Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something is using IE to play audio ads in the background


  • Please log in to reply
7 replies to this topic

#1 gamadaya

gamadaya

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 04 June 2015 - 12:29 AM

Hi, I found this site after googling a bunch to see if anyone had a similar issue. I found this thread made by someone with a partially similar issue.

 

About a week ago, I go some virus that downloaded a bunch of adware. It had popups on the desktop and installed stuff to browsers. I got rid of all of that, but there are still some problems. The most noticeable is that every so often, an invisible instance of internet explorer will start up and play an audio ad. It can be anything, like car commercials or an advertisement for the Olive Garden. Sometimes it doesn't load correctly and it's just a short noise. I can only see IE (which I never use) on the task manager and in the volume controls. There is no window loaded for it. I can stop the process, but eventually it comes back.

 

I noticed that on startup, something tries to make and run a fake svchost process in C:/Windows/TEMP. It will keep doing this for a while, but eventually give up. Malwarebytes will quarantine like 200 instances of it before it finally stops showing up, but it can't figure out what is actually making the file. Additionally, weird gibberish-name folders containing executables with names like vnkkyk and NVACYU~1 will show up on startup and try to run their executables. I don't know what these are, but they look really suspicious to me. They are located in the Windows/TEMP and USER/AppData/Local/Temp folders.

 

Nothing displays high CPU usage, although IE can show pretty high memory usage on occasion. Here are the log files. I'll attach them too, in case that's more convenient:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-06-2015
Ran by Isaac (administrator) on AWESOME-O on 04-06-2015 00:57:25
Running from D:\Downloads
Loaded Profiles: Isaac (Available Profiles: Isaac)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
( ) C:\Windows\System32\lxczcoms.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) D:\Not Stolen Stuff\Applications\Hamachi\hamachi-2.exe
(LogMeIn, Inc.) D:\Not Stolen Stuff\Applications\Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) D:\Not Stolen Stuff\Steam\Steam.exe
() C:\Program Files (x86)\Everything\Everything.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systeminfo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) D:\Not Stolen Stuff\Applications\Malwarebytes Anti-Malware\mbam.exe
(Dropbox, Inc.) C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Malwarebytes Corporation) D:\Not Stolen Stuff\Applications\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) D:\Not Stolen Stuff\Applications\Malwarebytes Anti-Malware\mbamscheduler.exe
() D:\Not Stolen Stuff\Applications\AutoHotkey\AutoHotkey.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) D:\Not Stolen Stuff\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\regedit.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Creative SB Monitoring Utility] => RunDll32 sbavmon.dll,SBAVMonitor
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] ()
HKLM-x32\...\Run: [BCSSync] => D:\Stolen Stuff\Applications\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => D:\Not Stolen Stuff\Applications\Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [!verifier utility] => C:\Program Files (x86)\Common Files\Microsoft Shared\DW\syseventman32.exe [560128 2015-06-02] ()
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\Run: [Steam] => D:\Not Stolen Stuff\Steam\steam.exe [2892992 2015-06-01] (Valve Corporation)
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\Run: [CCleaner Monitoring] => D:\Not Stolen Stuff\Applications\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\MountPoints2: G - G:\AutoRunMorrowind.exe
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\MountPoints2: {32b58d78-31c7-11e2-963f-6c626d3d0fe7} - H:\Autorun.exe
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\MountPoints2: {c67d9537-9805-11e0-94a2-806e6f6e6963} - K:\LaunchU3.exe -a
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\MountPoints2: {eba6fe8c-9adb-11e0-acc4-6c626d3d0fe7} - G:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHWA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2014-11-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-07-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2012-05-27] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2012-05-27] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll [2012-05-27] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => D:\Stolen Stuff\Applications\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => D:\Stolen Stuff\Applications\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => D:\Stolen Stuff\Applications\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => D:\Stolen Stuff\Applications\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => D:\Stolen Stuff\Applications\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-568655885-1843829967-3930062762-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us/?ocid=U218DHP&pc=U218
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-568655885-1843829967-3930062762-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/WOL_WCP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-10-25] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-25] (Oracle Corporation)
BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-01-09] (pdfforge GbR)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Stolen Stuff\Applications\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-06-17] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Stolen Stuff\Applications\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: QTTabBar AutoLoader -> {d2bf470e-ed1c-487f-a777-2bd8835eb6ce} -> C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-25] (Oracle Corporation)
Toolbar: HKLM - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTabBar - {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Toolbar: HKLM-x32 - QTTab Standard Buttons - {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.252.0.12

FireFox:
========
FF ProfilePath: C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905
FF NewTab: about:blank
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Google Default
FF SelectedSearchEngine: Bing
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 -> C:\Windows\system32\npDeployJava1.dll [2013-03-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-25] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll [2012-03-20] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-01-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Windows\SysWOW64\npdeployJava1.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-10-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\STOLEN~1\APPLIC~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\STOLEN~1\APPLIC~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-568655885-1843829967-3930062762-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Isaac\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2014-10-22] (Google)
FF Plugin HKU\S-1-5-21-568655885-1843829967-3930062762-1000: @talk.google.com/O1DPlugin -> C:\Users\Isaac\AppData\Roaming\Mozilla\plugins\npo1d.dll [2014-10-22] (Google)
FF Plugin HKU\S-1-5-21-568655885-1843829967-3930062762-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Isaac\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-568655885-1843829967-3930062762-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Isaac\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-568655885-1843829967-3930062762-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Isaac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-03] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\user.js [2015-06-03]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-01-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Isaac\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2014-10-22] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Isaac\AppData\Roaming\mozilla\plugins\npo1d.dll [2014-10-22] (Google)
FF SearchPlugin: C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\searchplugins\google-default.xml [2015-05-27]
FF Extension: Flashblock - C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-05-29]
FF Extension: Context Search X - C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\Extensions\contextsearch2@lwz.addons.mozilla.org.xpi [2015-05-26]
FF Extension: Auto links anonymizer - C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\Extensions\FDM@7.xpi [2015-05-30]
FF Extension: Reddit Enhancement Suite - C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2015-05-26]
FF Extension: Old Default Image Style - C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\Extensions\olddefaultimagestyle@dagger2-addons.mozilla.org.xpi [2015-05-26]
FF Extension: Adblock Plus - C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-01-24]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (Adblock Plus) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-12-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-04-14]
CHR Extension: (AdBlock Plus for Chrome) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcobmjifdimfbihnbnafhcpmifgmjlka [2014-12-04]
CHR Extension: (Auto links anonymizer) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\mofimafbaiccolppkjfokkghdemleaed [2015-05-23]
CHR Extension: (Google Wallet) - C:\Users\Isaac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [mofimafbaiccolppkjfokkghdemleaed] - https://clients2.google.com/service/update2/crx

