules: [{D5D73634-BF52-49F3-826E-AC0B98E95A41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{3BEF56E0-201F-4108-BB20-6209B6998878}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{B207C966-D8D8-4554-B079-72E4793853D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{BE5BB13A-4B41-47BF-8165-84565DB0FCEB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{711E5ADE-4D6E-4136-BC49-94FE06DBC37C}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{6823F67B-5066-4CE2-A7D0-A9BFF0249B43}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{F632B2FA-4834-41A5-8879-DB9A1F4E525E}] => (Allow) LPort=9322
FirewallRules: [{4020C7BD-29E8-462F-92BC-1F837983A70F}] => (Allow) LPort=5353
FirewallRules: [{A08DA14E-A081-474C-8B2A-C6365A30972D}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{287E98AC-5E76-4E5D-AB0D-E1113583B09A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
FirewallRules: [{99A9DB9C-8E81-4FE6-88C0-E8AF5A56B905}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{4F8B32BD-3EE0-46A5-B6E1-5F15BAA72098}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
FirewallRules: [{6E3B738E-8723-4D6C-942D-3FD6DD871138}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{6D2F3664-3480-410F-9328-0A02D25CC8FF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
FirewallRules: [{ED29654D-801C-4B61-84A6-10428F7CB7BD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{302DD01F-E55F-4BF6-B5B9-DFFF9EE43F2A}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
FirewallRules: [{67BAC4B3-C568-4B33-A123-F81415AC2E3F}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{788E652A-09D0-42D1-A818-0D083B697409}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
FirewallRules: [{46D17544-AB41-42B7-93C4-C3FC60467C94}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mirror Mysteries\mm.exe
FirewallRules: [{65C62ED6-D9BC-4C52-A939-9B830FE339D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mirror Mysteries\mm.exe
FirewallRules: [{BD54B948-A013-49E0-9954-033FEB4103A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millionaire Manor\THOS3.exe
FirewallRules: [{0F476507-B3D1-4E55-82DC-F7D4A50516B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Millionaire Manor\THOS3.exe
FirewallRules: [{78A837CB-968A-4307-93B9-347959A8E54E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empress Of The Deep 2 Song Of The Blue Whale\EmpressoftheDeep2_SongoftheBlueWhale.exe
FirewallRules: [{EDDEA16E-6397-457E-A80F-6F4C0332B352}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empress Of The Deep 2 Song Of The Blue Whale\EmpressoftheDeep2_SongoftheBlueWhale.exe
FirewallRules: [{58527CEB-0C3C-4258-98B1-73C1DC3992B4}] => (Allow) C:\MyGames\steamapps\common\White Haven Mysteries\WhiteHaven.exe
FirewallRules: [{318CAD3F-4FA7-46C6-AB63-AFE88CD55346}] => (Allow) C:\MyGames\steamapps\common\White Haven Mysteries\WhiteHaven.exe
FirewallRules: [{2FBFCB95-DE5E-4CD5-826F-CE3DCB00BE14}] => (Allow) C:\MyGames\steamapps\common\Princess Isabella - Rise of an Heir\PrincessIsabella_TheRiseOfAnHeir.exe
FirewallRules: [{4B8A5B1E-BC37-4CA2-835A-A120952A6854}] => (Allow) C:\MyGames\steamapps\common\Princess Isabella - Rise of an Heir\PrincessIsabella_TheRiseOfAnHeir.exe
FirewallRules: [{A922DB4B-5C53-4C26-83EB-E6F018DC7184}] => (Allow) C:\MyGames\steamapps\common\Haunted Past Realm of Ghosts\HP-RealmofGhosts.exe
FirewallRules: [{CFC23563-C0BD-44CE-B62B-8B382C903968}] => (Allow) C:\MyGames\steamapps\common\Haunted Past Realm of Ghosts\HP-RealmofGhosts.exe
FirewallRules: [{AD52B1A0-3893-414F-92DE-C0C570C9C7F2}] => (Allow) C:\MyGames\steamapps\common\Escape The Museum\Museum.exe
FirewallRules: [{4B669F0E-32E2-4C28-B8AA-8F846BDD3A16}] => (Allow) C:\MyGames\steamapps\common\Escape The Museum\Museum.exe
FirewallRules: [{684ED7F1-F7DA-4CDD-A51E-7224804FF61C}] => (Allow) C:\MyGames\steamapps\common\Crystals of Time\Crystals of Time.exe
FirewallRules: [{35B5DD73-0F5D-4D20-A45F-5367D3A1D05C}] => (Allow) C:\MyGames\steamapps\common\Crystals of Time\Crystals of Time.exe
FirewallRules: [{82A49C39-8E29-4BB9-AEA6-7D3CE1EB56FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Isabella - Return of the Curse\PrincessIsabella_ReturnoftheCurse.exe
FirewallRules: [{3897E809-3CC2-43BD-A819-A2E463954004}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Isabella - Return of the Curse\PrincessIsabella_ReturnoftheCurse.exe
FirewallRules: [{D3305A25-A60B-44E8-BCAB-F256FDB9F71A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{38BFCD1E-4266-4A7E-A19C-9A4039AEF352}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{8B0D3F45-F1F7-452A-BB1E-7250A574027A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\ys1plus.exe
FirewallRules: [{8CE063A8-4B74-4D5B-9A3B-09BFA91677D7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\ys1plus.exe
FirewallRules: [{6349F9B7-7A22-419E-9132-10BDC01EA1F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\config.exe
FirewallRules: [{5F338F58-75E9-4814-B5EB-EA8AAC3604DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ys I\config.exe
FirewallRules: [TCP Query User{AFA77D48-C0CE-42C4-A633-35BDC072F9A0}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{A8DBABBD-07E1-47A1-98E9-A3336C7A2D6F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{8EE29E0B-FAEA-4539-AF97-AFB48CC32AD6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{01F31B74-3025-4BD4-BB00-5722B086AE45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RaceTheSun\RaceTheSun.exe
FirewallRules: [{20632F59-B361-4953-BFAD-C789AA3C0549}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{65C88493-F027-4F61-85D7-BE191C9D16FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8381DB31-1FCA-4F3B-B49D-CA808186D2CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{C87A0C31-361F-49D1-BD7F-EAE96F75011F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{630E01AE-5F83-4829-A5AB-28953E854D6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{C18B10A3-06EF-4EEB-AE44-C5484412D29B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGameServer.exe
FirewallRules: [{67C93C41-65B0-4013-8F6D-93542020FA33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7B6172CD-4B51-4827-BB86-92B975980017}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{B599409A-068E-4BEE-8298-9C90A9A14E5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\RoA.exe
FirewallRules: [{95D18A4D-E345-4383-9B39-2D7884E57308}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rock of Ages\Binaries\Win32\RoA.exe
FirewallRules: [{5F26F3D1-AA64-4E38-B0DA-BB52E56E1564}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{E03439FB-975E-4EF9-9714-15E7F8CB9591}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{8BC057FB-A5AE-419D-88EE-05705FFD13DF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe
FirewallRules: [{67E31BB6-B448-47C6-AF85-D0FAD8A8C67F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe
FirewallRules: [{F88983F6-6787-42AD-8405-4D700509E56A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Happy Hereafter\TheHappyHereafter.exe
FirewallRules: [{2EA90567-FD84-4200-B9A4-D2F873E0ACB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Happy Hereafter\TheHappyHereafter.exe
FirewallRules: [{25D57C0F-6391-442C-842B-BD44E7ACE873}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{76B2C249-BFA1-49CD-9DFD-FA4AC22CEFF2}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C350D5D7-5550-4FB1-9628-59454BCD8C04}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{642915C1-888C-4494-BBFA-19AC9361E42A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0B467F75-C8E5-447E-A5AD-58D88D4F097F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{868BFA4F-8AF8-4EEE-BCC8-29BFE67B0D42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [TCP Query User{92CD1E76-2CBE-49C1-8A65-A57B01DA61CF}C:\program files (x86)\woj emulator extreme edition\wojemulatorextreme.exe] => (Allow) C:\program files (x86)\woj emulator extreme edition\wojemulatorextreme.exe
FirewallRules: [UDP Query User{1CDAFD97-B254-484D-BA66-401188B48B28}C:\program files (x86)\woj emulator extreme edition\wojemulatorextreme.exe] => (Allow) C:\program files (x86)\woj emulator extreme edition\wojemulatorextreme.exe
FirewallRules: [{6CC7448C-1467-4EAF-8A4A-CD8A969CF212}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{AA79DFDF-4013-48E6-BBB0-9CD06D38DBF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Escapists\TheEscapists.exe
FirewallRules: [{DB8703FD-F9B2-457C-8773-F910BAA0818D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robin's Quest\RobinsQuest.exe
FirewallRules: [{809B4EEE-55DE-4B5F-9838-580FDA38FC7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robin's Quest\RobinsQuest.exe
FirewallRules: [{21DC435E-ACB1-401F-9D18-9E74E6D3B9E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{624BF076-1E8F-4E07-B2FC-2A2231D0C9D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{51BC62FB-BC6B-4FAA-BDA0-5F216B6DC561}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{A24666F6-E990-42CD-BF98-A314A38226FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{5A2A2F06-ECAD-48AC-BA32-B13E20169CE3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{D78F7B30-D6CF-4FFD-B5B0-F8CF72CAFC99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TerraTech Beta\TerraTechWin64.exe
FirewallRules: [{6B9CB950-0BBC-451F-A8A4-2CF12F064569}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{958FF362-0F82-4873-89DD-833974D8A242}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Slime Rancher\SlimeRancher.exe
FirewallRules: [{7C088461-6858-4081-A5B1-CDC0972DDAF7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{3ADA1B80-5A99-49A6-9C18-D191F17CFA9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Town of Salem\TownOfSalem.exe
FirewallRules: [{BF26D34B-4E17-416D-BD94-83311BE800A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sister’s Secrecy\SistersSecrecy_ArcanumBloodlines_Premium.exe
FirewallRules: [{CB82D88C-218B-4B37-AC45-F3C5FD0A2E68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sister’s Secrecy\SistersSecrecy_ArcanumBloodlines_Premium.exe
FirewallRules: [{E5E63362-9C4B-40D9-B86E-1567F2CFAF79}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{BD600C19-B093-4D36-8B57-621C79FA283E}] => (Allow) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
FirewallRules: [{6415ADF1-5497-46B1-817A-5AF104649889}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{CF5C3985-412D-4F9A-AC98-BD802CA6DD16}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{8BD0F658-A9C3-4731-8A90-D5CD34674F3C}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe] => (Block) C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{E1CC4765-7A7D-4B6A-9F66-44B162402ED7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{57032B29-8057-4652-A5F5-4B773C70151D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{0C076193-3554-4B09-80FC-1F5489A83CC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{EF8D102D-2F66-414C-A737-24E19FEF1CBB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe
FirewallRules: [{9B9F67FB-502E-42A7-9C2E-D39142BF6012}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{B882DC0F-F49E-4B55-A49E-51647A455107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe
FirewallRules: [{332A19C4-E790-4BCF-A2B1-CF98EE2E7070}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
FirewallRules: [{CE160321-275B-4BA2-85DD-EDBAC53618AB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
FirewallRules: [{AEEAC0E1-A6DB-49F6-8EE6-B5183FE4D990}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{EDB0DE18-F8EB-49D2-9C57-7FFF745EDE90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{216FAEBA-0B7D-4271-A8DC-CD043A450675}] => (Allow) C:\MyGames\steamapps\common\AWalkInTheDark\AWalkInTheDark.exe
FirewallRules: [{90D1C2B1-CF40-406D-947F-459F42661E80}] => (Allow) C:\MyGames\steamapps\common\AWalkInTheDark\AWalkInTheDark.exe
FirewallRules: [{1576935F-F52A-4F32-B984-D3FEE42A463F}] => (Allow) C:\MyGames\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{2E07477D-6FC4-4380-BEBE-6FBA2E3AD960}] => (Allow) C:\MyGames\steamapps\common\CookServeDelicious\CSDSteamBuild.exe
FirewallRules: [{ACB9D2D9-DD19-40EC-B9F5-A992E966903A}] => (Allow) C:\MyGames\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{801D23B8-00FD-4500-B631-1D531799AAF6}] => (Allow) C:\MyGames\steamapps\common\Age of Mythology\Launcher.exe
FirewallRules: [{4D957FE9-412F-4D43-9CC2-938DCDC42E43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{990B17E4-03B5-4E37-AAF0-10D8A4A5B28B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [TCP Query User{C5119668-5C46-41BB-8A1B-598B24577051}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{3111EB74-CC64-4C9C-B319-576DEFC2AB14}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{3A8BD383-F1AA-4F89-9122-16D05F246AE7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{D0BCF183-7E77-4D9E-875A-94056B09EBD5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{C6EBF593-3826-465E-B526-D98340812099}] => (Allow) C:\MyGames\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{F8A602FE-0E46-4880-9A83-D3776CC2A60C}] => (Allow) C:\MyGames\steamapps\common\Age of Mythology\aomx.exe
FirewallRules: [{4EED53BA-0976-43A3-9E80-852BECB3AEF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{5C0D0557-83E8-46CC-87F3-1D1AD573C4B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Zombie_Driver_HD\bin\ZombieDriverHD.exe
FirewallRules: [{10689B64-5BA9-4338-AC48-BD86EBF384F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Syberia\Game.exe
FirewallRules: [{1B88367C-F6BB-4A71-98DF-3AE537CFB81E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Syberia\Game.exe
FirewallRules: [{D6FC207A-7744-494B-9490-A2F1B85B8846}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{5D027F43-AB31-4535-BD12-4DE683EB9AF1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [TCP Query User{FD003AC7-6242-4497-95A3-8D8CDD30B5DA}C:\mygames\steamapps\common\guardians of ember\exedir\ruplatform.exe] => (Allow) C:\mygames\steamapps\common\guardians of ember\exedir\ruplatform.exe
FirewallRules: [UDP Query User{4B178EAF-008B-499F-A88F-B440E5CC05AB}C:\mygames\steamapps\common\guardians of ember\exedir\ruplatform.exe] => (Allow) C:\mygames\steamapps\common\guardians of ember\exedir\ruplatform.exe
FirewallRules: [{9264D49D-81D3-4E02-AEE4-02B5F63E6E77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{20E34B84-ECF1-4992-A7F2-D62BE058A3BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Deathmatch\hl2.exe
FirewallRules: [{EA8BD9F1-48A6-4003-BDE2-0B832206469B}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{FCCEB72B-3B52-4380-B460-3A01D60C32C3}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{A9AFD583-6F55-4E8F-BE38-2E5F89EEF6E5}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{6853BE0D-58CC-4C39-B242-C035804A785F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{CA420FD2-AAE2-464F-90F1-CE77AE6642FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E49E1346-EF72-45EF-B4D2-823843B975E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{B97994DA-7C9B-4C76-B12D-63582FAD0DC1}] => (Allow) C:\Program Files (x86)\StarCraft\StarCraft.exe
FirewallRules: [{9AD8098E-21DD-435A-9FF8-D156ECAF41DE}] => (Allow) C:\Program Files (x86)\StarCraft\StarCraft.exe
FirewallRules: [{274ED66E-5981-47CF-A205-DC48D5A5E394}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{1E283065-BD6B-4DE7-8EF7-D7CB815B3218}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{955DBFC8-79BF-4D8F-ABD1-917921597CED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [{D71FA36C-6D3D-434D-B3F5-D941CEE3C2AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scrap Mechanic\Release\ScrapMechanic.exe
FirewallRules: [TCP Query User{D3B2AF72-7426-49A2-A5A6-FFA0146F2C2F}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{3698D09B-B8D2-4606-B572-BBFE87359371}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [{C6CED57E-D369-4AAD-AA3B-F32C8C5B7ABE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{C50D806F-3619-4126-87EE-12A3215A0D32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{D324BE3F-22C9-4991-984B-146CE4C63568}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe
FirewallRules: [{C597F414-04F0-4798-915E-CFEE2581C4EE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Torchlight\Torchlight.exe
FirewallRules: [{AFEF5478-3CC4-408F-BADB-63CC685C46FB}] => (Allow) C:\MyGames\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{D9893A14-773A-4532-8FEB-9563F6E2F2C6}] => (Allow) C:\MyGames\steamapps\common\TheDarkEye Cos\satinav.exe
FirewallRules: [{4CB769F7-7CFD-4748-95B9-D4C577232F2B}] => (Allow) C:\MyGames\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{0E955ECB-83BC-4A70-B8A0-065DB9658FBC}] => (Allow) C:\MyGames\steamapps\common\TheDarkEye Cos\VisionaireConfigurationTool.exe
FirewallRules: [{7BD2B415-A91F-45CF-9919-2AA2B68D5757}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{C04C212D-9DAE-4B98-82D5-AA1008862D6D}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{91408490-A80F-4E67-BC71-9C8028172844}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{F991B1BB-814C-47FB-BFAF-16DD1AEA0E2E}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win64\CDW.exe
FirewallRules: [{D48ABB11-3A59-4864-B8DD-43099C25C2CE}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{22946170-6822-49FB-8A5E-EF9FDE94C7EF}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{5079D2DB-5A23-46E6-8FD7-8026D3E97F14}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{34995DC3-4893-4E2D-BEED-88C19AB54F13}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\CDW\Binaries\Win32\CDW.exe
FirewallRules: [{23B0C37C-F45B-4BF8-8061-E1F116446119}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{5BE18D23-50C7-4B07-8C68-0F34DFEB5D26}] => (Allow) C:\MyGames\steamapps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{128233F3-610C-432C-B44D-A8A9887926CE}] => (Allow) C:\MyGames\steamapps\common\DeadCore\DeadCore.exe
FirewallRules: [{4F981811-9448-4530-9019-8BBDD0241F7C}] => (Allow) C:\MyGames\steamapps\common\DeadCore\DeadCore.exe
FirewallRules: [{7B0956BD-F3D2-483D-B46D-8A8571258DC6}] => (Allow) LPort=80
FirewallRules: [{8AB470CC-8166-471A-8F5F-8CF24CBF9CE7}] => (Allow) LPort=80
FirewallRules: [{E72885C9-C635-4DBF-9775-C607C77F0F91}] => (Allow) LPort=80