Opera:
=======
OPR Extension: (Violent monkey) - C:\Users\Isaac\AppData\Roaming\Opera Software\Opera Stable\Extensions\niofholngoecgnpgamgbiiijcjlllpge [2015-05-23]
StartMenuInternet: (HKLM) OperaStable - D:\Not Stolen Stuff\Applications\Launcher.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 Hamachi2Svc; D:\Not Stolen Stuff\Applications\Hamachi\hamachi-2.exe [2490216 2015-03-30] (LogMeIn Inc.)
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
R2 MBAMScheduler; D:\Not Stolen Stuff\Applications\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; D:\Not Stolen Stuff\Applications\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Stolen Stuff\Applications\Office14\GROOVE.EXE [30814400 2013-12-19] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2012-05-26] ()
R2 RalinkRegistryWriter64; C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [447488 2011-11-14] (Ralink Technology, Corp.) [File not signed]
S3 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [625728 2011-08-18] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WMIconfigPerformance; C:\Windows\SysWOW64\drivers\UMDF\profileconfig2.exe [560128 2015-06-02] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310728 2011-07-25] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] () [File not signed]
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1587968 2010-08-11] (Creative Technology Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2011-07-25] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-26] ()
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-03 22:33 - 2015-06-03 22:33 - 00000000 _____ C:\Users\Isaac\defogger_reenable
2015-06-03 22:21 - 2015-06-03 22:21 - 00002962 _____ C:\Windows\System32\Tasks\AlaMaintenance
2015-06-03 21:48 - 2015-06-04 00:57 - 00000000 ____D C:\FRST
2015-06-03 21:20 - 2015-06-03 22:20 - 00000093 _____ C:\Windows\SysWOW64\Drivers\WMIconfigPerformance.ini
2015-06-03 21:19 - 2015-06-03 22:25 - 00000093 _____ C:\Windows\SysWOW64\Drivers\AlaPerformance.ini
2015-06-03 20:44 - 2015-06-03 20:44 - 00000000 ____D C:\Program Files (x86)\mtg
2015-06-03 19:38 - 2015-05-23 03:15 - 00989696 _____ C:\Windows\SysWOW64\Drivers\msconfigvm.exe
2015-06-03 19:32 - 2015-06-03 19:34 - 00000000 ____D C:\AdwCleaner
2015-06-03 19:28 - 2015-06-03 19:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-06-03 18:54 - 2015-06-03 21:13 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-03 15:51 - 2015-06-03 15:51 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-06-03 15:45 - 2015-06-03 15:51 - 00025425 _____ C:\Windows\IE11_main.log
2015-06-03 15:37 - 2015-06-03 22:18 - 00000840 _____ C:\Windows\setupact.log
2015-06-03 15:37 - 2015-06-03 21:16 - 00003036 _____ C:\Windows\PFRO.log
2015-06-03 15:37 - 2015-06-03 15:37 - 00000000 _____ C:\Windows\setuperr.log
2015-06-02 21:51 - 2015-06-02 21:51 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Trine1
2015-06-02 16:40 - 2015-06-02 16:40 - 00000000 ____D C:\ProgramData\abc
2015-06-02 16:40 - 2009-06-10 17:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-02 16:34 - 2015-06-02 16:41 - 00004253 _____ C:\Windows\SysWOW64\debug.log
2015-06-02 16:34 - 2015-06-02 16:34 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\inminet
2015-06-02 16:33 - 2015-06-02 16:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 16:01 - 2015-06-02 16:01 - 00002968 _____ C:\Windows\System32\Tasks\procedure quality service
2015-06-01 13:54 - 2015-06-03 22:21 - 00002960 _____ C:\Windows\System32\Tasks\Media_System_Platform
2015-05-30 14:05 - 2015-05-23 03:15 - 00989696 _____ C:\Windows\SysWOW64\Drivers\nvacyu3258b.exe
2015-05-30 14:05 - 2015-05-23 03:15 - 00989696 _____ C:\Windows\SysWOW64\Drivers\kvn398nryw.exe
2015-05-26 12:47 - 2015-05-26 12:47 - 00002824 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-05-26 12:47 - 2015-05-26 12:47 - 00002824 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-05-26 12:47 - 2015-05-26 12:47 - 00000064 _____ C:\Users\Isaac\AppData\Local\e7dbd96c79ed5c1f9908192403c1f6e6
2015-05-26 12:47 - 2015-04-30 10:50 - 00429392 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-05-26 12:47 - 2015-04-30 10:50 - 00347976 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-05-26 12:46 - 2015-05-26 12:46 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Itibiti
2015-05-26 12:45 - 2015-05-26 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Itibiti VoIP Phone
2015-05-26 12:38 - 2015-05-26 14:39 - 00001022 _____ C:\Windows\Tasks\GSZampIcvrCwn4V2QiQX5YT01.job
2015-05-26 12:38 - 2015-05-26 14:39 - 00000988 _____ C:\Windows\Tasks\J3MgJqix.job
2015-05-25 23:32 - 2015-05-25 23:32 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Trine2
2015-05-24 16:08 - 2015-05-24 16:19 - 00000000 ____D C:\ProgramData\HitmanPro
2015-05-24 15:33 - 2015-05-26 12:36 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-24 15:31 - 2015-06-03 22:20 - 00000302 _____ C:\Windows\SysWOW64\Drivers\adip58209xxc.sys
2015-05-24 15:31 - 2015-05-24 15:31 - 00002966 _____ C:\Windows\System32\Tasks\propagation utility manager
2015-05-23 19:22 - 2015-05-23 19:22 - 00001531 _____ C:\Users\Isaac\Desktop\Receiver - Shortcut.lnk
2015-05-23 03:30 - 2015-05-23 03:30 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
2015-05-23 03:16 - 2015-06-03 22:21 - 00000029 _____ C:\Windows\SysWOW64\Drivers\nkbyrnkdaklsys462.sys
2015-05-23 03:16 - 2015-05-23 03:16 - 00490072 _____ (Alexander Roshal) C:\Windows\SysWOW64\Drivers\ndsvmaheklaiea32r3.sys
2015-05-23 03:16 - 2015-05-23 03:16 - 00436260 _____ C:\Windows\SysWOW64\Drivers\rdtvdaslgmmsb32.sys
2015-05-23 03:16 - 2015-05-23 03:15 - 00989696 _____ C:\Windows\SysWOW64\Drivers\sysdriver32l.exe
2015-05-23 03:15 - 2015-05-23 03:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.0
2015-05-13 03:00 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 03:00 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-12 14:47 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-12 14:47 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-12 14:47 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-12 14:47 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-12 14:46 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-12 14:46 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-12 14:46 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-12 14:46 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-12 14:46 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-12 14:46 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-12 14:46 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-12 14:46 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-12 14:46 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-12 14:46 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-12 14:46 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-12 14:46 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-12 14:46 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-12 14:46 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-12 14:46 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-12 14:46 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-12 14:46 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-12 14:46 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-12 14:46 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-12 14:46 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-12 14:46 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-12 14:46 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-12 14:46 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-12 14:46 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-12 14:46 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-12 14:46 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-12 14:46 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-12 14:46 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-12 14:46 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-12 14:46 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-12 14:46 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-12 14:46 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-12 14:46 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-12 14:46 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-12 14:46 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-12 14:46 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-12 14:46 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-12 14:46 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-12 14:46 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-12 14:46 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-12 14:46 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-12 14:46 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-12 14:46 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-12 14:46 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-12 14:46 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-12 14:45 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-12 14:45 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-12 14:45 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-12 14:45 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-12 14:45 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-12 14:45 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-12 14:45 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-12 14:45 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-12 14:45 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-12 14:45 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 14:45 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-12 14:45 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-12 14:45 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-12 14:45 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-10 18:53 - 2015-05-10 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-04 00:41 - 2013-01-23 00:28 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 00:41 - 2013-01-23 00:28 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 00:21 - 2011-06-16 16:10 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-568655885-1843829967-3930062762-1000UA.job
2015-06-04 00:14 - 2012-06-25 20:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-03 22:33 - 2011-06-16 03:56 - 00000000 ____D C:\Users\Isaac
2015-06-03 22:27 - 2009-07-14 00:45 - 00020784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-03 22:27 - 2009-07-14 00:45 - 00020784 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-03 22:22 - 2011-06-16 03:56 - 01628478 _____ C:\Windows\WindowsUpdate.log
2015-06-03 22:21 - 2012-11-15 03:20 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Dropbox
2015-06-03 22:20 - 2014-11-07 01:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-03 22:20 - 2014-08-16 00:06 - 00000000 ____D C:\Users\Isaac\AppData\Local\LogMeIn Hamachi
2015-06-03 22:18 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-03 22:17 - 2011-06-16 16:11 - 00000000 ____D C:\Program Files (x86)\Everything
2015-06-03 20:41 - 2009-07-14 01:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-03 20:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Vss
2015-06-03 18:55 - 2014-11-02 02:11 - 00000000 ____D C:\Users\HomeGroupUser$
2015-06-03 18:55 - 2014-11-02 02:11 - 00000000 ____D C:\Users\Guest
2015-06-03 18:55 - 2014-11-02 02:11 - 00000000 ____D C:\Users\Administrator
2015-06-03 17:12 - 2013-04-27 20:57 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Media Player Classic
2015-06-03 15:37 - 2011-06-16 07:44 - 00000000 ____D C:\Windows\Panther
2015-06-03 15:36 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-03 13:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Web
2015-06-03 02:21 - 2011-06-16 16:10 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-568655885-1843829967-3930062762-1000Core.job
2015-06-02 16:56 - 2015-04-14 13:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-02 16:56 - 2012-11-18 18:23 - 00000000 ____D C:\Windows\PCHEALTH
2015-06-01 01:50 - 2012-08-12 20:40 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\tixati
2015-05-31 20:32 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-26 14:38 - 2013-04-21 21:30 - 00000000 ____D C:\Program Files (x86)\epson
2015-05-26 14:30 - 2013-02-13 04:19 - 00000404 _____ C:\lxcz.log
2015-05-26 14:27 - 2012-11-14 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-05-26 14:26 - 2011-07-18 19:52 - 00000000 ____D C:\Program Files (x86)\E.M. DVD Copy
2015-05-26 12:48 - 2009-07-13 22:34 - 00000580 _____ C:\Windows\win.ini
2015-05-26 12:38 - 2014-05-16 16:59 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-05-25 13:04 - 2011-06-16 19:28 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2015-05-24 15:54 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Help
2015-05-24 15:40 - 2014-11-07 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 19:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-05-23 03:15 - 2012-06-24 19:10 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-05-20 14:58 - 2015-04-30 22:23 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1430447001
2015-05-17 21:51 - 2014-01-20 21:57 - 00000056 _____ C:\Windows\kgt2k.INI
2015-05-17 21:13 - 2014-08-12 02:21 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Nidhogg
2015-05-15 02:16 - 2012-12-07 02:12 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\vlc
2015-05-14 21:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-05-14 15:51 - 2013-05-10 16:18 - 00000000 ____D C:\Users\Isaac\Documents\Outlook Files
2015-05-14 14:34 - 2013-03-13 03:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-05-14 14:33 - 2013-03-13 03:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-05-14 03:10 - 2012-05-12 22:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-05-14 03:10 - 2011-06-16 16:26 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-14 03:10 - 2011-06-16 16:26 - 00001945 _____ C:\Windows\epplauncher.mif
2015-05-14 03:10 - 2011-06-16 16:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-05-14 03:09 - 2013-07-30 03:03 - 00000000 ____D C:\Windows\system32\MRT
2015-05-14 03:02 - 2012-11-18 18:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-05-14 03:02 - 2011-06-17 03:19 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-14 03:01 - 2013-03-13 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 15:49 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2015-05-13 12:18 - 2009-07-14 01:13 - 00786622 _____ C:\Windows\system32\PerfStringBackup.INI
2015-05-13 12:12 - 2009-07-14 00:45 - 00440704 _____ C:\Windows\system32\FNTCACHE.DAT
2015-05-13 04:24 - 2009-07-14 03:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-05-13 04:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-05-13 01:12 - 2014-05-16 16:59 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-12 19:37 - 2013-07-20 00:28 - 00001390 _____ C:\Users\Isaac\Documents\AutoHotkey.ahk
2015-05-12 04:35 - 2012-11-15 03:21 - 00001018 _____ C:\Users\Isaac\Desktop\Dropbox.lnk
2015-05-12 04:35 - 2012-11-15 03:20 - 00000000 ____D C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== Files in the root of some directories =======