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: PS/2 Keyboard
Description: PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Mouse
Description: PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Logitech
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: RTS5121LUN0    
Description: RTS5121LUN0    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: REALSIL
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: RTS5121LUN3    
Description: RTS5121LUN3    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: REALSIL
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: RTS5121LUN2    
Description: RTS5121LUN2    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: REALSIL
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

Name: RTS5121LUN1    
Description: RTS5121LUN1    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: REALSIL
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2017 12:14:53 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered
.

Error: (11/18/2017 12:14:53 PM) (Source: Windows Search Service) (EventID: 3083) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.

Error: (11/18/2017 12:14:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2017 12:14:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2017 12:14:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2017 12:14:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2017 12:14:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2017 12:14:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2017 12:14:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/18/2017 12:14:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

System errors:
=============
Error: (11/18/2017 12:17:31 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/18/2017 12:12:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/18/2017 12:12:38 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (11/18/2017 12:12:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Logitech CPU Core Tempurature service failed to start due to the following error:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (11/18/2017 12:10:49 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/18/2017 12:10:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:09:31 PM on 11/18/2017 was unexpected.

Error: (11/18/2017 12:10:39 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/18/2017 12:04:01 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (11/18/2017 11:59:04 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/18/2017 11:59:04 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

CodeIntegrity:
===================================
  Date: 2017-11-18 12:22:55.680
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:22:54.463
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:22:53.246
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:22:52.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:20:54.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:20:53.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:20:52.355
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:20:47.253
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:20:45.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2017-11-18 12:20:44.726
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 30%
Total physical RAM: 8190.32 MB
Available physical RAM: 5690.13 MB
Total Virtual: 16433.59 MB
Available Virtual: 14203.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.52 GB) (Free:14.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: F4DCAE3E)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=27)
Partition 2: (Active) - (Size=581.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

Thank you for all your help,


  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP

Clear the alarms:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
 

 

 

Download a new copy of Malwarebytes Anti-Malware, uninstall the old one, reboot , install the new copy. 

 

Run VEW as before and post both logs.

 

What is RTS5121LUN from REALSIL?  Appears to be connected via a USB drive and it is not working.

 

Right click on Computer and select Manage and then Device Manager then View, Show Hidden Drivers.  Now look in the right pane for yellow flagged devices.  Right click on one and select properties then click on the Details tab.  Change Property to Hardware IDs.  Click on the top one then right click and copy.  Paste that into a reply.  Repeat for all yellow flagged devices.


  • 0

#10
snowfox217

snowfox217

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Rkinner,

Not sure what the RTS5121LUN from REALSIL could be. All I have connected to the computer via usb right now (and since this started) is just the essentials: a mouse, keyboard and speakers.

 

Per your request please see below for all the logs/device hardware ids. Thanks again for all of your help!

 

 

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 20/11/2017 9:03:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/11/2017 2:35:30 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Client Virtualization Handler service terminated unexpectedly.  It has done this 1 time(s).

Log: 'System' Date/Time: 21/11/2017 2:35:29 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load:  cdrom

Log: 'System' Date/Time: 21/11/2017 2:35:16 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Logitech CPU Core Tempurature service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Log: 'System' Date/Time: 21/11/2017 2:34:27 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 21/11/2017 2:34:17 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 21/11/2017 2:33:36 AM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Windows Update service did not shut down properly after receiving a preshutdown control.

Log: 'System' Date/Time: 21/11/2017 2:31:43 AM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- MS/MS-Pro USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_MS/MS-Pro&Rev_1.00\30000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 21/11/2017 2:31:43 AM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SD/MMC USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SD/MMC&Rev_1.00\20000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 21/11/2017 2:31:43 AM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- SM/xD-Picture USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_SM/xD-Picture&Rev_1.00\10000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 21/11/2017 2:31:43 AM
Type: Error Category: 0
Event: 12 Source: PlugPlayManager
The device 'Generic- Compact Flash USB Device' (USBSTOR\Disk&Ven_Generic-&Prod_Compact_Flash&Rev_1.00\00000) disappeared from the system without first being prepared for removal.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

Log: 'System' Date/Time: 21/11/2017 2:28:24 AM
Type: Error Category: 0
Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/11/2017 2:34:32 AM
Type: Warning Category: 0
Event: 1009 Source: Microsoft-Windows-DHCPv6-Client
A network error occurred when trying to send a message. The error code is: Element not found..

Log: 'System' Date/Time: 21/11/2017 2:29:25 AM
Type: Warning Category: 0
Event: 129 Source: nvstor64
Reset to device, \Device\RaidPort0, was issued.

 

 

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 20/11/2017 9:04:47 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/11/2017 3:01:46 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 3:01:46 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:56:07 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:56:07 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:53:45 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:53:45 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:48:53 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:48:53 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:48:37 AM
Type: Error Category: 1
Event: 104 Source: ESENT
wuaueng.dll (1960) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1090).

Log: 'Application' Date/Time: 21/11/2017 2:48:37 AM
Type: Error Category: 3
Event: 492 Source: ESENT
wuaueng.dll (1960) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

Log: 'Application' Date/Time: 21/11/2017 2:48:37 AM
Type: Error Category: 3
Event: 471 Source: ESENT
wuaueng.dll (1960) SUS20ClientDataStore: Unable to rollback operation #171844 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error: -614. All future database updates will be rejected.

Log: 'Application' Date/Time: 21/11/2017 2:42:30 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:42:30 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:40:55 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:40:55 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:37:40 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.OneIndexHandler.2 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:37:40 AM
Type: Error Category: 3
Event: 3083 Source: Microsoft-Windows-Search
The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered .

Log: 'Application' Date/Time: 21/11/2017 2:35:56 AM
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Log: 'Application' Date/Time: 21/11/2017 2:35:56 AM
Type: Error Category: 0
Event: 78 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Log: 'Application' Date/Time: 21/11/2017 2:35:21 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application CVHSVC.EXE, version 14.0.7147.5000, time stamp 0x5509d673, faulting module ntdll.dll, version 6.0.6002.19623, time stamp 0x56ec36a2, exception code 0xc0000374, fault offset 0x000ac7eb, process id 0xe68, application start time 0x01d362715f0a1dfd.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 21/11/2017 2:35:45 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 19 7a 4a eb db 25 f0 17 00 79 bb 8c 73 cb 2d 65 5e 00 18 a4 is about to expire or already expired.

Log: 'Application' Date/Time: 21/11/2017 2:35:45 AM
Type: Warning Category: 0
Event: 64 Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Certificate for local system with Thumbprint 4e 7c 54 42 2a 43 1a db de 20 36 77 0e b2 fa 58 fb 58 cd 44 is about to expire or already expired.

Log: 'Application' Date/Time: 21/11/2017 2:35:29 AM
Type: Warning Category: 3
Event: 3219 Source: Application Virtualization Client
{tid=C58}
Failed unregistering callback tracking connected process termination (error: 997).

Log: 'Application' Date/Time: 21/11/2017 2:35:18 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=D5C}
The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.3.24650 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: HAYES2-PC Operating System: Windows Vista 64-bit Service Pack 2.0 Build 6002 OSD Command:

Log: 'Application' Date/Time: 21/11/2017 2:35:13 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=D5C}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)

Log: 'Application' Date/Time: 21/11/2017 2:35:11 AM
Type: Warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Log: 'Application' Date/Time: 21/11/2017 2:34:38 AM
Type: Warning Category: 0
Event: 1036 Source: Microsoft-Windows-SpoolerSpoolss
InitializePrintProvider failed for provider win32spl.dll. This can occur because of system instability or a lack of system resources.

Log: 'Application' Date/Time: 21/11/2017 2:33:03 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   0 user registry handles leaked from \Registry\User\S-1-5-21-1094520485-351602351-698667415-1000_Classes:

Log: 'Application' Date/Time: 21/11/2017 2:33:03 AM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.     DETAIL -   1 user registry handles leaked from \Registry\User\S-1-5-21-1094520485-351602351-698667415-1000:
Process 1300 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\AvastSvc.exe) has opened key \REGISTRY\USER\S-1-5-21-1094520485-351602351-698667415-1000

 

Hardware IDs

 

 

ACPI\PNP0303
PS/2 Mouse
ACPI\PNP0F03

 

Below is a list of yellow flagged devices (there device descriptions) that wouldn't give me a hardware id. Not sure if it'll help you any but I thought I would give them to you just in case you need them. 

 

RTS5121LUN0    
RTS5121LUN1    
RTS5121LUN2 

RTS5121LUN3    
 


  • 0

#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP

RTS5121LUN0    
RTS5121LUN1    
RTS5121LUN2 

RTS5121LUN3 

 

   
 These are the device which is not working.  Right click on each and uninstall

 

Do the same to these:

 

ACPI\PNP0303
PS/2 Mouse
ACPI\PNP0F03

 

Then reboot.  Do they come back?

 

 

These errors:

 

Type: Warning Category: 0
Event: 129 Source: nvstor64
Reset to device, \Device\RaidPort0, was issued.

 

 

Event: 5 Source: nvstor64
A parity error was detected on \Device\RaidPort0.

 

 

will cause freezing and are supposed to be from the NVIDIA nForce Driver.  See if you can find a new one on your PC maker's site or at http://www.nvidia.co...spx/30655/en-us

 

Event: 78 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Log: 'Application' Date/Time: 21/11/2017 2:35:56 AM

 

 

Uninstall Windows Live.  MS doesn't support it anymore anyway.

 

Event: 7000 Source: Service Control Manager
The Logitech CPU Core Tempurature service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

You might be able to fix this using the procedure here:

https://www.wintips....dows-8-7-vista/

 

 

These:

 

Event: 104 Source: ESENT
wuaueng.dll (1960) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1090).

Log: 'Application' Date/Time: 21/11/2017 2:48:37 AM
Type: Error Category: 3
Event: 492 Source: ESENT
wuaueng.dll (1960) SUS20ClientDataStore: The logfile sequence in "C:\Windows\SoftwareDistribution\DataStore\Logs\" has been halted due to a fatal error.  No further updates are possible for the databases that use this logfile sequence.  Please correct the problem and restart or restore from backup.

Log: 'Application' Date/Time: 21/11/2017 2:48:37 AM
Type: Error Category: 3
Event: 471 Source: ESENT
wuaueng.dll (1960) SUS20ClientDataStore: Unable to rollback operation #171844 on database C:\Windows\SoftwareDistribution\DataStore\DataStore.edb. Error: -614. All future database updates will be rejected.

 

need some more info:

 

Copy the next 2 lines:

 

dir /a /s C:\Windows\SoftwareDistribution\DataStore\  > \junk.txt

notepad \junk.txt

 

Start, All Programs, Accessories then right click on Command Prompt and Run As Admin.

 

Right click and Paste (or Edit then Paste) and the copied lines should appear.  Hit Enter if notepad does not open.  Copy and paste the text into a reply.


  • 0

#12
snowfox217

snowfox217

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi Rkinner,

 

I uninstalled the devices per your request and rebooted. The RTS5121's did not come back, but the PS/2 mouse and PS/2 keyboard did. And they were very upset with me about being uninstalled apprarently, because my computer just kept crashing and crashing (BSOD's) after I uninstalled them and they reinstalled themselves. It looks like the only stable enviroment that I have right now is safe mode. When I try to load up windows normally, it just crashes on me after awhile.

 

I wasn't sure what needed to be done with the Nvidia Nforce Driver. But what I did was go to the Nvidia website and download and install the latest drivers for my graphics card. I'm not sure if that would fix the driver though. Do I need to install/uninstall something else?

 

Windows Live is uninstalled. We shouldn't have to worry about this one any more.

 

As for the logitech service, I did some research on it, and I figured out which software uses it (Logitech Gaming Software). And since I don't really use that software, i just went ahead and uninstalled it. 

 

Finally, last but not least, per your request below is the junk.txt file for the data store:

 

 

 Volume in drive C is OS
 Volume Serial Number is 2ECC-16B0

 Directory of C:\Windows\SoftwareDistribution\DataStore

20/11/2017  08:49 PM    <DIR>          .
20/11/2017  08:49 PM    <DIR>          ..
01/01/2008  12:13 PM       674,308,096 DataStore.edb
01/01/2008  12:07 PM    <DIR>          Logs
               1 File(s)    674,308,096 bytes