2015-05-26 12:47 - 2015-05-26 12:47 - 0000064 _____ () C:\Users\Isaac\AppData\Local\e7dbd96c79ed5c1f9908192403c1f6e6
2011-07-29 11:10 - 2014-08-02 17:44 - 0007596 _____ () C:\Users\Isaac\AppData\Local\Resmon.ResmonCfg
2014-06-21 19:06 - 2014-06-21 19:06 - 0000000 _____ () C:\Users\Isaac\AppData\Local\{139BC203-A9D0-422F-80B3-9D6B74E2DD5B}
2012-05-17 20:03 - 2010-06-23 14:54 - 0003077 _____ () C:\ProgramData\cfSB1290.ini

Some files in TEMP:
====================
C:\Users\Isaac\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpknlfki.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-06-03 12:27

==================== End of log ============================

 

 

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Isaac at 2015-06-04 00:57:49
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-568655885-1843829967-3930062762-500 - Administrator - Disabled)
Guest (S-1-5-21-568655885-1843829967-3930062762-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-568655885-1843829967-3930062762-1003 - Limited - Enabled)
Isaac (S-1-5-21-568655885-1843829967-3930062762-1000 - Administrator - Enabled) => C:\Users\Isaac

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Web Companion (x32 Version: 1.1.987.2028 - Lavasoft) Hidden
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - BestGameEver)
Auto links addon (HKLM-x32\...\Auto links anonymizer) (Version: 2.3.3.0 - MTG Apps)
AutoHotkey 1.1.11.01 (HKLM\...\AutoHotkey) (Version: 1.1.11.01 - Lexikos)
Batman: Arkham City™ (HKLM-x32\...\Steam App 57400) (Version:  - Rocksteady)
Battlefield: Bad Company 2 (HKLM-x32\...\Steam App 24960) (Version:  - DICE)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.118.0 - EA Digital Illusions CE AB)
BOSS (HKLM-x32\...\BOSS) (Version: 2.0.0 - BOSS Development Team)
Carmageddon Mod version 3.0.1.0 (HKLM-x32\...\{2B6535BA-2D3C-42DD-A40F-8C8299377F1D}_is1) (Version: 3.0.1.0 - GiphtWorks)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
ComicRack v0.9.143 (HKLM\...\ComicRack) (Version: v0.9.143 - cYo Soft)
CPUID CPU-Z 1.57.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.17 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative ALchemy Universal (HKLM-x32\...\ALchemy) (Version:  - )
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Dead Space (HKLM-x32\...\Steam App 17470) (Version:  - EA Redwood Shores)
Driver Sweeper version 3.2.0 (HKLM-x32\...\{5A67D2EA-FB70-4033-A6F3-606AD85B2015}_is1) (Version: 3.2.0 - Phyxion.net)
Dropbox (HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\Dropbox) (Version: 3.4.6 - Dropbox, Inc.)
Dustforce (HKLM-x32\...\Steam App 65300) (Version:  - )
EaseUS Partition Master 9.3.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version:  - )
EVGA OC Scanner X 3.6.1.2 (64-bit) (HKLM\...\{CC520CF6-B02E-49AA-8192-C1DDC159E0AA}}_is1) (Version:  - EVGA)
Far Cry 2 (HKLM-x32\...\Steam App 19900) (Version:  - Ubisoft)
FileRestore Professional (HKLM-x32\...\FileRestore Professional) (Version: 4.2.1 - PC Recovery)
FileRestore Professional (x32 Version: 4.2.1 - PC Recovery) Hidden
Folder Size 2.9.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 2.9.0.0 - MindGems, Inc.)
foobar2000 v1.1.7 (HKLM-x32\...\foobar2000) (Version: 1.1.7 - Peter Pawlowski)
Foxit Reader (HKLM-x32\...\{FE1EFF18-814A-42CE-8470-EC97EDDAF8FF}) (Version: 5.4.3.920 - Foxit Corporation)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Full Combat Rebalance 2 version 1.0 (HKLM-x32\...\Full Combat Rebalance 2_is1) (Version: 1.0 - Andrzej Kwiatkowski)
GOG.com Downloader version 3.0.40 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.0.40 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{95763F66-297E-30CE-9728-6D0F20BF97F5}) (Version: 5.38.5.0 - Google)
Hammerfight (HKLM-x32\...\Steam App 41100) (Version:  - KranX Productions)
HandBrake 0.9.5 (HKLM-x32\...\HandBrake) (Version: 0.9.5 - )
Hotline Miami (HKLM-x32\...\Steam App 219150) (Version:  - )
Igneous (HKLM-x32\...\Igneous_is1) (Version:  - DigiPen (USA) Corp.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Java™ SE Development Kit 6 Update 26 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160260}) (Version: 1.6.0.260 - Oracle)
JC2-MP version 0.0.11 (HKLM-x32\...\{7F12FECB-1D75-42D7-9074-D6FEA6D91E65}_is1) (Version: 0.0.11 - )
Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)
KCP-0.5.2.1 (HKLM-x32\...\Kawaii Codec Pack_is1) (Version: 0.5.2.1 - Haruhichan.com)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
LavasoftTcpService (x32 Version: 2.3.4.2 - Lavasoft) Hidden
LIMBO (HKLM-x32\...\Steam App 48000) (Version:  - Playdead)
Link Shell Extension (HKLM\...\HardlinkShellExt) (Version: 3.7.1.9 - Hermann Schinagl)
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.328 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.328 - LogMeIn, Inc.) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Metal Gear Solid (HKLM-x32\...\Metal Gear Solid) (Version:  - )
METAL SLUG 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
METAL SLUG X (HKLM-x32\...\Steam App 312610) (Version:  - DotEmu)
MetalGearSolid2 Substance (HKLM-x32\...\{2184D9EA-4E5B-43FD-914E-4563CF028C94}) (Version: 1.00.000 - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Partnernet) (HKLM-x32\...\{57672BEC-E777-4D4B-944A-719414E84D3F}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version:  - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Midori 0.5.8 (HKLM-x32\...\Midori) (Version: 0.5.8 - Christian Dywan)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
MPC-HC 1.6.8 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.6.8.7417 - MPC-HC Team)
MPC-HC 1.7.0.7855 (1b4094b) Beta (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.0.7855 - MPC-HC Team)
MSI Afterburner 2.1.0 (HKLM-x32\...\Afterburner) (Version: 2.1.0 - MSI Co., LTD)
NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.07 - NCH Software)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.18.7 - Black Tree Gaming)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Nidhogg v1.004 (HKLM-x32\...\TmlkaG9nZ3YxMDA0_is1) (Version: 1 - )
Nitronic Rush (2012-06-19) version 20120619.0 (HKLM-x32\...\{9B55759D-424F-4CB1-B84E-AAE83CC1D20A}_is1) (Version: 20120619.0 - DigiPen)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OCCT 4.2.0 (HKLM-x32\...\OCCT) (Version: 4.2.0 - Ocbase.com)
OCCT Perestroika 3.1.0 (HKLM-x32\...\OCCT_is1) (Version:  - Tetedeiench)
One Finger Death Punch (HKLM-x32\...\Steam App 264200) (Version:  - Silver Dollar Games)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
Prince of Persia The Sands of Time (HKLM-x32\...\{8C453F13-6877-4D34-8816-009ABDE306DB}) (Version: 1.00.181 - )
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Project 64 version 2.2.0.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.2.0.3 - )
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PuTTY version 0.60 (HKLM-x32\...\PuTTY_is1) (Version: 0.60 - Simon Tatham)
Puzzle Agent (HKLM-x32\...\Steam App 31270) (Version:  - Telltale Games)
Python 2.5 (HKLM-x32\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
QTTabBar 1.5.0.0 Beta 2 (HKLM-x32\...\{7EDF4F60-E41A-4D55-8400-A633443C0065}) (Version: 1.5.260 - Quizo and Paul Accisano)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.16.0 - Ralink)
Recuva (HKLM\...\Recuva) (Version: 1.45 - Piriform)
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version:  - Capcom)
Resident Evil 5 / Biohazard 5 (HKLM-x32\...\Steam App 21690) (Version:  - Capcom)
Rubber Ninjas Demo 1.05 (HKLM-x32\...\{5EECEB40-3EE2-4762-872D-264346A26B84}_is1) (Version:  - Rag Doll Software)
S.T.A.L.K.E.R.: Lost Alpha version 1.3.0013 (HKLM-x32\...\S.T.A.L.K.E.R.: Lost Alpha_is1) (Version: 1.3.0013 - dezowave)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
SDFormatter (HKLM-x32\...\{5A347920-4AFC-11D5-9FB0-800649886934}) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shantae: Risky's Revenge - Director's Cut (HKLM-x32\...\Steam App 277890) (Version:  - WayForward)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Snes9K version 0.09z2 (HKLM-x32\...\{1921CA4A-4563-4E65-8406-F2BC9583C119}_is1) (Version: 0.09z2 - Snes9K)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spelunky HD 1.0 (HKLM-x32\...\Spelunky HD 1.0) (Version: 1.0 - Cat-A-Cat)
Stalker Complete 2009 (HKLM-x32\...\{Stalker Complete 2009 v1.4.4}}_is1) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
StuffIt Standard (HKLM-x32\...\InstallShield_{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}) (Version: 9.0.0.21 - Allume Systems, Inc.)
StuffIt Standard (x32 Version: 9.0.0.21 - Allume Systems, Inc.) Hidden
Super Hexagon (HKLM-x32\...\Steam App 221640) (Version:  - )
Super Meat Boy (HKLM-x32\...\Steam App 40800) (Version:  - )
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
System Requirements Lab CYRI (HKLM-x32\...\{1F77C418-2C90-459C-BD33-B56A4182B9FA}) (Version: 4.4.26.0 - Husdawg, LLC)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - )
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Witcher 2 - Assassins of Kings Enhanced Edition (HKLM-x32\...\The Witcher 2 - Assassins of Kings Enhanced Edition_is1) (Version:  - GOG.com)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
The Zoo Race 1.7 (HKLM-x32\...\THE ZOO RACE_is1) (Version:  - Cougar Interactive)
TikiOne Steam Cleaner (HKLM-x32\...\TikiOneSteamCleaner) (Version:  - Jonathan Lermitage)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Trine (HKLM-x32\...\Steam App 35700) (Version:  - Frozenbyte)
Trine 2 (HKLM-x32\...\Steam App 35720) (Version:  - Frozenbyte)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)
Unigine Heaven DX11 Benchmark 2.5 version 2.5 (HKLM-x32\...\Unigine Heaven DX11 Benchmark 2.5_is1) (Version: 2.5 - )
Unity Web Player (HKU\S-1-5-21-568655885-1843829967-3930062762-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
wxPython 2.8.0.1 (ansi) for Python 2.5 (HKLM-x32\...\wxPython2.8-ansi-py25_is1) (Version: 2.8.0.1-ansi - Total Control Software)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
Yodot Zip Repair (HKLM-x32\...\{2A08164E-8A35-4143-8269-07840A7966BD}_is1) (Version: 1.0.0.11 - Yodot Software)
Zeno Clash (HKLM-x32\...\Steam App 22200) (Version:  - ACE Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\inminet\sencolny.dll () <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-568655885-1843829967-3930062762-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C10EB2B-2412-4F80-ACBD-B4721A82BF67} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {109F4DF1-F8FA-4A8B-9583-2B16E04F04D6} - System32\Tasks\propagation utility manager => C:\Windows\SysWOW64\drivers\syscomplus80.exe
Task: {15E23A93-A018-49D7-969E-2F2032570FF0} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2011-06-19] (Microsoft Corporation)
Task: {15F55A21-5919-430D-BC76-1073FF626CDF} - System32\Tasks\Media_System_Platform => C:\Windows\SysWOW64\drivers\KVN398~1.EXE [2015-05-23] ()
Task: {16B5C6F1-D168-46A1-8300-BF5265C99AFE} - System32\Tasks\{3AB035CA-11D5-4409-8F51-8E8FE19FFC91} => pcalua.exe -a "D:\Not Stolen Stuff\Games\SkiStunt\Uninstall.EXE" -d "D:\Not Stolen Stuff\Games\SkiStunt" -c /u:"Ski Stunt Simulator"
Task: {2551862E-C829-4D31-A917-BF2DF8071617} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {37C58498-CF4A-4868-B162-496D0E36E691} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {48F4C6E5-5E84-4041-8D4C-DE2EF7CC08EC} - System32\Tasks\procedure quality service => C:\Program Files (x86)\Common Files\microsoft shared\DW\syseventman32.exe [2015-06-02] ()
Task: {8863827E-C8BC-46C6-B5F3-DCC18DD2012E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-568655885-1843829967-3930062762-1000Core => C:\Users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {A65BBE4E-C135-4644-9899-EBF6293A5FEC} - System32\Tasks\Opera scheduled Autoupdate 1430447001 => D:\Not Stolen Stuff\Applications\launcher.exe [2015-05-18] (Opera Software)
Task: {A8F014BE-E6A7-4AB0-A041-C00CC89C286B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {AD1B7B84-5B95-4D2E-A78E-338925AD9289} - System32\Tasks\{7BFF6BC8-0D73-48C3-9641-6840239DB2A0} => pcalua.exe -a "C:\Program Files\wjplay\2014121\Unins.exe"
Task: {AEF0E8D7-45E7-41E5-BCCA-E75B61E308BD} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2011-02-15] ()
Task: {BA6A6754-9740-45B9-83D2-A925DF213F75} - System32\Tasks\AlaMaintenance => C:\Windows\SysWOW64\drivers\NVACYU~1.EXE [2015-05-23] ()
Task: {C83E6ACF-0675-4D6A-B845-68207BB09B68} - System32\Tasks\CCleanerSkipUAC => D:\Not Stolen Stuff\Applications\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {DB441387-8C88-44C9-9C9C-887A5835C2BB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-568655885-1843829967-3930062762-1000UA => C:\Users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {EC5C239D-9B77-4DA0-B38D-C2F27169BFE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-568655885-1843829967-3930062762-1000Core.job => C:\Users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-568655885-1843829967-3930062762-1000UA.job => C:\Users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GSZampIcvrCwn4V2QiQX5YT01.job => C:\Users\Isaac\AppData\Roaming\GSZampIcvrCwn4V2QiQX5YT01.exe <==== ATTENTION
Task: C:\Windows\Tasks\J3MgJqix.job => C:\Users\Isaac\AppData\Roaming\J3MgJqix.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2013-01-24 18:13 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2015-03-07 21:59 - 2015-02-05 15:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-15 07:20 - 2011-02-15 07:20 - 00364544 _____ () C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2004-09-30 14:15 - 2004-09-30 14:15 - 00192000 _____ () C:\Program Files\LinkShellExtension\RockallDLL.dll
2011-04-23 00:54 - 2011-04-23 00:54 - 00083968 _____ () D:\Not Stolen Stuff\Applications\QTHookLib64.dll
2015-05-21 14:46 - 2015-05-21 14:46 - 00169984 _____ () C:\Users\Isaac\AppData\Roaming\inminet\sencolny.dll
2011-06-16 16:11 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-18 21:32 - 2012-05-26 02:01 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-05-17 20:03 - 2009-12-29 16:52 - 00089088 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2012-05-17 20:03 - 2010-07-22 16:46 - 00237056 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2009-03-12 21:18 - 2009-03-12 21:18 - 00602624 _____ () C:\Program Files (x86)\Everything\Everything.exe
2013-07-20 00:28 - 2013-06-25 04:52 - 01301504 _____ () D:\Not Stolen Stuff\Applications\AutoHotkey\AutoHotkey.exe
2011-02-15 07:20 - 2011-02-15 07:20 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
2011-02-15 07:19 - 2011-02-15 07:19 - 00061440 _____ () C:\Program Files (x86)\MSI Afterburner\RTFC.dll
2011-02-15 07:19 - 2011-02-15 07:19 - 00229376 _____ () C:\Program Files (x86)\MSI Afterburner\RTCore.dll
2011-02-15 07:19 - 2011-02-15 07:19 - 00147456 _____ () C:\Program Files (x86)\MSI Afterburner\RTUI.dll
2011-02-15 07:20 - 2011-02-15 07:20 - 00278528 _____ () C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
2010-07-27 00:37 - 2010-07-27 00:37 - 00013312 _____ () C:\Program Files (x86)\MSI Afterburner\RTTSH.dll
2013-03-12 17:10 - 2015-04-16 13:40 - 00776192 _____ () D:\Not Stolen Stuff\Steam\SDL2.dll
2015-01-20 13:29 - 2015-04-22 22:16 - 04962816 _____ () D:\Not Stolen Stuff\Steam\v8.dll
2015-01-20 13:29 - 2015-04-22 22:16 - 01556992 _____ () D:\Not Stolen Stuff\Steam\icui18n.dll
2015-01-20 13:29 - 2015-04-22 22:16 - 01187840 _____ () D:\Not Stolen Stuff\Steam\icuuc.dll
2014-05-21 16:48 - 2015-06-01 23:29 - 02407104 _____ () D:\Not Stolen Stuff\Steam\video.dll
2014-08-28 20:09 - 2014-12-01 17:31 - 02396672 _____ () D:\Not Stolen Stuff\Steam\libavcodec-56.dll
2014-08-28 20:09 - 2014-12-01 17:31 - 00442880 _____ () D:\Not Stolen Stuff\Steam\libavutil-54.dll
2014-08-28 20:09 - 2014-12-01 17:31 - 00479744 _____ () D:\Not Stolen Stuff\Steam\libavformat-56.dll
2014-08-28 20:09 - 2014-12-01 17:31 - 00332800 _____ () D:\Not Stolen Stuff\Steam\libavresample-2.dll
2014-08-28 20:09 - 2014-12-01 17:31 - 00485888 _____ () D:\Not Stolen Stuff\Steam\libswscale-3.dll
2011-07-13 19:00 - 2015-06-01 23:28 - 00703168 _____ () D:\Not Stolen Stuff\Steam\bin\chromehtml.DLL
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () D:\Stolen Stuff\Applications\Office14\1033\GrooveIntlResource.dll
2015-06-03 22:20 - 2015-06-03 22:20 - 00043008 _____ () c:\users\isaac\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpknlfki.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00750080 _____ () C:\Users\Isaac\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00047616 _____ () C:\Users\Isaac\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00865280 _____ () C:\Users\Isaac\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 17:45 - 2015-03-04 17:45 - 00200704 _____ () C:\Users\Isaac\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-06-17 18:10 - 2014-06-17 18:10 - 00436576 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-06-17 18:10 - 2014-06-17 18:10 - 00318304 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2011-06-16 19:39 - 2015-05-11 15:01 - 36302728 _____ () D:\Not Stolen Stuff\Steam\bin\libcef.dll
2015-05-21 14:45 - 2015-05-21 14:45 - 00141824 _____ () C:\Users\Isaac\AppData\Roaming\inminet\forvercu.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52973020.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\65804480.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96782877.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52973020.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\65804480.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96782877.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-568655885-1843829967-3930062762-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Isaac\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 71.252.0.12

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk => C:\Windows\pss\Ralink Wireless Utility.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Isaac^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: EaseUS EPM tray => D:\Not Stolen Stuff\Applications\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
MSCONFIG\startupreg: QuickTime Task => "D:\Not Stolen Stuff\Applications\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{34AE1F4D-3788-482B-8010-4A0C39F79E05}] => (Allow) D:\Not Stolen Stuff\Steam\Steam.exe
FirewallRules: [{B915CE32-EC72-4989-A485-9D81FA48241A}] => (Allow) D:\Not Stolen Stuff\Steam\Steam.exe
FirewallRules: [{A8D39824-ACD6-418C-B099-5D32909E3FFF}] => (Allow) C:\Windows\System32\lxczcoms.exe
FirewallRules: [{AF88C9D1-851C-471D-9A3F-1F2354DB527D}] => (Allow) C:\Windows\System32\lxczcoms.exe
FirewallRules: [{B7A70934-9C61-49B4-9E21-19F5ABCED4A8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxczpswx.exe
FirewallRules: [{98081C1B-F4B6-4F35-90E0-722ABF836ED8}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxczpswx.exe
FirewallRules: [TCP Query User{FC87B3F4-D4A1-4C7F-8CE6-7B7A1748E5A4}D:\not stolen stuff\applications\comics\comicrack\comicrack.exe] => (Allow) D:\not stolen stuff\applications\comics\comicrack\comicrack.exe
FirewallRules: [UDP Query User{2DA20E99-A690-4CD0-8DBE-F64828C242D2}D:\not stolen stuff\applications\comics\comicrack\comicrack.exe] => (Allow) D:\not stolen stuff\applications\comics\comicrack\comicrack.exe
FirewallRules: [{9B5C53CA-DDD3-4CE6-8CBC-A17F24106B10}] => (Allow) C:\Users\Isaac\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{6C778E38-E224-4249-B3DD-F352B0E019AA}] => (Allow) C:\Users\Isaac\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{257BEA9B-1EE1-4F37-9DE5-34A34BC93E80}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe
FirewallRules: [{5E0C53C4-924A-43B3-BA05-348F7F710E0F}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe
FirewallRules: [{113D9992-E51E-4324-AB9E-D96FF51A724F}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{57B7BD07-4D7C-4F8C-8171-FD1BD0C4D49D}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\battlefield bad company 2\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{E1CDCFB6-67C8-42E2-AD11-4EBD8FE16E7B}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\far cry 2\bin\FarCry2.exe
FirewallRules: [{14D5EA40-24F2-4B65-AF14-F5115D7327B0}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\far cry 2\bin\FarCry2.exe
FirewallRules: [{212CC311-F9CC-4737-B2C4-68CB2650561F}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\far cry 2\bin\FC2Editor.exe
FirewallRules: [{5811C837-7767-4E7B-8B43-9F2671720B7D}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\far cry 2\bin\FC2Editor.exe
FirewallRules: [{8A7D4C9D-5204-4199-B15E-F4E52DFA21D6}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\far cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{DCA3AEA6-29D6-451A-834B-3192691267A1}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\far cry 2\bin\FC2BenchmarkTool.exe
FirewallRules: [{E6425A34-2252-4D4B-972A-244F8A0C0E58}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\far cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{38E8F536-25E4-409A-95F5-CE84563A8353}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\far cry 2\bin\FC2ServerLauncher.exe
FirewallRules: [{4BB5F611-19C1-4E88-ADD4-08514AC68AF6}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{E054E4F1-F681-4748-9C1C-38E5B43F05B7}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\audiosurf\engine\QuestViewer.exe
FirewallRules: [{33F93580-2BA6-4255-911C-2CA2CFC4C8B5}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\puzzle agent\Grickle101.exe
FirewallRules: [{90777A97-60C7-4A1E-95F8-3F942DAA2E45}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\puzzle agent\Grickle101.exe
FirewallRules: [{742137C7-4D42-4834-80E0-5F9372180022}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe
FirewallRules: [{8DC40526-7A62-4F5E-92F8-F1B8A5D3C5BF}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\batman2\Binaries\Win32\BatmanAC.exe
FirewallRules: [{2A7898EB-05A5-4257-921C-C2F9B6286CE5}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\batman2\RunLauncher.bat
FirewallRules: [{03AF2F48-2F5C-4E20-90F6-90C3C25F00A8}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\batman2\RunLauncher.bat
FirewallRules: [TCP Query User{1777B1D4-FC40-43F0-B9D3-A97C47261B07}D:\not stolen stuff\games\gog\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\not stolen stuff\games\gog\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{58F1E620-69B3-4395-839F-8AED19DE1749}D:\not stolen stuff\games\gog\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\not stolen stuff\games\gog\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{8486BCA9-C2FE-4597-8299-3554C086101D}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{30594FD9-02BE-4DFC-8A80-2E640249DFAD}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DA321306-F64B-4AFD-BC49-EEA52FB1F877}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{FB72505E-2D04-458D-9DF1-5A0E28BD30F7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D6FEE7F5-D6C9-4754-B601-11F5CDE98B24}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{F75233C4-3AD4-4C11-9F03-3321505652A3}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{FC235D62-1D45-40EB-806B-77367148E2F4}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\magicka pvp trailer\smp.exe
FirewallRules: [{E094FFA6-51B5-49D3-BB3D-2EFDAF291AB4}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\magicka pvp trailer\smp.exe
FirewallRules: [TCP Query User{9EB88756-83C0-42EC-9487-0C73E0886F65}D:\not stolen stuff\applications\torrent\tixati\tixati.exe] => (Allow) D:\not stolen stuff\applications\torrent\tixati\tixati.exe
FirewallRules: [UDP Query User{1E7C2EA2-8B4E-4C7D-B2F1-19A80AAAB89D}D:\not stolen stuff\applications\torrent\tixati\tixati.exe] => (Allow) D:\not stolen stuff\applications\torrent\tixati\tixati.exe
FirewallRules: [{CAC171B1-7F0F-478C-B806-7ADB28DC41DD}] => (Allow) C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{3FFEDA15-3292-4FE4-A0DF-FC6D3DC4C1D3}] => (Allow) C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5ECBF053-1C04-44D3-B8F2-559407A31119}] => (Allow) D:\Stolen Stuff\Applications\Office14\GROOVE.EXE
FirewallRules: [{379A43A2-0DA1-4CA3-B38D-4768BE80A3F3}] => (Allow) D:\Stolen Stuff\Applications\Office14\GROOVE.EXE
FirewallRules: [{CA7FA022-37E6-4BE1-A14F-8E9D621C10FD}] => (Allow) D:\Stolen Stuff\Applications\Office14\ONENOTE.EXE
FirewallRules: [{70C11D1F-E3C3-4853-9BFB-8BC35F9A8079}] => (Allow) D:\Stolen Stuff\Applications\Office14\ONENOTE.EXE
FirewallRules: [{F2223EDC-CC21-46EB-BBAE-5DB904CD34E4}] => (Allow) D:\Stolen Stuff\Applications\Office14\outlook.exe
FirewallRules: [{5F87AD5F-5358-4002-ACB7-7E3C9D5301DB}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Hammerfight\Hammerfight.exe
FirewallRules: [{11CDDC39-72C4-4EA6-A2D5-3306235CB7C1}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Hammerfight\Hammerfight.exe
FirewallRules: [{1186890E-B65B-428B-9AA2-BFFC8449F738}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{F2AB1F8F-E358-4010-99F6-F1D0454D46C9}D:\not stolen stuff\games\gog\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\not stolen stuff\games\gog\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [UDP Query User{E33717BD-95C5-477C-AAE9-CD13A4708A71}D:\not stolen stuff\games\gog\the witcher 2 enhanced edition\bin\witcher2.exe] => (Allow) D:\not stolen stuff\games\gog\the witcher 2 enhanced edition\bin\witcher2.exe
FirewallRules: [{5D63EA63-622D-465E-AE12-7C05251A5FBE}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{79F81D87-3773-441C-AEBB-E744A56A4E84}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Super Hexagon\superhexagon.exe
FirewallRules: [{4F95EFB7-0414-477F-8BF7-EB41C727E8C3}] => (Allow) C:\Users\Isaac\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{04712947-DC29-49A3-98E2-DB85314C46D5}] => (Allow) C:\Users\Isaac\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{AA679509-75A1-4C31-B089-A63A55BBF2A4}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{40591B7D-B525-4025-9898-7728D5330867}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{6E0A9F63-6C4E-4F88-B983-D95E15F10AD1}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\just cause 2\JustCause2.exe
FirewallRules: [{C9D9090B-5493-4953-BE58-41498EC795AB}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\just cause 2\JustCause2.exe
FirewallRules: [{8814F207-E3B1-4571-B074-F12FE84E13DA}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{0D478D86-DD5A-4989-B914-B593933B4D32}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dead Space\Dead Space.exe
FirewallRules: [{B12E68BB-4FFF-4BB9-9A50-E82F90289F09}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{3FEC786E-65BD-4EC8-8BED-0D4BD69C00A6}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dead Space\Support\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{8FD4169B-614E-407C-943B-1220333A830B}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{46B0D309-77A6-4B15-8405-4702B1E138C4}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\hotline_miami\HotlineMiami.exe