 Directory of C:\Windows\SoftwareDistribution\DataStore\Logs

01/01/2008  12:07 PM    <DIR>          .
01/01/2008  12:07 PM    <DIR>          ..
01/01/2008  12:13 PM             8,192 edb.chk
01/01/2008  12:13 PM           131,072 edb.log
20/11/2017  08:47 PM           131,072 edb012DD.log
20/11/2017  08:47 PM           131,072 edb012DE.log
20/11/2017  08:47 PM           131,072 edb012DF.log
20/11/2017  08:47 PM           131,072 edb012E0.log
20/11/2017  08:47 PM           131,072 edb012E1.log
20/11/2017  08:47 PM           131,072 edb012E2.log
20/11/2017  08:47 PM           131,072 edb012E3.log
20/11/2017  08:48 PM           131,072 edb012E4.log
20/11/2017  08:48 PM           131,072 edb012E5.log
20/11/2017  08:48 PM           131,072 edb012E6.log
20/11/2017  08:48 PM           131,072 edb012E7.log
20/11/2017  08:48 PM           131,072 edb012E8.log
20/11/2017  08:48 PM           131,072 edb012E9.log
20/11/2017  08:48 PM           131,072 edb012EA.log
20/11/2017  08:48 PM           131,072 edb012EB.log
20/11/2017  08:48 PM           131,072 edb012EC.log
20/11/2017  08:48 PM           131,072 edb012ED.log
20/11/2017  08:48 PM           131,072 edb012EE.log
20/11/2017  08:48 PM           131,072 edb012EF.log
20/11/2017  08:48 PM           131,072 edb012F0.log
20/11/2017  08:48 PM           131,072 edb012F1.log
20/11/2017  08:48 PM           131,072 edb012F2.log
20/11/2017  08:48 PM           131,072 edb012F3.log
20/11/2017  08:48 PM           131,072 edb012F4.log
20/11/2017  08:48 PM           131,072 edb012F5.log
20/11/2017  08:48 PM           131,072 edb012F6.log
20/11/2017  08:48 PM           131,072 edb012F7.log
20/11/2017  08:48 PM           131,072 edb012F8.log
20/11/2017  08:48 PM           131,072 edb012F9.log
20/11/2017  08:48 PM           131,072 edb012FA.log
20/11/2017  08:48 PM           131,072 edb012FB.log
20/11/2017  08:48 PM           131,072 edb012FC.log
20/11/2017  08:48 PM           131,072 edb012FD.log
20/11/2017  08:48 PM           131,072 edb012FE.log
20/11/2017  08:48 PM           131,072 edb012FF.log
20/11/2017  08:48 PM           131,072 edb01300.log
20/11/2017  08:48 PM           131,072 edb01301.log
20/11/2017  08:48 PM           131,072 edb01302.log
20/11/2017  08:48 PM           131,072 edb01303.log
20/11/2017  08:48 PM           131,072 edb01304.log
20/11/2017  08:48 PM           131,072 edb01305.log
20/11/2017  08:48 PM           131,072 edb01306.log
20/11/2017  08:48 PM           131,072 edb01307.log
20/11/2017  08:48 PM           131,072 edb01308.log
20/11/2017  08:48 PM           131,072 edb01309.log
20/11/2017  08:48 PM           131,072 edb0130A.log
20/11/2017  08:48 PM           131,072 edb0130B.log
20/11/2017  08:48 PM           131,072 edb0130C.log
20/11/2017  08:48 PM           131,072 edb0130D.log
20/11/2017  08:48 PM           131,072 edb0130E.log
20/11/2017  08:48 PM           131,072 edb0130F.log
20/11/2017  08:48 PM           131,072 edb01310.log
20/11/2017  08:48 PM           131,072 edb01311.log
20/11/2017  08:48 PM           131,072 edb01312.log
20/11/2017  08:48 PM           131,072 edb01313.log
20/11/2017  08:48 PM           131,072 edb01314.log
20/11/2017  08:48 PM           131,072 edb01315.log
20/11/2017  08:48 PM           131,072 edb01316.log
20/11/2017  08:48 PM           131,072 edb01317.log
20/11/2017  08:48 PM           131,072 edb01318.log
20/11/2017  08:48 PM           131,072 edb01319.log
20/11/2017  08:48 PM           131,072 edb0131A.log
20/11/2017  08:48 PM           131,072 edb0131B.log
20/11/2017  08:48 PM           131,072 edb0131C.log
20/11/2017  08:48 PM           131,072 edb0131D.log
20/11/2017  08:48 PM           131,072 edb0131E.log
20/11/2017  08:48 PM           131,072 edb0131F.log
20/11/2017  08:48 PM           131,072 edb01320.log
20/11/2017  08:48 PM           131,072 edb01321.log
20/11/2017  08:48 PM           131,072 edb01322.log
20/11/2017  08:48 PM           131,072 edb01323.log
20/11/2017  08:48 PM           131,072 edb01324.log
20/11/2017  08:48 PM           131,072 edb01325.log
20/11/2017  08:48 PM           131,072 edb01326.log
20/11/2017  08:48 PM           131,072 edb01327.log
20/11/2017  08:48 PM           131,072 edb01328.log
20/11/2017  08:48 PM           131,072 edb01329.log
20/11/2017  08:48 PM           131,072 edb0132A.log
20/11/2017  08:48 PM           131,072 edb0132B.log
20/11/2017  08:48 PM           131,072 edb0132C.log
20/11/2017  08:48 PM           131,072 edb0132D.log
20/11/2017  08:48 PM           131,072 edb0132E.log
20/11/2017  08:48 PM           131,072 edb0132F.log
20/11/2017  08:48 PM           131,072 edb01330.log
20/11/2017  08:48 PM           131,072 edb01331.log
20/11/2017  08:48 PM           131,072 edb01332.log
20/11/2017  08:48 PM           131,072 edb01333.log
20/11/2017  08:48 PM           131,072 edb01334.log
20/11/2017  08:48 PM           131,072 edb01335.log
20/11/2017  08:48 PM           131,072 edb01336.log
20/11/2017  08:48 PM           131,072 edb01337.log
20/11/2017  08:48 PM           131,072 edb01338.log
20/11/2017  08:48 PM           131,072 edb01339.log
20/11/2017  08:48 PM           131,072 edb0133A.log
20/11/2017  08:48 PM           131,072 edb0133B.log
20/11/2017  08:48 PM           131,072 edb0133C.log
20/11/2017  08:48 PM           131,072 edb0133D.log
20/11/2017  08:48 PM           131,072 edb0133E.log
20/11/2017  08:48 PM           131,072 edb0133F.log
20/11/2017  08:48 PM           131,072 edb01340.log
20/11/2017  08:48 PM           131,072 edb01341.log
20/11/2017  08:48 PM           131,072 edb01342.log
20/11/2017  08:48 PM           131,072 edb01343.log
20/11/2017  08:48 PM           131,072 edb01344.log
20/11/2017  08:48 PM           131,072 edb01345.log
20/11/2017  08:48 PM           131,072 edb01346.log
20/11/2017  08:48 PM           131,072 edb01347.log
20/11/2017  08:48 PM           131,072 edb01348.log
20/11/2017  08:48 PM           131,072 edb01349.log
20/11/2017  08:48 PM           131,072 edb0134A.log
20/11/2017  08:48 PM           131,072 edb0134B.log
20/11/2017  08:48 PM           131,072 edb0134C.log
20/11/2017  08:48 PM           131,072 edb0134D.log
20/11/2017  08:48 PM           131,072 edb0134E.log
20/11/2017  08:48 PM           131,072 edb0134F.log
20/11/2017  08:48 PM           131,072 edb01350.log
20/11/2017  08:48 PM           131,072 edb01351.log
20/11/2017  08:48 PM           131,072 edb01352.log
20/11/2017  08:48 PM           131,072 edb01353.log
20/11/2017  08:48 PM           131,072 edb01354.log
20/11/2017  08:48 PM           131,072 edb01355.log
20/11/2017  08:48 PM           131,072 edb01356.log
20/11/2017  08:48 PM           131,072 edb01357.log
20/11/2017  08:48 PM           131,072 edb01358.log
20/11/2017  08:48 PM           131,072 edb01359.log
20/11/2017  08:48 PM           131,072 edb0135A.log
20/11/2017  08:48 PM           131,072 edb0135B.log
20/11/2017  08:48 PM           131,072 edb0135C.log
20/11/2017  08:48 PM           131,072 edb0135D.log
20/11/2017  08:48 PM           131,072 edb0135E.log
20/11/2017  08:48 PM           131,072 edb0135F.log
20/11/2017  08:48 PM           131,072 edb01360.log
20/11/2017  08:48 PM           131,072 edb01361.log
20/11/2017  08:48 PM           131,072 edb01362.log
20/11/2017  08:48 PM           131,072 edb01363.log
20/11/2017  08:48 PM           131,072 edb01364.log
20/11/2017  08:48 PM           131,072 edb01365.log
20/11/2017  08:48 PM           131,072 edb01366.log
20/11/2017  08:48 PM           131,072 edb01367.log
20/11/2017  08:48 PM           131,072 edb01368.log
20/11/2017  08:48 PM           131,072 edb01369.log
20/11/2017  08:48 PM           131,072 edb0136A.log
20/11/2017  08:48 PM           131,072 edb0136B.log
20/11/2017  08:48 PM           131,072 edb0136C.log
20/11/2017  08:48 PM           131,072 edb0136D.log
20/11/2017  08:48 PM           131,072 edb0136E.log
20/11/2017  08:48 PM           131,072 edb0136F.log
20/11/2017  08:48 PM           131,072 edb01370.log
20/11/2017  08:48 PM           131,072 edb01371.log
20/11/2017  08:48 PM           131,072 edb01372.log
20/11/2017  08:48 PM           131,072 edb01373.log
20/11/2017  08:48 PM           131,072 edb01374.log
20/11/2017  08:48 PM           131,072 edb01375.log
20/11/2017  08:48 PM           131,072 edb01376.log
20/11/2017  08:48 PM           131,072 edb01377.log
20/11/2017  08:48 PM           131,072 edb01378.log
20/11/2017  08:48 PM           131,072 edb01379.log
20/11/2017  08:48 PM           131,072 edb0137A.log
20/11/2017  08:48 PM           131,072 edb0137B.log
20/11/2017  08:48 PM           131,072 edb0137C.log
20/11/2017  08:48 PM           131,072 edb0137D.log
20/11/2017  08:48 PM           131,072 edb0137E.log
20/11/2017  08:48 PM           131,072 edb0137F.log
20/11/2017  08:48 PM           131,072 edb01380.log
20/11/2017  08:48 PM           131,072 edb01381.log
20/11/2017  08:48 PM           131,072 edb01382.log
20/11/2017  08:48 PM           131,072 edb01383.log
20/11/2017  08:48 PM           131,072 edb01384.log
20/11/2017  08:48 PM           131,072 edb01385.log
20/11/2017  08:48 PM           131,072 edb01386.log
20/11/2017  08:48 PM           131,072 edb01387.log
20/11/2017  08:48 PM           131,072 edb01388.log
20/11/2017  08:48 PM           131,072 edb01389.log
20/11/2017  08:48 PM           131,072 edb0138A.log
20/11/2017  08:48 PM           131,072 edb0138B.log
20/11/2017  08:48 PM           131,072 edb0138C.log
20/11/2017  08:48 PM           131,072 edb0138D.log
20/11/2017  08:48 PM           131,072 edb0138E.log
20/11/2017  08:48 PM           131,072 edb0138F.log
20/11/2017  08:48 PM           131,072 edb01390.log
20/11/2017  08:48 PM           131,072 edb01391.log
20/11/2017  08:48 PM           131,072 edb01392.log
20/11/2017  08:48 PM           131,072 edb01393.log
20/11/2017  08:48 PM           131,072 edb01394.log
20/11/2017  08:48 PM           131,072 edb01395.log
20/11/2017  08:48 PM           131,072 edb01396.log
20/11/2017  08:48 PM           131,072 edb01397.log
20/11/2017  08:48 PM           131,072 edb01398.log
20/11/2017  08:48 PM           131,072 edb01399.log
20/11/2017  08:48 PM           131,072 edb0139A.log
20/11/2017  08:48 PM           131,072 edb0139B.log
20/11/2017  08:48 PM           131,072 edb0139C.log
20/11/2017  08:48 PM           131,072 edb0139D.log
20/11/2017  08:48 PM           131,072 edb0139E.log
20/11/2017  08:48 PM           131,072 edb0139F.log
20/11/2017  08:48 PM           131,072 edb013A0.log
20/11/2017  08:48 PM           131,072 edb013A1.log
20/11/2017  08:48 PM           131,072 edb013A2.log
20/11/2017  08:48 PM           131,072 edb013A3.log
20/11/2017  08:48 PM           131,072 edb013A4.log
20/11/2017  08:48 PM           131,072 edb013A5.log
20/11/2017  08:48 PM           131,072 edb013A6.log
20/11/2017  08:48 PM           131,072 edb013A7.log
20/11/2017  08:48 PM           131,072 edb013A8.log
20/11/2017  08:48 PM           131,072 edb013A9.log