FirewallRules: [{0D829F7C-25A6-4071-BB88-EE3D422E09E4}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{BAD7F7A8-6F90-4E97-B10C-C3706132AC42}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\killingfloor\System\KillingFloor.exe
FirewallRules: [{3561E1FC-41B0-40C8-BB04-A65448E35BF1}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{26177936-5EF8-473E-8180-95A9C28526FD}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [TCP Query User{B447EB65-8492-473F-A88C-2C1875B93AEE}D:\not stolen stuff\steam\steam.exe] => (Allow) D:\not stolen stuff\steam\steam.exe
FirewallRules: [UDP Query User{8FA12594-55F5-444A-9160-C16BE8938F04}D:\not stolen stuff\steam\steam.exe] => (Allow) D:\not stolen stuff\steam\steam.exe
FirewallRules: [TCP Query User{174A070A-3948-43A8-88B9-4808E21C18CD}D:\not stolen stuff\applications\torrent\tixati\tixati.exe] => (Allow) D:\not stolen stuff\applications\torrent\tixati\tixati.exe
FirewallRules: [UDP Query User{B84D3483-F651-4E6A-B8C8-5B673C3D3CE1}D:\not stolen stuff\applications\torrent\tixati\tixati.exe] => (Allow) D:\not stolen stuff\applications\torrent\tixati\tixati.exe
FirewallRules: [{C4440B9B-2C12-44ED-80B4-32AD3A91EF33}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{1CB9A4C7-4273-4D91-A25D-E0AFF4D4FBE2}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe
FirewallRules: [{35BDF173-D881-482C-859E-AF207A3B8E23}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{3016A5DC-810F-46F3-BB55-1B4F1B95B5A9}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{BEDD46FE-5DE2-418B-91D3-3B8E93DC112C}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [{B42BA1F3-C622-47B8-9590-D8DFA3B6D0AF}] => (Allow) C:\Program Files (x86)\Ralink\Common\RaUI.exe
FirewallRules: [TCP Query User{2B5C20AA-99BD-459A-952F-71B797858F53}C:\users\isaac\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\isaac\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{3FEAA996-0979-42DD-8A2F-5B2793B58181}C:\users\isaac\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\isaac\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5F0568AF-F13C-4CBD-A88D-1E19326CC22A}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{094E9C6F-7E1D-43A7-97E8-D3E380531E05}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{65F5059B-8838-4672-82CC-57D1D0FB200D}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\dustforce\dustforce.exe
FirewallRules: [{F63902BB-2E37-41BA-93FA-88144D04D7F9}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\dustforce\dustforce.exe
FirewallRules: [{6A631512-FAD9-43B0-B496-FE24B5289D3C}] => (Allow) D:\Not Stolen Stuff\Steam\bin\steamwebhelper.exe
FirewallRules: [{84409AD8-10A7-4170-A50C-AB3A28C14A16}] => (Allow) D:\Not Stolen Stuff\Steam\bin\steamwebhelper.exe
FirewallRules: [{7F8428A2-A9DD-47E5-AC19-E8010AC7E893}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{A69BCE93-543F-4752-97CD-86D2DBC7338A}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{FAC7033E-AE1A-42AA-8477-0FC991231C6A}D:\not stolen stuff\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\not stolen stuff\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [UDP Query User{6B48F967-2B2D-4203-B5CE-FEFAEC1E53DE}D:\not stolen stuff\steam\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\not stolen stuff\steam\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{C56A2D5E-EC73-4B5F-A5B3-FDC4C35D50CF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2866BF9A-F908-41FC-8450-6C997A538621}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{D296A8CD-6BAC-43A2-8904-6156E8B2E05F}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{19CB0E59-4186-4E95-AB02-4A4D0F5F6F98}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{021A94D9-FF84-4439-B0DA-5617829A84A3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{830D4E81-7CDD-464A-9E9B-188531EBFE50}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{374D1E27-0858-4724-8C13-114A7838DAF8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{18D8811F-3169-4B5B-98AF-94E99E49218A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{04ADAAE7-3AB8-4FDB-B699-90FC895E4C91}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{075DDEA6-C13C-4FE1-BBDD-15225C5E4144}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{B481BD12-3109-4052-8BEE-AEC6D121E569}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{96FA6A98-DA57-4559-8664-37E786DAA325}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Metal Slug X\mslugx.exe
FirewallRules: [{00BDB1EF-C5F8-4156-8927-03444A029A7F}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Metal Slug X\mslugx.exe
FirewallRules: [{5892A355-A2EF-4AFC-A013-D1991A1319B3}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
FirewallRules: [{64981BD9-F3E7-4E6B-9F0E-A44EAC8AA460}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\RiskysRevenge\executable\RiskysRevenge.exe
FirewallRules: [{D5617C84-E0D3-4641-A2EF-09DC670E0346}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{FA5DC38D-51C5-4839-9D1F-ABB2DEED4EF6}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{DB7B0ACD-09DB-40E0-8DCD-CA3738D9A40B}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{55111625-0282-4E12-8B0F-4F365D918D49}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{4BCCAD03-9073-4420-BC5B-CB2EB95F2CA1}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Resident Evil 5\Launcher.exe
FirewallRules: [{84302234-6B03-43D6-8EF5-94E0025789EC}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Resident Evil 5\Launcher.exe
FirewallRules: [{463990EA-D2E3-4017-B010-10E04A9C8E91}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{7FAC3C07-A75E-4466-A13F-27F26FCB277F}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [TCP Query User{2E6BF695-DB95-45BB-9DC4-BC02601BD1E8}D:\stolen stuff\games\snes\zsnesw142\zsnesw.exe] => (Allow) D:\stolen stuff\games\snes\zsnesw142\zsnesw.exe
FirewallRules: [UDP Query User{8EE8DA79-9AE4-4189-B7E4-8DE6F047AF88}D:\stolen stuff\games\snes\zsnesw142\zsnesw.exe] => (Allow) D:\stolen stuff\games\snes\zsnesw142\zsnesw.exe
FirewallRules: [TCP Query User{70373FAC-B1C6-4968-8FF6-8BDB1002C151}D:\stolen stuff\games\snes\snes9k\snes9k.exe] => (Allow) D:\stolen stuff\games\snes\snes9k\snes9k.exe
FirewallRules: [UDP Query User{B7E771C3-E09C-44E8-B282-2C9B6BD1C952}D:\stolen stuff\games\snes\snes9k\snes9k.exe] => (Allow) D:\stolen stuff\games\snes\snes9k\snes9k.exe
FirewallRules: [{76DC10BA-914F-4E45-BA20-9620D2797CE1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{58A61BBC-1121-4706-8E1C-73A44C4AFA9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC71543F-AA4E-4466-B668-378C7592537F}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [{1F831C44-2C8E-4803-BFB3-A9685B876D6C}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Dark Souls II\Game\DarkSoulsII.exe
FirewallRules: [TCP Query User{E6B8AB26-B725-4EF2-B343-1556CA7D2809}D:\not stolen stuff\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) D:\not stolen stuff\steam\steamapps\common\resident evil 5\re5dx9.exe
FirewallRules: [UDP Query User{5DD2AF92-ACC9-4A5C-96F6-4BB14523AE2F}D:\not stolen stuff\steam\steamapps\common\resident evil 5\re5dx9.exe] => (Allow) D:\not stolen stuff\steam\steamapps\common\resident evil 5\re5dx9.exe
FirewallRules: [{E3DDE8A1-5A00-4CE6-850A-E0A42D446F52}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{F15246A9-4B3A-482F-B9D3-40BF568AFC60}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Limbo\limbo.exe
FirewallRules: [{78BE32D3-D933-4761-A38E-039CD6992826}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{CB1B1083-F9AA-48A6-83A5-101022DD778D}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [TCP Query User{BCE0B3E6-4666-479F-A549-CB3B7E7D69E6}D:\not stolen stuff\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) D:\not stolen stuff\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{177261C4-7DCF-4D77-8914-E44FED34C568}D:\not stolen stuff\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) D:\not stolen stuff\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{4B0A8739-B745-443E-8FA7-FDDA2C385B58}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{20510627-8CAB-4981-97B2-4757F77920B8}] => (Allow) D:\Not Stolen Stuff\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [TCP Query User{CFCED32D-BFC2-49AE-999A-B5D4CDF74CBA}D:\not stolen stuff\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) D:\not stolen stuff\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe
FirewallRules: [UDP Query User{52751A25-9E2F-4FDA-9548-802CDB2F1848}D:\not stolen stuff\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe] => (Allow) D:\not stolen stuff\steam\steamapps\common\trine\_enchanted_edition_\trine1_32bit.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service IE Search Set since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service LavasoftTcpService since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service SCP DS3 Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (06/03/2015 00:32:34 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Multiple requestedPrivileges elements are not allowed in manifest.

Error: (06/02/2015 09:58:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: trine1_32bit.exe, version: 0.0.0.0, time stamp: 0x553661ee
Faulting module name: trine1_32bit.exe, version: 0.0.0.0, time stamp: 0x553661ee
Exception code: 0xc0000005
Fault offset: 0x00471c93
Faulting process id: 0xc48
Faulting application start time: 0xtrine1_32bit.exe0
Faulting application path: trine1_32bit.exe1
Faulting module path: trine1_32bit.exe2
Report Id: trine1_32bit.exe3

Error: (06/02/2015 09:53:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: trine1_32bit.exe, version: 0.0.0.0, time stamp: 0x553661ee
Faulting module name: trine1_32bit.exe, version: 0.0.0.0, time stamp: 0x553661ee
Exception code: 0xc0000005
Fault offset: 0x00471c93
Faulting process id: 0x4884
Faulting application start time: 0xtrine1_32bit.exe0
Faulting application path: trine1_32bit.exe1
Faulting module path: trine1_32bit.exe2
Report Id: trine1_32bit.exe3

Error: (06/02/2015 09:51:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: trine1_32bit.exe, version: 0.0.0.0, time stamp: 0x553661ee
Faulting module name: trine1_32bit.exe, version: 0.0.0.0, time stamp: 0x553661ee
Exception code: 0xc0000005
Fault offset: 0x00471c93
Faulting process id: 0x3de0
Faulting application start time: 0xtrine1_32bit.exe0
Faulting application path: trine1_32bit.exe1
Faulting module path: trine1_32bit.exe2
Report Id: trine1_32bit.exe3

Error: (06/02/2015 04:55:10 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:


System errors:
=============
Error: (06/03/2015 11:11:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/03/2015 11:11:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/03/2015 11:11:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (06/03/2015 10:20:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WMIconfigPerformance service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/03/2015 10:19:25 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The AlaPerformance service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/03/2015 10:18:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WMIconfigPerformance service to connect.

Error: (06/03/2015 10:18:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The atksgt service failed to start due to the following error:
%%1275

Error: (06/03/2015 10:18:36 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Driver atksgt.sys has been blocked from loading.

Error: (06/03/2015 09:56:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The WMIconfigPerformance service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/03/2015 09:17:23 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office:
=========================
Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service IE Search Set since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service LavasoftTcpService since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdatem) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Google Update Service (gupdate) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/03/2015 03:33:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service SCP DS3 Service since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (06/03/2015 00:32:34 PM) (Source: SideBySide) (EventID: 75) (User: )
Description: c:\program files (x86)\Phyxion.net\driver sweeper\Backup\12-05-23-17-53-12\creative - sound\directories\creative859838771\audio device selection unicode\CTAudSeu.exec:\program files (x86)\Phyxion.net\driver sweeper\Backup\12-05-23-17-53-12\creative - sound\directories\creative859838771\audio device selection unicode\CTAudSeu.exe2

Error: (06/02/2015 09:58:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: trine1_32bit.exe0.0.0.0553661eetrine1_32bit.exe0.0.0.0553661eec000000500471c93c4801d09da098cc04eeD:\Not Stolen Stuff\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_32bit.exeD:\Not Stolen Stuff\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_32bit.exef61e2147-0993-11e5-8efc-6c626d3d0fe7

Error: (06/02/2015 09:53:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: trine1_32bit.exe0.0.0.0553661eetrine1_32bit.exe0.0.0.0553661eec000000500471c93488401d09d9fe5f055edD:\Not Stolen Stuff\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_32bit.exeD:\Not Stolen Stuff\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_32bit.exe431f0b41-0993-11e5-8efc-6c626d3d0fe7

Error: (06/02/2015 09:51:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: trine1_32bit.exe0.0.0.0553661eetrine1_32bit.exe0.0.0.0553661eec000000500471c933de001d09d9fc137ed18D:\Not Stolen Stuff\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_32bit.exeD:\Not Stolen Stuff\Steam\steamapps\common\Trine\_enchanted_edition_\trine1_32bit.exe1321f2af-0993-11e5-8efc-6c626d3d0fe7

Error: (06/02/2015 04:55:10 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:


==================== Memory info ===========================

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 33%
Total physical RAM: 8173.58 MB
Available physical RAM: 5408.79 MB
Total Pagefile: 16345.36 MB
Available Pagefile: 13312.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:63.25 GB) (Free:13.33 GB) NTFS
Drive d: () (Fixed) (Total:868.16 GB) (Free:19.53 GB) NTFS
Drive e: () (Fixed) (Total:465.75 GB) (Free:1.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 896D96BB)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4708224E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=63.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=868.2 GB) - (Type=07 NTFS)

==================== End of log ============================

 

 

I read through the other thread and some threads on similar sites, but once I kept getting to warnings like "Don't use this program, it was written specifically for this user, it will mess you up," I figured I might be in over my head.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gamadaya

gamadaya
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 04 June 2015 - 03:55 AM

I'm sorry, I made a mistake. The svchost is not located in the temp directory. It's actually in C:\\Windows\SysWOW64\drivers\.

 

Also, in case it's  helpful, the process NVACYU~1.exe seems to actaully be not random letters and something that runs every time on launch. I can kill the process and delete it's executable, and it doesn't come back until I reboot. In the description it says Sysmainpro.. Googling these only turns up stuff about malware, but very little. Clicking on the actual file after stopping the process restarts the process, along with something called er.exe. Literally just er.exe. Neither process seems to have any immediate effect on anything.


Edited by gamadaya, 04 June 2015 - 03:59 AM.


#3 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:15 AM

Posted 07 June 2015 - 09:36 AM

hi,

 

I will try to help you. Normally Iam only on this site once or twice per day. You may not get a reply back from me until the next day. First thing we can run FRST to remove some things, then run some adware specific tools.

 

Copy/paste whats below in the code box into notepad. Save it as fixlist.txt in the same location that you have FRST saved. Start FRST like you did before except this time click on the fixbutton once. Machine will reboot. Post the fixlog.txt it generates on your dekstop.

CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Isaac\AppData\Roaming\J3MgJqix.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: C:\Windows\Tasks\GSZampIcvrCwn4V2QiQX5YT01.job => 
C:\Users\Isaac\AppData\Roaming\GSZampIcvrCwn4V2QiQX5YT01.exe <==== ATTENTION
Task: C:\Windows\Tasks\J3MgJqix.job => C:\Users\Isaac\AppData\Roaming\J3MgJqix.exe <==== ATTENTION
EmptyTemp:

After runing FRST you can run adwcleaner:

 

Please download adwcleaner and save to your desktop.

    http://www.bleepingcomputer.com/download/adwcleaner/

    Right click AdwCleaner.exe and select "run as admin"
    Accept the disclaimer
    Click on the Scan button.
    Once the scan is done, Click the Clean button
    Press OK when asked to close all programs and follow the onscreen prompts.
    Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically
    Copy and paste the contents of that logfile in your next reply.
    A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 

 


How Can I Reduce My Risk to Malware?


#4 gamadaya

gamadaya
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 07 June 2015 - 02:59 PM

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2015
Ran by Isaac at 2015-06-07 15:46:43 Run:1
Running from D:\Downloads
Loaded Profiles: Isaac (Available Profiles: Isaac)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Isaac\AppData\Roaming\J3MgJqix.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Task: C:\Windows\Tasks\GSZampIcvrCwn4V2QiQX5YT01.job =>
C:\Users\Isaac\AppData\Roaming\GSZampIcvrCwn4V2QiQX5YT01.exe <==== ATTENTION
Task: C:\Windows\Tasks\J3MgJqix.job => C:\Users\Isaac\AppData\Roaming\J3MgJqix.exe <==== ATTENTION
EmptyTemp:
*****************

Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"C:\Users\Isaac\AppData\Roaming\J3MgJqix.exe" => File/Folder not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
Task: C:\Windows\Tasks\GSZampIcvrCwn4V2QiQX5YT01.job => not found.
"C:\Users\Isaac\AppData\Roaming\GSZampIcvrCwn4V2QiQX5YT01.exe <==== ATTENTION" => File/Folder not found.
C:\Windows\Tasks\J3MgJqix.job => moved successfully.
EmptyTemp: => 521.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 15:47:00 ====

 

 

AdwCleaner:

 

# AdwCleaner v4.206 - Logfile created 07/06/2015 at 15:53:43
# Updated 01/06/2015 by Xplode
# Database : 2015-06-05.1 [Server]
# Operating system : Windows 7 Enterprise Service Pack 1 (x64)
# Username : Isaac - AWESOME-O
# Running from : C:\Users\Isaac\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\5duqkeok.default-1432658565905\user.js

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17356


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v38.0.2125.111


-\\ Comodo Dragon v


-\\ Chrome Canary v


*************************

AdwCleaner[R3].txt - [1215 bytes] - [03/06/2015 19:32:31]
AdwCleaner[R4].txt - [1067 bytes] - [07/06/2015 15:52:39]
AdwCleaner[S3].txt - [1294 bytes] - [03/06/2015 19:34:34]
AdwCleaner[S4].txt - [996 bytes] - [07/06/2015 15:53:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1054  bytes] ##########
 



#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:15 AM

Posted 07 June 2015 - 05:03 PM

Looks like the malicious .exe has already been removed.  I see you have run adwcleaner before. whats it looking like on your end now?


How Can I Reduce My Risk to Malware?


#6 gamadaya

gamadaya
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 07 June 2015 - 05:29 PM

Actually, it wasn't doing anything for the past 2 days. Thank you for helping me get rid of the cause.



#7 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:10:15 AM

Posted 07 June 2015 - 07:22 PM

No problem, I guess we can call it done then. There is one more download you can get. It will remove the special tools then delete it self:

If all is good, Happy Safe Surfing "out there"

 

   Please download Delfix.exe and save it to your desktop. It will remove the special tools and there associated folders/files.

    https://toolslib.net/downloads/viewdownload/2-delfix/

    Right click and select "run as admin" check: "Remove disinfection tools" and click on the Run button.
    The tool will delete itself once it finishes. You can delete the log it generates


How Can I Reduce My Risk to Malware?


#8 gamadaya

gamadaya
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 08 June 2015 - 01:18 PM

OK I did it. Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users