20/11/2017  08:48 PM           131,072 edb013AA.log
20/11/2017  08:48 PM           131,072 edb013AB.log
20/11/2017  08:48 PM           131,072 edb013AC.log
20/11/2017  08:48 PM           131,072 edb013AD.log
20/11/2017  08:48 PM           131,072 edb013AE.log
20/11/2017  08:48 PM           131,072 edb013AF.log
20/11/2017  08:48 PM           131,072 edb013B0.log
20/11/2017  08:48 PM           131,072 edb013B1.log
20/11/2017  08:48 PM           131,072 edb013B2.log
20/11/2017  08:48 PM           131,072 edb013B3.log
20/11/2017  08:48 PM           131,072 edb013B4.log
20/11/2017  08:48 PM           131,072 edb013B5.log
20/11/2017  08:48 PM           131,072 edb013B6.log
20/11/2017  08:48 PM           131,072 edb013B7.log
20/11/2017  08:48 PM           131,072 edb013B8.log
20/11/2017  08:48 PM           131,072 edb013B9.log
20/11/2017  08:48 PM           131,072 edb013BA.log
20/11/2017  08:48 PM           131,072 edb013BB.log
20/11/2017  08:48 PM           131,072 edb013BC.log
20/11/2017  08:48 PM           131,072 edb013BD.log
20/11/2017  08:48 PM           131,072 edb013BE.log
20/11/2017  08:48 PM           131,072 edb013BF.log
20/11/2017  08:48 PM           131,072 edb013C0.log
20/11/2017  08:48 PM           131,072 edb013C1.log
20/11/2017  08:48 PM           131,072 edb013C2.log
20/11/2017  08:48 PM           131,072 edb013C3.log
20/11/2017  08:48 PM           131,072 edb013C4.log
20/11/2017  08:48 PM           131,072 edb013C5.log
20/11/2017  08:48 PM           131,072 edb013C6.log
20/11/2017  08:48 PM           131,072 edb013C7.log
20/11/2017  08:48 PM           131,072 edb013C8.log
20/11/2017  08:48 PM           131,072 edb013C9.log
20/11/2017  08:48 PM           131,072 edb013CA.log
20/11/2017  08:48 PM           131,072 edb013CB.log
20/11/2017  08:48 PM           131,072 edb013CC.log
20/11/2017  08:48 PM           131,072 edb013CD.log
20/11/2017  08:48 PM           131,072 edb013CE.log
20/11/2017  08:48 PM           131,072 edb013CF.log
20/11/2017  08:48 PM           131,072 edb013D0.log
20/11/2017  08:48 PM           131,072 edb013D1.log
20/11/2017  08:48 PM           131,072 edb013D2.log
20/11/2017  08:48 PM           131,072 edb013D3.log
20/11/2017  08:48 PM           131,072 edb013D4.log
20/11/2017  08:48 PM           131,072 edb013D5.log
20/11/2017  08:48 PM           131,072 edb013D6.log
20/11/2017  08:48 PM           131,072 edb013D7.log
20/11/2017  08:48 PM           131,072 edb013D8.log
20/11/2017  08:48 PM           131,072 edb013D9.log
20/11/2017  08:48 PM           131,072 edb013DA.log
20/11/2017  08:48 PM           131,072 edb013DB.log
20/11/2017  08:48 PM           131,072 edb013DC.log
20/11/2017  08:48 PM           131,072 edb013DD.log
20/11/2017  08:48 PM           131,072 edb013DE.log
20/11/2017  08:48 PM           131,072 edb013DF.log
20/11/2017  08:48 PM           131,072 edb013E0.log
20/11/2017  08:48 PM           131,072 edb013E1.log
20/11/2017  08:48 PM           131,072 edb013E2.log
20/11/2017  08:48 PM           131,072 edb013E3.log
20/11/2017  08:48 PM           131,072 edb013E4.log
20/11/2017  08:48 PM           131,072 edb013E5.log
20/11/2017  08:48 PM           131,072 edb013E6.log
20/11/2017  08:48 PM           131,072 edb013E7.log
20/11/2017  08:48 PM           131,072 edb013E8.log
20/11/2017  08:48 PM           131,072 edb013E9.log
20/11/2017  08:48 PM           131,072 edb013EA.log
20/11/2017  08:48 PM           131,072 edb013EB.log
20/11/2017  08:48 PM           131,072 edb013EC.log
20/11/2017  08:48 PM           131,072 edb013ED.log
20/11/2017  08:48 PM           131,072 edb013EE.log
20/11/2017  08:48 PM           131,072 edb013EF.log
20/11/2017  08:48 PM           131,072 edb013F0.log
20/11/2017  08:48 PM           131,072 edb013F1.log
20/11/2017  08:48 PM           131,072 edb013F2.log
20/11/2017  08:48 PM           131,072 edb013F3.log
20/11/2017  08:48 PM           131,072 edb013F4.log
20/11/2017  08:48 PM           131,072 edb013F5.log
20/11/2017  08:48 PM           131,072 edb013F6.log
20/11/2017  08:48 PM           131,072 edb013F7.log
20/11/2017  08:48 PM           131,072 edb013F8.log
20/11/2017  08:48 PM           131,072 edb013F9.log
20/11/2017  08:48 PM           131,072 edb013FA.log
20/11/2017  08:48 PM           131,072 edb013FB.log
20/11/2017  08:48 PM           131,072 edb013FC.log
20/11/2017  08:48 PM           131,072 edb013FD.log
20/11/2017  08:48 PM           131,072 edb013FE.log
20/11/2017  08:48 PM           131,072 edb013FF.log
20/11/2017  08:48 PM           131,072 edb01400.log
20/11/2017  08:48 PM           131,072 edb01401.log
20/11/2017  08:48 PM           131,072 edb01402.log
20/11/2017  08:48 PM           131,072 edb01403.log
20/11/2017  08:48 PM           131,072 edb01404.log
20/11/2017  08:48 PM           131,072 edb01405.log
20/11/2017  08:48 PM           131,072 edb01406.log
20/11/2017  08:48 PM           131,072 edb01407.log
20/11/2017  08:48 PM           131,072 edb01408.log
20/11/2017  08:48 PM           131,072 edb01409.log
20/11/2017  08:48 PM           131,072 edb0140A.log
20/11/2017  08:48 PM           131,072 edb0140B.log
20/11/2017  08:48 PM           131,072 edb0140C.log
20/11/2017  08:48 PM           131,072 edb0140D.log
20/11/2017  08:48 PM           131,072 edb0140E.log
20/11/2017  08:48 PM           131,072 edb0140F.log
20/11/2017  08:48 PM           131,072 edb01410.log
20/11/2017  08:48 PM           131,072 edb01411.log
20/11/2017  08:48 PM           131,072 edb01412.log
20/11/2017  08:48 PM           131,072 edb01413.log
20/11/2017  08:48 PM           131,072 edb01414.log
20/11/2017  08:48 PM           131,072 edb01415.log
20/11/2017  08:48 PM           131,072 edb01416.log
20/11/2017  08:48 PM           131,072 edb01417.log
20/11/2017  08:48 PM           131,072 edb01418.log
20/11/2017  08:48 PM           131,072 edb01419.log
20/11/2017  08:48 PM           131,072 edb0141A.log
20/11/2017  08:48 PM           131,072 edb0141B.log
20/11/2017  08:48 PM           131,072 edb0141C.log
20/11/2017  08:48 PM           131,072 edb0141D.log
20/11/2017  08:48 PM           131,072 edb0141E.log
20/11/2017  08:48 PM           131,072 edb0141F.log
20/11/2017  08:48 PM           131,072 edb01420.log
20/11/2017  08:48 PM           131,072 edb01421.log
20/11/2017  08:48 PM           131,072 edb01422.log
20/11/2017  08:48 PM           131,072 edb01423.log
20/11/2017  08:48 PM           131,072 edb01424.log
20/11/2017  08:48 PM           131,072 edb01425.log
20/11/2017  08:48 PM           131,072 edb01426.log
20/11/2017  08:48 PM           131,072 edb01427.log
20/11/2017  08:48 PM           131,072 edb01428.log
20/11/2017  08:48 PM           131,072 edb01429.log
20/11/2017  08:48 PM           131,072 edb0142A.log
20/11/2017  08:48 PM           131,072 edb0142B.log
20/11/2017  08:48 PM           131,072 edb0142C.log
20/11/2017  08:48 PM           131,072 edb0142D.log
20/11/2017  08:48 PM           131,072 edb0142E.log
20/11/2017  08:48 PM           131,072 edb0142F.log
20/11/2017  08:48 PM           131,072 edb01430.log
20/11/2017  08:48 PM           131,072 edb01431.log
20/11/2017  08:48 PM           131,072 edb01432.log
20/11/2017  08:48 PM           131,072 edb01433.log
20/11/2017  08:48 PM           131,072 edb01434.log
20/11/2017  08:48 PM           131,072 edb01435.log
20/11/2017  08:48 PM           131,072 edb01436.log
20/11/2017  08:48 PM           131,072 edb01437.log
20/11/2017  08:48 PM           131,072 edb01438.log
20/11/2017  08:48 PM           131,072 edb01439.log
20/11/2017  08:48 PM           131,072 edb0143A.log
20/11/2017  08:48 PM           131,072 edb0143B.log
20/11/2017  08:48 PM           131,072 edb0143C.log
20/11/2017  08:48 PM           131,072 edb0143D.log
20/11/2017  08:48 PM           131,072 edb0143E.log
20/11/2017  08:48 PM           131,072 edb0143F.log
20/11/2017  08:48 PM           131,072 edb01440.log
20/11/2017  08:48 PM           131,072 edb01441.log
20/11/2017  08:48 PM           131,072 edb01442.log
20/11/2017  08:48 PM           131,072 edb01443.log
20/11/2017  08:48 PM           131,072 edb01444.log
20/11/2017  08:48 PM           131,072 edb01445.log
20/11/2017  08:48 PM           131,072 edb01446.log
20/11/2017  08:48 PM           131,072 edb01447.log
20/11/2017  08:48 PM           131,072 edb01448.log
20/11/2017  08:48 PM           131,072 edb01449.log
20/11/2017  08:48 PM           131,072 edb0144A.log
20/11/2017  08:48 PM           131,072 edb0144B.log
20/11/2017  08:48 PM           131,072 edb0144C.log
20/11/2017  08:48 PM           131,072 edb0144D.log
20/11/2017  08:48 PM           131,072 edb0144E.log
20/11/2017  08:48 PM           131,072 edb0144F.log
20/11/2017  08:48 PM           131,072 edb01450.log
20/11/2017  08:48 PM           131,072 edb01451.log
20/11/2017  08:48 PM           131,072 edb01452.log
20/11/2017  08:48 PM           131,072 edb01453.log
20/11/2017  08:48 PM           131,072 edb01454.log
20/11/2017  08:48 PM           131,072 edb01455.log
20/11/2017  08:48 PM           131,072 edb01456.log
20/11/2017  08:48 PM           131,072 edb01457.log
20/11/2017  08:48 PM           131,072 edb01458.log
20/11/2017  08:48 PM           131,072 edb01459.log
20/11/2017  08:48 PM           131,072 edb0145A.log
20/11/2017  08:48 PM           131,072 edb0145B.log
20/11/2017  08:48 PM           131,072 edb0145C.log
20/11/2017  08:48 PM           131,072 edb0145D.log
20/11/2017  08:48 PM           131,072 edb0145E.log
20/11/2017  08:48 PM           131,072 edb0145F.log
20/11/2017  08:48 PM           131,072 edb01460.log
20/11/2017  08:48 PM           131,072 edb01461.log
20/11/2017  08:48 PM           131,072 edb01462.log
20/11/2017  08:48 PM           131,072 edb01463.log
20/11/2017  08:48 PM           131,072 edb01464.log
20/11/2017  08:48 PM           131,072 edb01465.log
20/11/2017  08:48 PM           131,072 edb01466.log
20/11/2017  08:48 PM           131,072 edb01467.log
20/11/2017  08:48 PM           131,072 edb01468.log
20/11/2017  08:48 PM           131,072 edb01469.log
20/11/2017  08:48 PM           131,072 edb0146A.log
20/11/2017  08:48 PM           131,072 edb0146B.log
20/11/2017  08:48 PM           131,072 edb0146C.log
20/11/2017  08:48 PM           131,072 edb0146D.log
20/11/2017  08:48 PM           131,072 edb0146E.log
20/11/2017  08:48 PM           131,072 edb0146F.log
20/11/2017  08:48 PM           131,072 edb01470.log
20/11/2017  08:48 PM           131,072 edb01471.log
20/11/2017  08:48 PM           131,072 edb01472.log
20/11/2017  08:48 PM           131,072 edb01473.log
20/11/2017  08:48 PM           131,072 edb01474.log
20/11/2017  08:48 PM           131,072 edb01475.log
20/11/2017  08:48 PM           131,072 edb01476.log
20/11/2017  08:48 PM           131,072 edb01477.log
20/11/2017  08:48 PM           131,072 edb01478.log
20/11/2017  08:48 PM           131,072 edb01479.log
20/11/2017  08:48 PM           131,072 edb0147A.log
20/11/2017  08:48 PM           131,072 edb0147B.log
20/11/2017  08:48 PM           131,072 edb0147C.log
20/11/2017  08:48 PM           131,072 edb0147D.log
20/11/2017  08:48 PM           131,072 edb0147E.log
20/11/2017  08:48 PM           131,072 edb0147F.log
20/11/2017  08:48 PM           131,072 edb01480.log
20/11/2017  08:48 PM           131,072 edb01481.log
20/11/2017  08:48 PM           131,072 edb01482.log
20/11/2017  08:48 PM           131,072 edb01483.log
20/11/2017  08:48 PM           131,072 edb01484.log
20/11/2017  08:48 PM           131,072 edb01485.log
20/11/2017  08:48 PM           131,072 edb01486.log
20/11/2017  08:48 PM           131,072 edb01487.log
20/11/2017  08:48 PM           131,072 edb01488.log
20/11/2017  08:48 PM           131,072 edb01489.log
20/11/2017  08:48 PM           131,072 edb0148A.log
20/11/2017  08:48 PM           131,072 edb0148B.log
20/11/2017  08:48 PM           131,072 edb0148C.log
20/11/2017  08:48 PM           131,072 edb0148D.log
20/11/2017  08:48 PM           131,072 edb0148E.log
20/11/2017  08:48 PM           131,072 edb0148F.log
20/11/2017  08:48 PM           131,072 edb01490.log
20/11/2017  08:48 PM           131,072 edb01491.log
20/11/2017  08:48 PM           131,072 edb01492.log
20/11/2017  08:48 PM           131,072 edb01493.log
20/11/2017  08:48 PM           131,072 edb01494.log
20/11/2017  08:48 PM           131,072 edb01495.log
20/11/2017  08:48 PM           131,072 edb01496.log
20/11/2017  08:48 PM           131,072 edb01497.log
20/11/2017  08:48 PM           131,072 edb01498.log
20/11/2017  08:48 PM           131,072 edb01499.log
20/11/2017  08:48 PM           131,072 edb0149A.log
20/11/2017  08:48 PM           131,072 edb0149B.log
20/11/2017  08:48 PM           131,072 edb0149C.log
20/11/2017  08:48 PM           131,072 edb0149D.log
20/11/2017  08:48 PM           131,072 edb0149E.log
20/11/2017  08:48 PM           131,072 edb0149F.log
20/11/2017  08:48 PM           131,072 edb014A0.log
20/11/2017  08:48 PM           131,072 edb014A1.log
20/11/2017  08:48 PM           131,072 edb014A2.log
20/11/2017  08:48 PM           131,072 edb014A3.log
20/11/2017  08:48 PM           131,072 edb014A4.log
20/11/2017  08:48 PM           131,072 edb014A5.log
20/11/2017  08:48 PM           131,072 edb014A6.log
20/11/2017  08:48 PM           131,072 edb014A7.log
20/11/2017  08:48 PM           131,072 edb014A8.log
20/11/2017  08:48 PM           131,072 edb014A9.log
20/11/2017  08:48 PM           131,072 edb014AA.log
20/11/2017  08:48 PM           131,072 edb014AB.log
20/11/2017  08:48 PM           131,072 edb014AC.log
20/11/2017  08:48 PM           131,072 edb014AD.log
20/11/2017  08:48 PM           131,072 edb014AE.log
20/11/2017  08:48 PM           131,072 edb014AF.log
20/11/2017  08:48 PM           131,072 edb014B0.log
20/11/2017  08:48 PM           131,072 edb014B1.log
20/11/2017  08:48 PM           131,072 edb014B2.log
20/11/2017  08:48 PM           131,072 edb014B3.log
20/11/2017  08:48 PM           131,072 edb014B4.log
20/11/2017  08:48 PM           131,072 edb014B5.log
20/11/2017  08:48 PM           131,072 edb014B6.log
20/11/2017  08:48 PM           131,072 edb014B7.log
20/11/2017  08:48 PM           131,072 edb014B8.log
20/11/2017  08:48 PM           131,072 edb014B9.log
20/11/2017  08:48 PM           131,072 edb014BA.log
20/11/2017  08:48 PM           131,072 edb014BB.log
20/11/2017  08:48 PM           131,072 edb014BC.log
20/11/2017  08:48 PM           131,072 edb014BD.log
20/11/2017  08:48 PM           131,072 edb014BE.log
20/11/2017  08:48 PM           131,072 edb014BF.log
20/11/2017  08:48 PM           131,072 edb014C0.log
20/11/2017  08:48 PM           131,072 edb014C1.log
20/11/2017  08:48 PM           131,072 edb014C2.log
20/11/2017  08:48 PM           131,072 edb014C3.log
20/11/2017  08:48 PM           131,072 edb014C4.log
20/11/2017  08:48 PM           131,072 edb014C5.log
20/11/2017  08:48 PM           131,072 edb014C6.log
20/11/2017  08:48 PM           131,072 edb014C7.log
20/11/2017  08:48 PM           131,072 edb014C8.log
20/11/2017  08:48 PM           131,072 edb014C9.log
20/11/2017  08:48 PM           131,072 edb014CA.log
20/11/2017  08:48 PM           131,072 edb014CB.log
20/11/2017  08:48 PM           131,072 edb014CC.log
20/11/2017  08:48 PM           131,072 edb014CD.log
20/11/2017  08:48 PM           131,072 edb014CE.log
20/11/2017  08:48 PM           131,072 edb014CF.log
20/11/2017  08:48 PM           131,072 edb014D0.log
20/11/2017  08:48 PM           131,072 edb014D1.log
20/11/2017  08:48 PM           131,072 edb014D2.log
20/11/2017  08:48 PM           131,072 edb014D3.log
20/11/2017  08:48 PM           131,072 edb014D4.log
20/11/2017  08:48 PM           131,072 edb014D5.log
20/11/2017  08:48 PM           131,072 edb014D6.log
20/11/2017  08:48 PM           131,072 edb014D7.log
20/11/2017  08:48 PM           131,072 edb014D8.log
20/11/2017  08:48 PM           131,072 edb014D9.log
20/11/2017  08:48 PM           131,072 edb014DA.log
20/11/2017  08:48 PM           131,072 edb014DB.log
20/11/2017  08:48 PM           131,072 edb014DC.log
20/11/2017  08:48 PM           131,072 edb014DD.log
20/11/2017  08:48 PM           131,072 edb014DE.log
20/11/2017  08:48 PM           131,072 edb014DF.log
20/11/2017  08:48 PM           131,072 edb014E0.log
20/11/2017  08:48 PM           131,072 edb014E1.log
20/11/2017  08:48 PM           131,072 edb014E2.log
20/11/2017  08:48 PM           131,072 edb014E3.log
20/11/2017  08:48 PM           131,072 edb014E4.log
20/11/2017  08:48 PM           131,072 edb014E5.log
20/11/2017  08:48 PM           131,072 edb014E6.log
20/11/2017  08:48 PM           131,072 edb014E7.log
20/11/2017  08:48 PM           131,072 edb014E8.log
20/11/2017  08:48 PM           131,072 edb014E9.log
20/11/2017  08:48 PM           131,072 edb014EA.log
20/11/2017  08:48 PM           131,072 edb014EB.log
20/11/2017  08:48 PM           131,072 edb014EC.log
20/11/2017  08:48 PM           131,072 edb014ED.log
20/11/2017  08:48 PM           131,072 edb014EE.log
20/11/2017  08:48 PM           131,072 edb014EF.log
20/11/2017  08:48 PM           131,072 edb014F0.log
20/11/2017  08:48 PM           131,072 edb014F1.log
20/11/2017  08:48 PM           131,072 edb014F2.log
20/11/2017  08:48 PM           131,072 edb014F3.log
20/11/2017  08:48 PM           131,072 edb014F4.log
20/11/2017  08:48 PM           131,072 edb014F5.log
20/11/2017  08:48 PM           131,072 edb014F6.log
20/11/2017  08:48 PM           131,072 edb014F7.log
20/11/2017  08:48 PM           131,072 edb014F8.log
20/11/2017  08:48 PM           131,072 edb014F9.log
20/11/2017  08:48 PM           131,072 edb014FA.log
20/11/2017  08:48 PM           131,072 edb014FB.log
20/11/2017  08:48 PM           131,072 edb014FC.log
20/11/2017  08:48 PM           131,072 edb014FD.log
20/11/2017  08:48 PM           131,072 edb014FE.log
20/11/2017  08:48 PM           131,072 edb014FF.log
20/11/2017  08:48 PM           131,072 edb01500.log
20/11/2017  08:48 PM           131,072 edb01501.log
20/11/2017  08:48 PM           131,072 edb01502.log
20/11/2017  08:48 PM           131,072 edb01503.log
20/11/2017  08:48 PM           131,072 edb01504.log
20/11/2017  08:48 PM           131,072 edb01505.log
20/11/2017  08:48 PM           131,072 edb01506.log
20/11/2017  08:48 PM           131,072 edb01507.log
20/11/2017  08:48 PM           131,072 edb01508.log
20/11/2017  08:48 PM           131,072 edb01509.log
20/11/2017  08:48 PM           131,072 edb0150A.log
20/11/2017  08:48 PM           131,072 edb0150B.log
20/11/2017  08:48 PM           131,072 edb0150C.log
20/11/2017  08:48 PM           131,072 edb0150D.log
20/11/2017  08:48 PM           131,072 edb0150E.log
20/11/2017  08:48 PM           131,072 edb0150F.log
20/11/2017  08:48 PM           131,072 edb01510.log
20/11/2017  08:48 PM           131,072 edb01511.log
20/11/2017  08:48 PM           131,072 edb01512.log
20/11/2017  08:48 PM           131,072 edb01513.log
20/11/2017  08:48 PM           131,072 edb01514.log
20/11/2017  08:48 PM           131,072 edb01515.log
20/11/2017  08:48 PM           131,072 edb01516.log
20/11/2017  08:48 PM           131,072 edb01517.log
20/11/2017  08:48 PM           131,072 edb01518.log
20/11/2017  08:48 PM           131,072 edb01519.log
20/11/2017  08:48 PM           131,072 edb0151A.log
20/11/2017  08:48 PM           131,072 edb0151B.log
20/11/2017  08:48 PM           131,072 edb0151C.log
20/11/2017  08:48 PM           131,072 edb0151D.log
20/11/2017  08:48 PM           131,072 edb0151E.log
20/11/2017  08:48 PM           131,072 edb0151F.log
20/11/2017  08:48 PM           131,072 edb01520.log
20/11/2017  08:48 PM           131,072 edb01521.log
20/11/2017  08:48 PM           131,072 edb01522.log
20/11/2017  08:48 PM           131,072 edb01523.log
20/11/2017  08:48 PM           131,072 edb01524.log
20/11/2017  08:48 PM           131,072 edb01525.log
20/11/2017  08:48 PM           131,072 edb01526.log
20/11/2017  08:48 PM           131,072 edb01527.log
20/11/2017  08:48 PM           131,072 edb01528.log
20/11/2017  08:48 PM           131,072 edb01529.log
20/11/2017  08:48 PM           131,072 edb0152A.log
20/11/2017  08:48 PM           131,072 edb0152B.log
20/11/2017  08:48 PM           131,072 edb0152C.log
20/11/2017  08:48 PM           131,072 edb0152D.log
20/11/2017  08:48 PM           131,072 edb0152E.log
20/11/2017  08:48 PM           131,072 edb0152F.log
20/11/2017  08:48 PM           131,072 edb01530.log
20/11/2017  08:48 PM           131,072 edb01531.log
20/11/2017  08:48 PM           131,072 edb01532.log
20/11/2017  08:48 PM           131,072 edb01533.log
20/11/2017  08:48 PM           131,072 edb01534.log
20/11/2017  08:48 PM           131,072 edb01535.log
20/11/2017  08:48 PM           131,072 edb01536.log
20/11/2017  08:48 PM           131,072 edb01537.log
20/11/2017  08:48 PM           131,072 edb01538.log
20/11/2017  08:48 PM           131,072 edb01539.log
20/11/2017  08:48 PM           131,072 edb0153A.log
20/11/2017  08:48 PM           131,072 edb0153B.log
20/11/2017  08:48 PM           131,072 edb0153C.log
20/11/2017  08:48 PM           131,072 edb0153D.log
20/11/2017  08:48 PM           131,072 edb0153E.log
20/11/2017  08:48 PM           131,072 edb0153F.log
20/11/2017  08:48 PM           131,072 edb01540.log
20/11/2017  08:48 PM           131,072 edb01541.log
20/11/2017  08:48 PM           131,072 edb01542.log
20/11/2017  08:48 PM           131,072 edb01543.log
20/11/2017  08:48 PM           131,072 edb01544.log
20/11/2017  08:48 PM           131,072 edb01545.log
20/11/2017  08:48 PM           131,072 edb01546.log
20/11/2017  08:48 PM           131,072 edb01547.log
20/11/2017  08:48 PM           131,072 edb01548.log
20/11/2017  08:48 PM           131,072 edb01549.log
20/11/2017  08:48 PM           131,072 edb0154A.log
20/11/2017  08:48 PM           131,072 edb0154B.log
20/11/2017  08:48 PM           131,072 edb0154C.log
20/11/2017  08:48 PM           131,072 edb0154D.log
20/11/2017  08:48 PM           131,072 edb0154E.log
20/11/2017  08:48 PM           131,072 edb0154F.log
20/11/2017  08:48 PM           131,072 edb01550.log
20/11/2017  08:48 PM           131,072 edb01551.log
20/11/2017  08:48 PM           131,072 edb01552.log
20/11/2017  08:48 PM           131,072 edb01553.log
20/11/2017  08:48 PM           131,072 edb01554.log
20/11/2017  08:48 PM           131,072 edb01555.log
20/11/2017  08:48 PM           131,072 edb01556.log
20/11/2017  08:48 PM           131,072 edb01557.log
20/11/2017  08:48 PM           131,072 edb01558.log
20/11/2017  08:48 PM           131,072 edb01559.log
20/11/2017  08:48 PM           131,072 edb0155A.log
20/11/2017  08:48 PM           131,072 edb0155B.log
20/11/2017  08:48 PM           131,072 edb0155C.log
20/11/2017  08:48 PM           131,072 edb0155D.log
20/11/2017  08:48 PM           131,072 edb0155E.log
20/11/2017  08:48 PM           131,072 edb0155F.log
20/11/2017  08:48 PM           131,072 edb01560.log
20/11/2017  08:48 PM           131,072 edb01561.log
20/11/2017  08:48 PM           131,072 edb01562.log
20/11/2017  08:48 PM           131,072 edb01563.log
20/11/2017  08:48 PM           131,072 edb01564.log
20/11/2017  08:48 PM           131,072 edb01565.log
20/11/2017  08:48 PM           131,072 edb01566.log
20/11/2017  08:48 PM           131,072 edb01567.log
20/11/2017  08:48 PM           131,072 edb01568.log
20/11/2017  08:48 PM           131,072 edb01569.log
20/11/2017  08:48 PM           131,072 edb0156A.log
20/11/2017  08:48 PM           131,072 edb0156B.log
20/11/2017  08:48 PM           131,072 edb0156C.log
20/11/2017  08:48 PM           131,072 edb0156D.log
20/11/2017  08:48 PM           131,072 edb0156E.log
20/11/2017  08:48 PM           131,072 edb0156F.log
20/11/2017  08:48 PM           131,072 edb01570.log
20/11/2017  08:48 PM           131,072 edb01571.log
20/11/2017  08:48 PM           131,072 edb01572.log
20/11/2017  08:48 PM           131,072 edb01573.log
20/11/2017  08:48 PM           131,072 edb01574.log
20/11/2017  08:48 PM           131,072 edb01575.log
20/11/2017  08:48 PM           131,072 edb01576.log
20/11/2017  08:48 PM           131,072 edb01577.log
20/11/2017  08:48 PM           131,072 edb01578.log
20/11/2017  08:48 PM           131,072 edb01579.log
20/11/2017  08:48 PM           131,072 edb0157A.log
20/11/2017  08:48 PM           131,072 edb0157B.log
20/11/2017  08:48 PM           131,072 edb0157C.log
20/11/2017  08:48 PM           131,072 edb0157D.log
20/11/2017  08:48 PM           131,072 edb0157E.log
20/11/2017  08:48 PM           131,072 edb0157F.log
20/11/2017  08:48 PM           131,072 edb01580.log
20/11/2017  08:48 PM           131,072 edb01581.log
20/11/2017  08:48 PM           131,072 edb01582.log
20/11/2017  08:48 PM           131,072 edb01583.log
20/11/2017  08:48 PM           131,072 edb01584.log
20/11/2017  08:48 PM           131,072 edb01585.log
20/11/2017  08:48 PM           131,072 edb01586.log
20/11/2017  08:48 PM           131,072 edb01587.log
20/11/2017  08:48 PM           131,072 edb01588.log
20/11/2017  08:48 PM           131,072 edb01589.log
20/11/2017  08:48 PM           131,072 edb0158A.log
20/11/2017  08:48 PM           131,072 edb0158B.log
20/11/2017  08:48 PM           131,072 edb0158C.log
20/11/2017  08:48 PM           131,072 edb0158D.log
20/11/2017  08:48 PM           131,072 edb0158E.log
20/11/2017  08:48 PM           131,072 edb0158F.log
20/11/2017  08:48 PM           131,072 edb01590.log
20/11/2017  08:48 PM           131,072 edb01591.log
20/11/2017  08:48 PM           131,072 edb01592.log
20/11/2017  08:48 PM           131,072 edb01593.log
20/11/2017  08:48 PM           131,072 edb01594.log
20/11/2017  08:48 PM           131,072 edb01595.log
20/11/2017  08:48 PM           131,072 edb01596.log
20/11/2017  08:48 PM           131,072 edb01597.log
20/11/2017  08:48 PM           131,072 edb01598.log
20/11/2017  08:48 PM           131,072 edb01599.log
20/11/2017  08:48 PM           131,072 edb0159A.log
20/11/2017  08:48 PM           131,072 edb0159B.log
20/11/2017  08:48 PM           131,072 edb0159C.log
20/11/2017  08:48 PM           131,072 edb0159D.log
20/11/2017  08:48 PM           131,072 edb0159E.log
20/11/2017  08:48 PM           131,072 edb0159F.log
20/11/2017  08:48 PM           131,072 edb015A0.log
20/11/2017  08:48 PM           131,072 edb015A1.log
20/11/2017  08:48 PM           131,072 edb015A2.log
20/11/2017  08:48 PM           131,072 edb015A3.log
20/11/2017  08:48 PM           131,072 edb015A4.log
20/11/2017  08:48 PM           131,072 edb015A5.log
20/11/2017  08:48 PM           131,072 edb015A6.log
20/11/2017  08:48 PM           131,072 edb015A7.log
20/11/2017  08:48 PM           131,072 edb015A8.log
20/11/2017  08:48 PM           131,072 edb015A9.log
20/11/2017  08:48 PM           131,072 edb015AA.log
20/11/2017  08:48 PM           131,072 edb015AB.log
20/11/2017  08:48 PM           131,072 edb015AC.log
20/11/2017  08:48 PM           131,072 edb015AD.log
20/11/2017  08:48 PM           131,072 edb015AE.log
20/11/2017  08:48 PM           131,072 edb015AF.log
20/11/2017  08:48 PM           131,072 edb015B0.log
20/11/2017  08:48 PM           131,072 edb015B1.log
20/11/2017  08:48 PM           131,072 edb015B2.log
20/11/2017  08:48 PM           131,072 edb015B3.log
20/11/2017  08:48 PM           131,072 edb015B4.log
20/11/2017  08:48 PM           131,072 edb015B5.log
20/11/2017  08:48 PM           131,072 edb015B6.log
20/11/2017  08:48 PM           131,072 edb015B7.log
20/11/2017  08:48 PM           131,072 edb015B8.log
20/11/2017  08:48 PM           131,072 edb015B9.log
20/11/2017  08:48 PM           131,072 edb015BA.log
20/11/2017  08:48 PM           131,072 edb015BB.log
20/11/2017  08:48 PM           131,072 edb015BC.log
20/11/2017  08:48 PM           131,072 edb015BD.log
20/11/2017  08:48 PM           131,072 edb015BE.log
20/11/2017  08:48 PM           131,072 edb015BF.log
20/11/2017  08:48 PM           131,072 edb015C0.log
20/11/2017  08:48 PM           131,072 edb015C1.log
20/11/2017  08:48 PM           131,072 edb015C2.log
20/11/2017  08:48 PM           131,072 edb015C3.log
20/11/2017  08:48 PM           131,072 edb015C4.log
20/11/2017  08:48 PM           131,072 edb015C5.log
20/11/2017  08:48 PM           131,072 edb015C6.log
20/11/2017  08:48 PM           131,072 edb015C7.log
20/11/2017  08:48 PM           131,072 edb015C8.log
20/11/2017  08:48 PM           131,072 edb015C9.log
20/11/2017  08:48 PM           131,072 edb015CA.log
20/11/2017  08:48 PM           131,072 edb015CB.log
20/11/2017  08:48 PM           131,072 edb015CC.log
20/11/2017  08:48 PM           131,072 edb015CD.log
20/11/2017  08:48 PM           131,072 edb015CE.log
20/11/2017  08:48 PM           131,072 edb015CF.log
20/11/2017  08:48 PM           131,072 edb015D0.log
20/11/2017  08:48 PM           131,072 edb015D1.log
20/11/2017  08:48 PM           131,072 edb015D2.log
20/11/2017  08:48 PM           131,072 edb015D3.log
20/11/2017  08:48 PM           131,072 edb015D4.log
20/11/2017  08:48 PM           131,072 edb015D5.log
20/11/2017  08:48 PM           131,072 edb015D6.log
20/11/2017  08:48 PM           131,072 edb015D7.log
20/11/2017  08:48 PM           131,072 edb015D8.log
20/11/2017  08:48 PM           131,072 edb015D9.log
20/11/2017  08:48 PM           131,072 edb015DA.log
20/11/2017  08:48 PM           131,072 edb015DB.log
20/11/2017  08:48 PM           131,072 edb015DC.log
20/11/2017  08:48 PM           131,072 edb015DD.log
20/11/2017  08:48 PM           131,072 edb015DE.log
20/11/2017  08:48 PM           131,072 edb015DF.log
20/11/2017  08:48 PM           131,072 edb015E0.log
20/11/2017  08:48 PM           131,072 edb015E1.log
20/11/2017  08:48 PM           131,072 edb015E2.log
20/11/2017  08:48 PM           131,072 edb015E3.log
20/11/2017  08:48 PM           131,072 edb015E4.log
20/11/2017  08:48 PM           131,072 edb015E5.log
20/11/2017  08:48 PM           131,072 edb015E6.log
20/11/2017  08:48 PM           131,072 edb015E7.log
20/11/2017  08:48 PM           131,072 edb015E8.log
20/11/2017  08:48 PM           131,072 edb015E9.log
20/11/2017  08:48 PM           131,072 edb015EA.log
20/11/2017  08:48 PM           131,072 edb015EB.log
20/11/2017  08:48 PM           131,072 edb015EC.log
20/11/2017  08:48 PM           131,072 edb015ED.log
20/11/2017  08:48 PM           131,072 edb015EE.log
20/11/2017  08:48 PM           131,072 edb015EF.log
20/11/2017  08:48 PM           131,072 edb015F0.log
20/11/2017  08:48 PM           131,072 edb015F1.log
20/11/2017  08:48 PM           131,072 edb015F2.log
20/11/2017  08:48 PM           131,072 edb015F3.log
20/11/2017  08:48 PM           131,072 edb015F4.log
20/11/2017  08:48 PM           131,072 edb015F5.log
20/11/2017  08:48 PM           131,072 edb015F6.log
20/11/2017  08:48 PM           131,072 edb015F7.log
20/11/2017  08:48 PM           131,072 edb015F8.log
20/11/2017  08:48 PM           131,072 edb015F9.log
20/11/2017  08:48 PM           131,072 edb015FA.log
20/11/2017  08:48 PM           131,072 edb015FB.log
20/11/2017  08:48 PM           131,072 edb015FC.log
20/11/2017  08:48 PM           131,072 edb015FD.log
20/11/2017  08:48 PM           131,072 edb015FE.log
20/11/2017  08:48 PM           131,072 edb015FF.log
20/11/2017  08:48 PM           131,072 edb01600.log
20/11/2017  08:48 PM           131,072 edb01601.log
20/11/2017  08:48 PM           131,072 edb01602.log
20/11/2017  08:48 PM           131,072 edb01603.log
20/11/2017  08:48 PM           131,072 edb01604.log
20/11/2017  08:48 PM           131,072 edb01605.log
20/11/2017  08:48 PM           131,072 edb01606.log
20/11/2017  08:48 PM           131,072 edb01607.log
20/11/2017  08:48 PM           131,072 edb01608.log
20/11/2017  08:48 PM           131,072 edb01609.log
20/11/2017  08:48 PM           131,072 edb0160A.log
20/11/2017  08:48 PM           131,072 edb0160B.log
20/11/2017  08:48 PM           131,072 edb0160C.log
20/11/2017  08:48 PM           131,072 edb0160D.log
20/11/2017  08:48 PM           131,072 edb0160E.log
20/11/2017  08:48 PM           131,072 edb0160F.log
20/11/2017  08:48 PM           131,072 edb01610.log
20/11/2017  08:48 PM           131,072 edb01611.log
20/11/2017  08:48 PM           131,072 edb01612.log
20/11/2017  08:48 PM           131,072 edb01613.log
20/11/2017  08:48 PM           131,072 edb01614.log
20/11/2017  08:48 PM           131,072 edb01615.log
20/11/2017  08:48 PM           131,072 edb01616.log
20/11/2017  08:48 PM           131,072 edb01617.log
20/11/2017  08:48 PM           131,072 edb01618.log
20/11/2017  08:48 PM           131,072 edb01619.log
20/11/2017  08:48 PM           131,072 edb0161A.log
20/11/2017  08:48 PM           131,072 edb0161B.log
20/11/2017  08:48 PM           131,072 edb0161C.log
20/11/2017  08:48 PM           131,072 edb0161D.log
20/11/2017  08:48 PM           131,072 edb0161E.log
20/11/2017  08:48 PM           131,072 edb0161F.log
20/11/2017  08:48 PM           131,072 edb01620.log
20/11/2017  08:48 PM           131,072 edb01621.log
20/11/2017  08:48 PM           131,072 edb01622.log
20/11/2017  08:48 PM           131,072 edb01623.log
20/11/2017  08:48 PM           131,072 edb01624.log
20/11/2017  08:48 PM           131,072 edb01625.log
20/11/2017  08:48 PM           131,072 edb01626.log
20/11/2017  08:48 PM           131,072 edb01627.log
20/11/2017  08:48 PM           131,072 edb01628.log
20/11/2017  08:48 PM           131,072 edb01629.log
20/11/2017  08:48 PM           131,072 edb0162A.log
20/11/2017  08:48 PM           131,072 edb0162B.log
20/11/2017  08:48 PM           131,072 edb0162C.log
20/11/2017  08:48 PM           131,072 edb0162D.log
20/11/2017  08:48 PM           131,072 edb0162E.log
20/11/2017  08:48 PM           131,072 edb0162F.log
20/11/2017  08:48 PM           131,072 edb01630.log
20/11/2017  08:48 PM           131,072 edb01631.log
20/11/2017  08:48 PM           131,072 edb01632.log
20/11/2017  08:48 PM           131,072 edb01633.log
20/11/2017  08:48 PM           131,072 edb01634.log
20/11/2017  08:48 PM           131,072 edb01635.log
20/11/2017  08:48 PM           131,072 edb01636.log
20/11/2017  08:48 PM           131,072 edb01637.log
20/11/2017  08:48 PM           131,072 edb01638.log
20/11/2017  08:48 PM           131,072 edb01639.log
20/11/2017  08:48 PM           131,072 edb0163A.log
20/11/2017  08:48 PM           131,072 edb0163B.log
20/11/2017  08:48 PM           131,072 edb0163C.log
20/11/2017  08:48 PM           131,072 edb0163D.log
20/11/2017  08:48 PM           131,072 edb0163E.log
20/11/2017  08:48 PM           131,072 edb0163F.log
20/11/2017  08:48 PM           131,072 edb01640.log
20/11/2017  08:48 PM           131,072 edb01641.log
20/11/2017  08:48 PM           131,072 edb01642.log
20/11/2017  08:48 PM           131,072 edb01643.log
20/11/2017  08:48 PM           131,072 edb01644.log
20/11/2017  08:48 PM           131,072 edb01645.log
20/11/2017  08:48 PM           131,072 edb01646.log
20/11/2017  08:48 PM           131,072 edb01647.log
20/11/2017  08:48 PM           131,072 edb01648.log
20/11/2017  08:48 PM           131,072 edb01649.log
20/11/2017  08:48 PM           131,072 edb0164A.log
20/11/2017  08:48 PM           131,072 edb0164B.log
20/11/2017  08:48 PM           131,072 edb0164C.log
20/11/2017  08:48 PM           131,072 edb0164D.log
20/11/2017  08:48 PM           131,072 edb0164E.log
20/11/2017  08:48 PM           131,072 edb0164F.log
20/11/2017  08:48 PM           131,072 edb01650.log
20/11/2017  08:48 PM           131,072 edb01651.log
20/11/2017  08:48 PM           131,072 edb01652.log
20/11/2017  08:48 PM           131,072 edb01653.log
20/11/2017  08:48 PM           131,072 edb01654.log
20/11/2017  08:48 PM           131,072 edb01655.log
20/11/2017  08:48 PM           131,072 edb01656.log
20/11/2017  08:48 PM           131,072 edb01657.log
20/11/2017  08:48 PM           131,072 edb01658.log
20/11/2017  08:48 PM           131,072 edb01659.log
20/11/2017  08:48 PM           131,072 edb0165A.log
20/11/2017  08:48 PM           131,072 edb0165B.log
20/11/2017  08:48 PM           131,072 edb0165C.log
20/11/2017  08:48 PM           131,072 edb0165D.log
20/11/2017  08:48 PM           131,072 edb0165E.log
20/11/2017  08:48 PM           131,072 edb0165F.log
20/11/2017  08:48 PM           131,072 edb01660.log
20/11/2017  08:48 PM           131,072 edb01661.log
20/11/2017  08:48 PM           131,072 edb01662.log
20/11/2017  08:48 PM           131,072 edb01663.log
20/11/2017  08:48 PM           131,072 edb01664.log
20/11/2017  08:48 PM           131,072 edb01665.log
20/11/2017  08:48 PM           131,072 edb01666.log
20/11/2017  08:48 PM           131,072 edb01667.log
20/11/2017  08:48 PM           131,072 edb01668.log
20/11/2017  08:48 PM           131,072 edb01669.log
20/11/2017  08:48 PM           131,072 edb0166A.log
20/11/2017  08:48 PM           131,072 edb0166B.log
20/11/2017  08:48 PM           131,072 edb0166C.log
20/11/2017  08:48 PM           131,072 edb0166D.log
20/11/2017  08:48 PM           131,072 edb0166E.log
20/11/2017  08:48 PM           131,072 edb0166F.log
20/11/2017  08:48 PM           131,072 edb01670.log
20/11/2017  08:48 PM           131,072 edb01671.log
20/11/2017  08:48 PM           131,072 edb01672.log
20/11/2017  08:48 PM           131,072 edb01673.log
20/11/2017  08:48 PM           131,072 edb01674.log
20/11/2017  08:48 PM           131,072 edb01675.log
20/11/2017  08:48 PM           131,072 edb01676.log
20/11/2017  08:48 PM           131,072 edb01677.log
20/11/2017  08:48 PM           131,072 edb01678.log
20/11/2017  08:48 PM           131,072 edb01679.log
20/11/2017  08:48 PM           131,072 edb0167A.log
20/11/2017  08:48 PM           131,072 edb0167B.log
20/11/2017  08:48 PM           131,072 edb0167C.log
20/11/2017  08:48 PM           131,072 edb0167D.log
20/11/2017  08:48 PM           131,072 edb0167E.log
20/11/2017  08:48 PM           131,072 edb0167F.log
20/11/2017  08:48 PM           131,072 edb01680.log
20/11/2017  08:48 PM           131,072 edb01681.log
20/11/2017  08:48 PM           131,072 edb01682.log
20/11/2017  08:48 PM           131,072 edb01683.log
20/11/2017  08:48 PM           131,072 edb01684.log
20/11/2017  08:48 PM           131,072 edb01685.log
20/11/2017  08:48 PM           131,072 edb01686.log
20/11/2017  08:48 PM           131,072 edb01687.log
20/11/2017  08:48 PM           131,072 edb01688.log
20/11/2017  08:48 PM           131,072 edb01689.log
20/11/2017  08:48 PM           131,072 edb0168A.log
20/11/2017  08:48 PM           131,072 edb0168B.log
20/11/2017  08:48 PM           131,072 edb0168C.log
20/11/2017  08:48 PM           131,072 edb0168D.log
20/11/2017  08:48 PM           131,072 edb0168E.log
20/11/2017  08:48 PM           131,072 edb0168F.log
20/11/2017  08:48 PM           131,072 edb01690.log
20/11/2017  08:48 PM           131,072 edb01691.log
20/11/2017  08:48 PM           131,072 edb01692.log
20/11/2017  08:48 PM           131,072 edb01693.log
20/11/2017  08:48 PM           131,072 edb01694.log
20/11/2017  08:48 PM           131,072 edb01695.log
20/11/2017  08:48 PM           131,072 edb01696.log
20/11/2017  08:48 PM           131,072 edb01697.log
20/11/2017  08:48 PM           131,072 edb01698.log
20/11/2017  08:48 PM           131,072 edb01699.log
20/11/2017  08:48 PM           131,072 edb0169A.log
20/11/2017  08:48 PM           131,072 edb0169B.log
20/11/2017  08:48 PM           131,072 edb0169C.log
20/11/2017  08:48 PM           131,072 edb0169D.log
20/11/2017  08:48 PM           131,072 edb0169E.log
20/11/2017  08:48 PM           131,072 edb0169F.log
20/11/2017  08:48 PM           131,072 edb016A0.log
20/11/2017  08:48 PM           131,072 edb016A1.log
20/11/2017  08:48 PM           131,072 edb016A2.log
20/11/2017  08:48 PM           131,072 edb016A3.log
20/11/2017  08:48 PM           131,072 edb016A4.log
20/11/2017  08:48 PM           131,072 edb016A5.log
20/11/2017  08:48 PM           131,072 edb016A6.log
20/11/2017  08:48 PM           131,072 edb016A7.log
20/11/2017  08:48 PM           131,072 edb016A8.log
20/11/2017  08:48 PM           131,072 edb016A9.log
20/11/2017  08:48 PM           131,072 edb016AA.log
20/11/2017  08:48 PM           131,072 edb016AB.log
20/11/2017  08:48 PM           131,072 edb016AC.log
20/11/2017  08:48 PM           131,072 edb016AD.log
20/11/2017  08:48 PM           131,072 edb016AE.log
20/11/2017  08:48 PM           131,072 edb016AF.log
20/11/2017  08:48 PM           131,072 edb016B0.log
20/11/2017  08:48 PM           131,072 edb016B1.log
20/11/2017  08:48 PM           131,072 edb016B2.log
20/11/2017  08:48 PM           131,072 edb016B3.log
20/11/2017  08:48 PM           131,072 edb016B4.log
20/11/2017  08:48 PM           131,072 edb016B5.log
20/11/2017  08:48 PM           131,072 edb016B6.log
20/11/2017  08:48 PM           131,072 edb016B7.log
20/11/2017  08:48 PM           131,072 edb016B8.log
20/11/2017  08:48 PM           131,072 edb016B9.log
20/11/2017  08:48 PM           131,072 edb016BA.log
20/11/2017  08:48 PM           131,072 edb016BB.log
20/11/2017  08:48 PM           131,072 edb016BC.log
20/11/2017  08:48 PM           131,072 edb016BD.log
20/11/2017  08:48 PM           131,072 edb016BE.log
20/11/2017  08:48 PM           131,072 edb016BF.log
20/11/2017  08:48 PM           131,072 edb016C0.log
20/11/2017  08:48 PM           131,072 edb016C1.log
20/11/2017  08:48 PM           131,072 edb016C2.log
20/11/2017  08:48 PM           131,072 edb016C3.log
20/11/2017  08:48 PM           131,072 edb016C4.log
20/11/2017  08:48 PM           131,072 edb016C5.log
20/11/2017  08:48 PM           131,072 edb016C6.log
20/11/2017  08:48 PM           131,072 edb016C7.log
20/11/2017  08:48 PM           131,072 edb016C8.log
20/11/2017  08:48 PM           131,072 edb016C9.log
20/11/2017  08:48 PM           131,072 edb016CA.log
20/11/2017  08:48 PM           131,072 edb016CB.log
20/11/2017  08:48 PM           131,072 edb016CC.log
20/11/2017  08:48 PM           131,072 edb016CD.log
20/11/2017  08:48 PM           131,072 edb016CE.log
20/11/2017  08:48 PM           131,072 edb016CF.log
20/11/2017  08:48 PM           131,072 edb016D0.log
20/11/2017  08:48 PM           131,072 edb016D1.log
20/11/2017  08:48 PM           131,072 edb016D2.log
20/11/2017  08:48 PM           131,072 edb016D3.log
20/11/2017  08:48 PM           131,072 edb016D4.log
20/11/2017  08:48 PM           131,072 edb016D5.log
20/11/2017  08:49 PM           131,072 edb016D6.log
20/11/2017  08:49 PM           131,072 edb016D7.log
20/11/2017  08:49 PM           131,072 edb016D8.log
20/11/2017  08:49 PM           131,072 edb016D9.log
20/11/2017  08:49 PM           131,072 edb016DA.log
18/11/2017  11:53 AM           131,072 edbres00001.jrs
18/11/2017  11:54 AM           131,072 edbres00002.jrs
            1026 File(s)    134,356,992 bytes

     Total Files Listed:
            1027 File(s)    808,665,088 bytes
               5 Dir(s)  20,198,862,848 bytes free

 

Thank you for all your help!

 


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,911 posts
  • MVP

Looks like edb log is in a loop since most of the files are the same date and time.  Try turning off Windows Search:

 

https://www.lostwind...10-8-1-8-7.html

 

Follow the instructions on the above site where it says

 

Part 2: How to Fix edb.log Error on Windows 10/8.1/8/7?

There are three options that you can try to repair edb.log error on Windows. The alternatives are listed below.
An Ounce of Prevention  <==

 

Do the drivers for keyboard and mouse show up as bad in device management?

 

Do you have a bluetooth mouse/keyboard?  Perhaps from Logitech?  May need to redownload and install their software.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP