Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Detected By Emsisoft


  • This topic is locked This topic is locked
21 replies to this topic

#1 tazmo8448

tazmo8448

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 06 November 2015 - 02:21 AM

I recently ran FRST and 'nasdaq' was kind enough to help; now it seems I have another issue with a recently found malware using Emsisoft that reported a Trojan that was reported as a Black Sunday? (don't remember but it was a Black something and labled a BackDoor.gen of some sort;  am now experiencing lots of Event errors along with Safe Mode with Networking not connecting to the internet when in that mode, I can boot to Safe Mode and my internet does work, yet internet does not work in Safe Mode. It has worked but recently has stopped. I would like if I may have someone look at my FRST txt and hopefully see if there is something there that stands out and again hopefully provide a fix. Thanks guys and gals you are providing a needed service. Many thanks in advance.

Attached Files


Edited by tazmo8448, 06 November 2015 - 02:24 AM.


BC AdBot (Login to Remove)

 


#2 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 08 November 2015 - 11:23 PM

The above Trojan is continually showing when Emsisoft is run. It lists it in Windows Defender registry settings as follows:

 

Scan start: 11/8/2015 10:44:19 PM
Value: HKEY_USERS\S-1-5-21-2610782532-1500699501-3633152452-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN -> WINDOWS DEFENDER detected: Backdoor.Win32.BlackShades (A)
 
anybody have any ideas on this and why it would show as a Windows Defender registry file setting? Googling around only explains roughly what a BlackShades is without being specific or am I wrong thinking it is attached to Windows Defender.


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 10 November 2015 - 07:42 AM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Please allow me some time to review your logs and I will be back with instructions.

#4 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 10 November 2015 - 07:59 AM

Thanks Alexstrasza. I have since found that the BackDoor BlackShades was caused by a merge utility to create a registry file so Windows Defender would show in the Task Bar on Start (before it was missing and assumed not on or enabled) TenForums provided the utility and have since contacted them. I do think that this particular issue is a false/positive as seen by Emsisoft Emergency Kit (EEK).



#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 13 November 2015 - 06:47 AM

Hello tazmo8448,

Please take note of the following.

:step1: Registry cleaner and optimization tool

Looking through your logs I noticed that you have Auslogics Registry Cleaner installed. Bleeping Computer DOES NOT recommend the use of this program.

Why you should not use Registry Cleaners and Optimization Tools

Please uninstall Auslogics Registry Cleaner via Programs and Features.

===

:step2: Peer-to-peer software

Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.
If you wish to keep it, please do not use it until your computer is cleaned.

===

:step3: MBAM Clean

Your logs show remnants of Malwarebytes Anti-Malware (MBAM). This can be caused by an improper uninstallation of MBAM.

Please follow the instructions here to remove the remnants using the removal tool.

===

:step4: SystemLook by jpshortstuff

Please download SystemLook from one of the links below and save it to your Desktop.

32-bit version

64-bit version
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :FileFind
    25096986.sys
    44709703.sys
    97371361.sys
    25096986.sys
    44709703.sys
    97371361.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt.

===

:step5: Farbar Recovery Scan Tool

Please create a new set of FRST logs in Normal Mode for me - remember to place a checkmark in Addition.txt!

===

:step6: Please retrieve the scan log from Emsisoft Emergency Kit (Log -> Scan Log) that shows the detection, and a link to the mentioned utility that was detected as a false positive.

To recap, I will need the following information in your next reply:
  • Confirmation that you have acknowledged the warning;
  • Confirmation that you have uninstalled the registry cleaner and removed MBAM remnants;
  • Contents of SystemLook.txt;
  • Contents of FRST.txt and Addition.txt;
  • Scan log from Emsisoft Emergency Kit.
Regards,
Alex 

#6 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 13 November 2015 - 10:05 AM

Thx Alex. Will Do. I did find that the Trojan I first reported was a false/positive by Emsisoft for a utility from TenForums that creates a registry for activating Windows Defender and showing it in the Task Bar (it wasn't showing prior to running it) and it also put it in Start mode.


Edited by tazmo8448, 13 November 2015 - 10:45 AM.


#7 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 13 November 2015 - 11:04 AM

Have uninstalled Auslogic Registry Cleaner; ran mbam.cleaner.exe; created SystemLook.txt and ran FRST (w/both notepads) Here is the link to the Windows Defender utility:-

 

http://www.tenforums.com/tutorials/11974-windows-defender-notification-area-icon-hide-show-windows-10-a.html

 

I think I have all the info you requested and again thanks for taking the time and making the effort.

Attached Files



#8 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 13 November 2015 - 02:06 PM

Hello tazmo8448,

Did you happen to have set any group policies and disabled System Restore?

I have forwarded the information to Emsisoft for further investigation, and the detection should no longer be occurring after the latest update.

Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST/FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST/FRST64.exe and press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply.
Regards,
Alex 

Edited by Alexstrasza, 13 November 2015 - 02:06 PM.


#9 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 13 November 2015 - 03:06 PM

yes i did disable system restore as i am using Macrium Reflect which does an update once a week and is stored in S:\drive. will run the FRST w/fixit and post back when finished. as far as the group policies i disabled DCOM as it was giving many many errors and i do not use any kind of network as this is the only computer in the house and am not 'tied' to any others (that i know of).



#10 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 13 November 2015 - 03:09 PM

Alex~ here is the fixlog.txt

Attached Files



#11 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 13 November 2015 - 03:26 PM

Hi there,

How is the computer running now?

Please create a new set of FRST logs - FRST.txt and Addition.txt - and paste the contents of the log directly into the reply instead of attaching.

Regards,
Alex

#12 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 13 November 2015 - 05:51 PM

Will do. What I am experiencing now in Event Viewer is four Event ID errors related to 7031 as follows:-

 

The Contact Data_Session1 service terminated unexpectedly
The Sync Host_Session1 service terminated unexpectedly
The User Data Storage_Session1 service terminated unexpectedly
The User Data Access_Session1 service terminated unexpectedly

 

Here are the two notepads

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-11-2015

Ran by Trixie (administrator) on TRIXIE-PC (13-11-2015 17:41:44)
Running from E:\FRST
Loaded Profiles: Trixie (Available Profiles: Trixie & Administrator)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\ProfoundSoundService.exe
(Microsoft) C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\SkpPopupSvc.exe
() C:\Windows\System32\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-14] (Logitech Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-05-20] (PDF Complete Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-10-12] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-2610782532-1500699501-3633152452-1000\...\Run: [Steam] => F:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-09] (Valve Corporation)
HKU\S-1-5-21-2610782532-1500699501-3633152452-1000\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1322496 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8c8b3e3e-532b-48b9-951e-72f71dcf93f3}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ed6e3b0f-bcda-40a7-88b0-09c542a0a1cc}: [DhcpNameServer] 7.254.254.254
 
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2610782532-1500699501-3633152452-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2610782532-1500699501-3633152452-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2015-08-08] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-19] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/webhp?source=search_app
CHR StartupUrls: Default -> "hxxps://www.google.com/?gws_rd=ssl","hxxps://login.yahoo.com/config/mail?.intl=us&.done=https%3A%2F%2Fus%2Dmg6.mail.yahoo.com%3A443%2Fneo%2Flaunch%3F.rand%3D3a4h5hnsaujls%26action%3Dinbox#870454668"
CHR Profile: C:\Users\Trixie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Search) - C:\Users\Trixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Trixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-06]
CHR Extension: (Google Voice (by Google)) - C:\Users\Trixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-10-19]
CHR Extension: (AdBlock Pro) - C:\Users\Trixie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-11-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-10-12] (Advanced Micro Devices, Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-09-04] ()
S4 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
S4 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [240576 2013-10-06] (DTS, Inc)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-10] (Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2099720 2015-11-11] (Electronic Arts)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1330312 2013-05-20] (PDF Complete Inc)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-11-04] ()
R2 ProfoundSound Service; C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\ProfoundSoundService.exe [136056 2013-04-19] ()
S4 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3476432 2015-10-12] (Paramount Software UK Ltd)
R2 SkpPopupSvc; C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\SkpPopupSvc.exe [18272 2013-04-19] (Microsoft)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-10] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S4 HPSLPSVC; C:\Users\Trixie\AppData\Local\Temp\7zS4046\hpslpsvc64.dll [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2015-08-08] (ASUSTek Computer Inc.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
S0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 asstahci64; C:\Windows\System32\drivers\asstahci64.sys [88936 2015-06-17] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2013-01-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)
R3 ASUSstpt; C:\Windows\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation)
R3 ASUSumsc; C:\Windows\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-07-21] (Advanced Micro Devices)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-07-24] (Emsisoft GmbH)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-10] (Microsoft Corporation)
R3 msvad_simple; C:\Windows\system32\drivers\ProfoundSound.sys [35104 2012-09-25] ()
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows ® Win 7 DDK provider)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-22] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 ESProtectionDriver; \??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-13 17:33 - 2015-11-13 17:33 - 00016148 _____ C:\Windows\system32\TRIXIE-PC_Trixie_HistoryPrediction.bin
2015-11-13 10:41 - 2015-11-13 10:41 - 00000000 _____ C:\Windows\setuperr.log
2015-11-13 10:41 - 2015-11-13 10:41 - 00000000 _____ C:\Windows\setupact.log
2015-11-13 10:37 - 2015-11-13 10:37 - 00204168 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-13 10:37 - 2015-11-13 10:37 - 00011032 _____ C:\Windows\PFRO.log
2015-11-13 10:21 - 2015-11-13 17:33 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-11-12 20:44 - 2015-11-12 20:44 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2015-11-12 20:37 - 2015-11-12 20:37 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2015-11-12 17:26 - 2015-10-29 16:22 - 00002494 _____ C:\Users\Trixie\Desktop\ProconGunMasterTweak.txt
2015-11-12 17:22 - 2015-11-12 17:22 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2015-11-10 16:17 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 16:17 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-11-10 16:17 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-11-10 16:17 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 16:17 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-11-10 16:17 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 16:17 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-11-10 16:17 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2015-11-10 16:17 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-11-10 16:17 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 16:17 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-11-10 16:17 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-11-10 16:17 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 16:17 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-11-10 16:17 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2015-11-10 16:17 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-11-10 16:17 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 16:17 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-11-10 16:17 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2015-11-10 16:17 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-11-10 16:17 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2015-11-10 16:17 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-11-10 16:17 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 16:17 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-11-10 16:17 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-11-10 16:17 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2015-11-10 16:17 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 16:17 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 16:17 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-11-10 16:17 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-11-10 16:17 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 16:17 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2015-11-10 16:17 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-11-10 16:17 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-11-10 16:17 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2015-11-10 16:17 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-11-10 16:17 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2015-11-10 16:17 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-11-10 16:17 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2015-11-10 16:17 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2015-11-10 16:17 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 16:17 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-11-10 16:17 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-11-10 16:17 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-11-10 16:17 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-11-10 16:17 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2015-11-10 16:17 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 16:17 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 16:17 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 16:17 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 16:17 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2015-11-10 16:17 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2015-11-10 16:17 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2015-11-10 16:17 - 2015-11-03 13:20 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 16:17 - 2015-11-03 13:20 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-09 17:23 - 2015-11-13 12:04 - 00000849 _____ C:\Users\Trixie\Desktop\BlackOps3.exe - Shortcut.lnk
2015-11-09 17:23 - 2015-11-09 17:23 - 00000000 ____D C:\ProgramData\Steam
2015-11-09 16:45 - 2015-11-09 17:14 - 00000645 _____ C:\Users\Trixie\Desktop\AZIO_MGK1invoice.txt
2015-11-09 10:43 - 2015-11-09 10:43 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-08 15:45 - 2015-11-08 15:46 - 00000000 ____D C:\Users\Trixie\Desktop\RECIPES
2015-11-07 20:21 - 2015-11-08 14:50 - 00000078 _____ C:\Users\Trixie\Desktop\BrittanyBnkInfo.txt
2015-11-06 02:32 - 2015-11-06 02:32 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-11-06 02:32 - 2015-11-06 02:32 - 00000893 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2015-11-06 02:31 - 2015-11-06 02:32 - 00000000 ____D C:\Program Files\RogueKiller
2015-11-06 02:28 - 2015-11-06 02:30 - 00000000 ____D C:\ProgramData\RogueKiller
2015-11-06 01:54 - 2015-11-13 17:41 - 00000000 ____D C:\FRST
2015-11-04 02:09 - 2012-09-26 20:09 - 00000000 _____ C:\Windows\system32\ProfoundSoundActivator.dat
2015-11-03 14:56 - 2015-11-03 14:56 - 00002203 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
2015-11-01 19:24 - 2015-11-13 09:07 - 00000512 _____ C:\Windows\Tasks\Macrium-Backup-{CE2DE3D7-572A-4D61-9450-2F0B828A4127}.job
2015-11-01 19:24 - 2015-11-02 09:46 - 00000512 _____ C:\Windows\Tasks\Macrium-Backup-{CD790472-3F33-43AB-B965-1659F21EC5FF}.job
2015-11-01 19:24 - 2015-11-01 19:24 - 00004230 _____ C:\Windows\System32\Tasks\Macrium-Backup-{CD790472-3F33-43AB-B965-1659F21EC5FF}
2015-11-01 19:24 - 2015-11-01 19:24 - 00003734 _____ C:\Windows\System32\Tasks\Macrium-Backup-{CE2DE3D7-572A-4D61-9450-2F0B828A4127}
2015-11-01 19:00 - 2015-11-12 22:06 - 00001343 _____ C:\Users\Trixie\Desktop\Auslogics DiskDefrag.lnk
2015-11-01 14:32 - 2015-11-01 14:32 - 00002589 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
2015-11-01 12:41 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-31 21:36 - 2015-11-10 06:58 - 00000790 _____ C:\Users\Trixie\Desktop\Start Emsisoft Emergency Kit.lnk
2015-10-29 12:57 - 2015-10-29 12:57 - 00007613 _____ C:\Users\Trixie\AppData\Local\Resmon.ResmonCfg
2015-10-25 19:51 - 2015-10-25 20:02 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-10-25 19:46 - 2015-10-25 19:46 - 00000000 ____D C:\Users\Trixie\AppData\Local\Spoon
2015-10-25 19:46 - 2015-10-25 19:46 - 00000000 ____D C:\Users\Trixie\AppData\Local\Free Picture Solutions
2015-10-25 19:41 - 2015-10-25 19:46 - 00000000 ____D C:\Users\Trixie\AppData\Roaming\Free Picture Solutions
2015-10-25 19:40 - 2015-10-25 19:40 - 00000000 ____D C:\Program Files (x86)\powerpointviewer_setup
2015-10-25 19:26 - 2015-10-25 19:26 - 00016148 _____ C:\Windows\system32\TRIXIE-PC_Administrator_HistoryPrediction.bin
2015-10-24 18:27 - 2015-11-13 09:03 - 00000506 _____ C:\Windows\Tasks\Macrium-Backup-{F312DDF6-D479-49CE-BBF9-EA611CAE8873}.job
2015-10-24 18:27 - 2015-11-02 09:55 - 00000506 _____ C:\Windows\Tasks\Macrium-Backup-{2800ADA0-931C-4080-BCD4-202C0CC1DBCA}.job
2015-10-24 18:27 - 2015-11-01 19:24 - 00000000 ____D C:\Users\Trixie\Documents\Reflect
2015-10-24 18:27 - 2015-10-24 18:27 - 00004224 _____ C:\Windows\System32\Tasks\Macrium-Backup-{2800ADA0-931C-4080-BCD4-202C0CC1DBCA}
2015-10-24 18:27 - 2015-10-24 18:27 - 00003728 _____ C:\Windows\System32\Tasks\Macrium-Backup-{F312DDF6-D479-49CE-BBF9-EA611CAE8873}
2015-10-24 18:24 - 2015-10-24 18:23 - 00395268 _____ C:\bootmgr
2015-10-24 16:23 - 2015-10-24 16:32 - 00000000 ____D C:\WinPE_amd64
2015-10-24 15:02 - 2015-10-24 15:02 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2015-10-24 15:02 - 2015-10-24 15:02 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-10-24 14:50 - 2015-10-27 10:10 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-10-24 14:50 - 2015-10-24 15:03 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-10-24 14:50 - 2015-07-09 20:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
2015-10-24 14:50 - 2015-07-09 20:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
2015-10-24 14:50 - 2015-07-09 19:49 - 01133056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll
2015-10-24 14:50 - 2015-07-09 19:49 - 00644608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll
2015-10-24 14:50 - 2015-07-09 19:48 - 06365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
2015-10-24 14:50 - 2015-07-09 19:40 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll
2015-10-24 14:50 - 2015-07-09 19:40 - 00875008 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll
2015-10-24 14:50 - 2015-07-09 19:39 - 00236544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll
2015-10-24 14:50 - 2015-07-09 19:38 - 08244736 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
2015-10-24 14:50 - 2015-07-09 19:31 - 03597312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
2015-10-24 14:50 - 2015-07-09 19:30 - 03680768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2015-10-24 14:50 - 2015-07-09 19:28 - 02439168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12warp.dll
2015-10-24 14:50 - 2015-07-09 19:28 - 00916480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
2015-10-24 14:50 - 2015-07-09 19:28 - 00761856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
2015-10-24 14:50 - 2015-07-09 19:28 - 00647680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
2015-10-24 14:50 - 2015-07-09 19:28 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
2015-10-24 14:50 - 2015-07-09 19:27 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll
2015-10-24 14:50 - 2015-07-09 19:27 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
2015-10-24 14:50 - 2015-07-09 19:27 - 00119296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
2015-10-24 14:50 - 2015-07-09 19:27 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
2015-10-24 14:50 - 2015-07-09 19:27 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll
2015-10-24 14:50 - 2015-07-09 19:27 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARP12Debug.dll
2015-10-24 14:50 - 2015-07-09 19:27 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2015-10-24 14:50 - 2015-07-09 19:26 - 00346624 _____ (Windows ® Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe
2015-10-24 14:50 - 2015-07-09 19:24 - 00233984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll
2015-10-24 14:50 - 2015-07-09 19:21 - 04656128 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
2015-10-24 14:50 - 2015-07-09 19:20 - 04751872 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
2015-10-24 14:50 - 2015-07-09 19:18 - 03257856 _____ (Microsoft Corporation) C:\Windows\system32\d3d12warp.dll
2015-10-24 14:50 - 2015-07-09 19:18 - 01069568 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
2015-10-24 14:50 - 2015-07-09 19:18 - 00877568 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
2015-10-24 14:50 - 2015-07-09 19:17 - 01203200 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
2015-10-24 14:50 - 2015-07-09 19:17 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll
2015-10-24 14:50 - 2015-07-09 19:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
2015-10-24 14:50 - 2015-07-09 19:17 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
2015-10-24 14:50 - 2015-07-09 19:17 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
2015-10-24 14:50 - 2015-07-09 19:17 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
2015-10-24 14:50 - 2015-07-09 19:16 - 00366592 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\DXCpl.exe
2015-10-24 14:50 - 2015-07-09 19:16 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARP12Debug.dll
2015-10-24 14:50 - 2015-07-09 19:16 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll
2015-10-24 14:50 - 2015-07-09 19:13 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll
2015-10-24 14:49 - 2015-10-27 09:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2015-10-24 14:49 - 2015-10-24 14:49 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2015-10-24 14:09 - 2015-10-24 15:08 - 00000000 ____D C:\ProgramData\VsTelemetry
2015-10-24 12:39 - 2015-10-24 17:39 - 00002006 _____ C:\Users\Public\Desktop\Reflect.lnk
2015-10-24 12:39 - 2015-10-24 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2015-10-24 12:39 - 2015-10-24 12:39 - 00000000 ____D C:\Program Files\Macrium
2015-10-24 12:35 - 2015-10-24 12:39 - 00293166 _____ C:\Reflect_Install.log
2015-10-24 12:25 - 2015-10-24 17:40 - 00000000 ____D C:\ProgramData\Macrium
2015-10-22 18:37 - 2015-10-22 18:37 - 00000000 ____D C:\Users\Trixie\Documents\SH3
2015-10-22 14:27 - 2015-10-22 14:27 - 00000008 __RSH C:\Users\Trixie\ntuser.pol
2015-10-22 14:27 - 2015-10-22 14:27 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-22 09:46 - 2015-10-22 09:46 - 00000000 ____D C:\Users\Trixie\Documents\HpReg_Backup
2015-10-22 08:08 - 2015-10-27 09:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-22 08:08 - 2015-10-22 16:05 - 00002317 _____ C:\Users\Public\Desktop\HP Deskjet 2510 series.lnk
2015-10-22 08:08 - 2015-10-22 08:08 - 00000000 ____D C:\Users\Trixie\AppData\Roaming\HpUpdate
2015-10-22 08:07 - 2015-11-01 12:44 - 00000000 ____D C:\Program Files (x86)\HP
2015-10-22 08:07 - 2015-10-22 08:07 - 00000057 _____ C:\ProgramData\Ament.ini
2015-10-22 08:07 - 2015-10-22 08:07 - 00000000 ____D C:\Program Files\HP
2015-10-22 08:05 - 2015-10-22 08:10 - 00000000 ____D C:\Users\Trixie\AppData\Local\HP
2015-10-22 07:50 - 2015-11-03 00:21 - 00000000 ____D C:\ProgramData\HP
2015-10-21 13:56 - 2015-10-21 13:56 - 00000000 ____D C:\ProgramData\ATI
2015-10-21 13:50 - 2015-10-21 13:50 - 00058661 _____ C:\Windows\SysWOW64\CCCInstall_201510211450411812.log
2015-10-21 13:50 - 2015-10-21 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-10-21 13:49 - 2015-10-21 13:49 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-10-21 13:49 - 2015-10-21 13:49 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-10-21 13:48 - 2015-10-12 13:16 - 00458472 _____ C:\Windows\system32\amdmiracast.dll
2015-10-21 13:48 - 2015-10-12 13:16 - 00141792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-10-21 13:48 - 2015-10-12 13:16 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-10-21 13:48 - 2015-10-12 13:16 - 00107784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-10-21 13:48 - 2015-10-12 13:16 - 00100568 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-10-21 13:48 - 2015-10-12 13:16 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-10-21 13:48 - 2015-10-12 13:16 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-10-21 13:48 - 2015-10-12 13:16 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-10-21 13:48 - 2015-10-12 13:16 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 11974960 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 10114240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 08895768 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 08779336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 07931152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 07408936 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 01458144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 01204704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 00152056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 00133016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 00120144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-10-21 13:48 - 2015-10-12 13:15 - 00102616 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-10-21 13:48 - 2015-10-12 13:13 - 00297672 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2015-10-21 13:48 - 2015-10-12 13:10 - 21659136 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-10-21 13:48 - 2015-10-12 13:06 - 47785472 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-10-21 13:48 - 2015-10-12 13:06 - 01187342 _____ C:\Windows\system32\amdocl_as64.exe
2015-10-21 13:48 - 2015-10-12 13:06 - 01061902 _____ C:\Windows\system32\amdocl_ld64.exe
2015-10-21 13:48 - 2015-10-12 13:06 - 00995342 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-10-21 13:48 - 2015-10-12 13:06 - 00798734 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-10-21 13:48 - 2015-10-12 13:06 - 00235008 _____ C:\Windows\system32\clinfo.exe
2015-10-21 13:48 - 2015-10-12 13:05 - 39712768 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-10-21 13:48 - 2015-10-12 13:03 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-10-21 13:48 - 2015-10-12 13:03 - 00059392 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-10-21 13:48 - 2015-10-12 13:02 - 27535872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-10-21 13:48 - 2015-10-12 13:02 - 22318592 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-10-21 13:48 - 2015-10-12 12:41 - 06727168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-10-21 13:48 - 2015-10-12 12:41 - 00668672 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2015-10-21 13:48 - 2015-10-12 12:41 - 00555008 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2015-10-21 13:48 - 2015-10-12 12:41 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-10-21 13:48 - 2015-10-12 12:41 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-10-21 13:48 - 2015-10-12 12:36 - 05289984 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-10-21 13:48 - 2015-10-12 12:35 - 00134656 _____ C:\Windows\system32\amdhdl64.dll
2015-10-21 13:48 - 2015-10-12 12:35 - 00123392 _____ C:\Windows\SysWOW64\amdhdl32.dll
2015-10-21 13:48 - 2015-10-12 12:34 - 30767616 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-10-21 13:48 - 2015-10-12 12:32 - 00096256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-10-21 13:48 - 2015-10-12 12:32 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-10-21 13:48 - 2015-10-12 12:31 - 07096832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2015-10-21 13:48 - 2015-10-12 12:30 - 08635392 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2015-10-21 13:48 - 2015-10-12 12:29 - 25312768 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-10-21 13:48 - 2015-10-12 12:28 - 00050688 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-10-21 13:48 - 2015-10-12 12:28 - 00039424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-10-21 13:48 - 2015-10-12 12:26 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-10-21 13:48 - 2015-10-12 12:25 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-10-21 13:48 - 2015-10-12 12:25 - 00662496 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-10-21 13:48 - 2015-10-12 12:25 - 00662496 _____ C:\Windows\system32\atiapfxx.blb
2015-10-21 13:48 - 2015-10-12 12:25 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-10-21 13:48 - 2015-10-12 12:25 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-10-21 13:48 - 2015-10-12 12:25 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-10-21 13:48 - 2015-10-12 12:25 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-10-21 13:48 - 2015-10-12 12:25 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-10-21 13:48 - 2015-10-12 12:25 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-10-21 13:48 - 2015-10-12 12:25 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-10-21 13:48 - 2015-10-12 12:25 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-10-21 13:48 - 2015-10-12 12:25 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-10-21 13:48 - 2015-10-12 12:24 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-10-21 13:48 - 2015-10-12 12:22 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-10-21 13:48 - 2015-10-12 12:21 - 00674816 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-10-21 13:48 - 2015-10-12 12:21 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-10-21 13:48 - 2015-10-12 12:21 - 00204800 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-10-21 13:48 - 2015-10-12 12:21 - 00189952 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-10-21 13:48 - 2015-10-12 12:21 - 00160256 _____ C:\Windows\system32\atieah64.exe
2015-10-21 13:48 - 2015-10-12 12:21 - 00143872 _____ C:\Windows\SysWOW64\atieah32.exe
2015-10-21 13:48 - 2015-10-12 12:21 - 00029696 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-10-21 13:48 - 2015-10-12 12:20 - 00246784 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-10-21 13:48 - 2015-10-12 12:20 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-10-21 13:48 - 2015-10-12 12:18 - 00865792 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2015-10-21 13:48 - 2015-10-12 12:18 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-10-21 13:48 - 2015-10-12 12:18 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-10-21 13:48 - 2015-10-12 12:17 - 01247744 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-10-21 13:48 - 2015-10-12 12:17 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-10-21 13:48 - 2015-10-12 12:17 - 00926720 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-10-21 13:48 - 2015-10-12 12:17 - 00156672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-10-21 13:48 - 2015-10-12 12:17 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-10-21 13:48 - 2015-10-12 12:17 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-10-21 13:48 - 2015-10-12 12:17 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-10-21 13:48 - 2015-10-12 12:16 - 00666112 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-10-21 13:48 - 2015-10-12 12:16 - 00141824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-10-21 13:48 - 2015-10-12 12:15 - 00102912 _____ C:\Windows\system32\hsa-thunk64.dll
2015-10-21 13:48 - 2015-10-12 12:15 - 00102400 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-10-21 13:48 - 2015-10-12 12:14 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-10-21 13:48 - 2015-07-30 17:00 - 00177344 _____ C:\Windows\system32\ativce03.dat
2015-10-21 13:48 - 2015-07-30 16:58 - 00175648 _____ C:\Windows\system32\amde31a.dat
2015-10-21 13:48 - 2015-07-28 12:45 - 00040720 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\amdkmafd.sys
2015-10-21 13:48 - 2015-07-24 17:43 - 00047664 _____ C:\Windows\system32\kapp_ci.sbin
2015-10-21 13:48 - 2015-07-24 17:43 - 00043536 _____ C:\Windows\system32\kapp_si.sbin
2015-10-21 13:48 - 2015-07-24 16:44 - 00100816 _____ C:\Windows\system32\ativce02.dat
2015-10-21 13:48 - 2015-07-23 06:52 - 00833800 _____ C:\Windows\system32\amdicdxx.dat
2015-10-21 13:48 - 2015-07-21 18:42 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2015-10-21 13:48 - 2015-07-21 18:42 - 00102912 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWT6.sys
2015-10-21 13:48 - 2015-05-28 20:00 - 00234420 _____ C:\Windows\system32\ativvaxy_cik.dat
2015-10-21 13:48 - 2015-05-28 19:58 - 00232752 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2015-10-21 13:48 - 2014-11-06 05:53 - 00737410 _____ C:\Windows\system32\atiicdxx.dat
2015-10-21 13:48 - 2013-04-10 10:34 - 00332800 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2015-10-21 13:48 - 2013-04-10 10:34 - 00051200 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2015-10-21 13:35 - 2015-10-21 13:35 - 00000000 ____D C:\Users\Trixie\AppData\Roaming\ATI
2015-10-21 13:35 - 2015-10-21 13:35 - 00000000 ____D C:\Users\Trixie\AppData\Local\ATI
2015-10-21 13:25 - 2015-10-21 13:50 - 00000000 ____D C:\ProgramData\AMD
2015-10-21 13:25 - 2015-10-21 13:49 - 00000000 ____D C:\Program Files\AMD
2015-10-21 13:25 - 2015-10-21 13:25 - 00064103 _____ C:\Windows\SysWOW64\CCCInstall_201510211425397332.log
2015-10-21 13:25 - 2015-10-21 13:25 - 00000000 ____D C:\Program Files (x86)\AMD
2015-10-21 13:22 - 2015-10-21 13:22 - 00000000 ____D C:\Program Files\ATI
2015-10-21 13:22 - 2013-03-08 03:48 - 00058536 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-10-21 13:21 - 2015-10-21 13:21 - 00000000 ____D C:\Program Files\ATI Technologies
2015-10-21 13:15 - 2015-10-21 13:46 - 00000000 ____D C:\AMD
2015-10-21 13:07 - 2015-10-21 13:07 - 00000000 ____D C:\Users\Trixie\AppData\Local\AMD
2015-10-21 13:06 - 2015-10-21 13:06 - 00064103 _____ C:\Windows\SysWOW64\CCCInstall_201510211406385931.log
2015-10-21 12:43 - 2015-10-21 12:43 - 00000000 ____D C:\Users\Trixie\AppData\Local\WindowsApplication1
2015-10-20 10:23 - 2015-11-03 12:36 - 00001190 _____ C:\Users\Trixie\Desktop\Component Services.lnk
2015-10-19 22:19 - 2015-10-19 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-10-19 22:18 - 2015-10-19 22:18 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d10ae64a43088.job
2015-10-19 22:18 - 2015-10-19 22:18 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-19 21:49 - 2015-10-25 21:26 - 00002380 _____ C:\Users\Trixie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-19 20:03 - 2015-10-19 20:08 - 00000000 ____D C:\Users\Trixie\AppData\Roaming\Tunngle
2015-10-19 20:03 - 2015-10-19 20:06 - 00000000 ____D C:\ProgramData\Tunngle
2015-10-19 20:03 - 2015-10-19 20:03 - 00000000 ____D C:\Users\Public\Documents\Tunngle
2015-10-19 14:12 - 2015-10-19 14:12 - 00095668 _____ C:\Users\Public\Documents\SIGVERIF.TXT
2015-10-18 21:27 - 2015-11-08 22:37 - 00000000 ____D C:\EEK
2015-10-18 16:25 - 2015-10-18 16:25 - 00000000 ____D C:\Users\Trixie\Documents\Tunngle
2015-10-18 16:25 - 2009-09-16 06:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2015-10-18 13:23 - 2015-10-18 13:33 - 00002220 ____H C:\Windows\EPMBatch.ept
2015-10-18 13:19 - 2015-10-18 16:08 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-10-18 12:21 - 2015-11-09 15:49 - 00000000 ____D C:\Users\Trixie\AppData\Roaming\uTorrent
2015-10-17 20:30 - 2015-10-17 20:30 - 00000672 _____ C:\Users\Trixie\Desktop\Edit group policy - Shortcut.lnk
2015-10-16 11:33 - 2015-10-16 11:33 - 00000000 ____D C:\Users\Trixie\AppData\Local\Activision
2015-10-15 11:35 - 2015-10-17 20:31 - 00001237 _____ C:\Users\Trixie\AppData\Roaming\Microsoft\Windows\Start Menu\Security Configuration Management.lnk
2015-10-15 11:34 - 2015-10-15 11:34 - 00001231 _____ C:\Users\Trixie\AppData\Roaming\Microsoft\Windows\Start Menu\Paint.lnk
2015-10-15 11:12 - 2015-10-31 19:26 - 00000000 ____D C:\ProgramData\Codemasters
2015-10-14 23:33 - 2015-10-14 23:33 - 00000000 ____D C:\Users\Trixie\AppData\Local\DCS
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-13 17:37 - 2015-08-10 19:35 - 01005662 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-13 17:33 - 2015-08-08 05:39 - 00001280 _____ C:\Users\Trixie\Desktop\Event Viewer.lnk
2015-11-13 17:33 - 2015-07-10 07:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-13 17:32 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\sru
2015-11-13 17:32 - 2015-07-10 04:05 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-11-13 17:30 - 2015-08-11 23:15 - 00000000 ____D C:\Users\Trixie\AppData\Local\ClassicShell
2015-11-13 17:14 - 2015-08-08 05:40 - 00001244 _____ C:\Users\Trixie\Desktop\Command Prompt.lnk
2015-11-13 16:58 - 2015-08-12 16:32 - 00004158 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DE0355D3-512E-4B0A-84D5-904C0F2BC9F1}
2015-11-13 12:04 - 2015-08-11 22:27 - 00000000 ____D C:\Users\Trixie\AppData\Roaming\TS3Client
2015-11-13 10:26 - 2015-08-08 15:48 - 00000945 _____ C:\Users\Trixie\Desktop\regedit - Shortcut.lnk
2015-11-13 10:09 - 2015-08-18 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-11-13 09:14 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\AppReadiness
2015-11-13 09:03 - 2015-08-10 23:15 - 00000000 ____D C:\Windows\system32\msmq
2015-11-13 04:00 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\rescache
2015-11-12 22:06 - 2015-08-14 23:28 - 00000000 ____D C:\ProgramData\Origin
2015-11-12 20:39 - 2015-08-08 05:41 - 00001228 _____ C:\Users\Trixie\Desktop\Disk Cleanup.lnk
2015-11-12 20:26 - 2015-09-23 10:36 - 00001157 _____ C:\Users\Trixie\Desktop\PRoCon - Shortcut.lnk
2015-11-12 13:06 - 2015-09-30 21:53 - 00000750 _____ C:\Users\Trixie\Desktop\World of Warships.lnk
2015-11-11 14:55 - 2015-08-14 23:28 - 00000000 ____D C:\Program Files (x86)\Origin
2015-11-10 19:58 - 2015-08-08 01:47 - 00001268 _____ C:\Users\Trixie\Desktop\Revo Uninstaller.lnk
2015-11-10 18:41 - 2015-09-18 18:01 - 00001080 _____ C:\Users\Trixie\Desktop\SpeedFan.lnk
2015-11-10 18:41 - 2015-09-18 18:01 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2015-11-10 16:44 - 2015-08-27 14:26 - 00001293 _____ C:\Users\Trixie\AppData\Roaming\Microsoft\Windows\Start Menu\Settings.lnk
2015-11-10 16:40 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-11-10 16:20 - 2015-07-10 05:55 - 00000000 ____D C:\Windows\CbsTemp
2015-11-10 16:19 - 2015-08-08 12:55 - 00000000 ____D C:\Windows\system32\MRT
2015-11-10 16:17 - 2015-08-08 12:55 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-09 22:31 - 2015-09-18 23:36 - 00001151 _____ C:\Users\Trixie\Desktop\notepad - Shortcut.lnk
2015-11-07 20:26 - 2015-08-24 12:02 - 00000127 _____ C:\Users\Trixie\Desktop\BBsAddress.txt
2015-11-07 11:04 - 2015-08-08 01:58 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-11-06 02:32 - 2015-09-20 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-11-06 02:25 - 2009-07-13 22:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-11-05 15:26 - 2015-08-16 09:16 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2015-11-04 11:17 - 2015-08-14 23:41 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2015-11-04 02:09 - 2015-08-15 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profound Sound
2015-11-04 02:05 - 2015-08-08 10:42 - 00001123 _____ C:\Users\Trixie\Desktop\msconfig - Shortcut.lnk
2015-11-04 01:20 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\Registration
2015-11-03 15:14 - 2015-08-08 05:39 - 00001270 _____ C:\Users\Trixie\Desktop\services.lnk
2015-11-03 14:40 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\inetsrv
2015-11-03 00:23 - 2015-08-15 23:00 - 00000000 ____D C:\Users\Trixie\AppData\Local\CrashDumps
2015-11-01 19:15 - 2015-08-10 19:53 - 00000000 ____D C:\Users\Trixie\AppData\Local\Packages
2015-11-01 19:10 - 2015-08-10 19:31 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-31 19:26 - 2015-08-14 23:47 - 00000000 ____D C:\Users\Trixie\Documents\My Games
2015-10-31 19:18 - 2015-08-10 19:36 - 00000000 ____D C:\Users\Trixie
2015-10-29 08:38 - 2015-08-08 12:09 - 00000000 ____D C:\Users\Trixie\AppData\Local\Google
2015-10-27 09:55 - 2015-08-10 23:15 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-26 12:12 - 2015-08-08 12:22 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-10-25 18:21 - 2015-08-16 16:11 - 00002643 _____ C:\Users\Trixie\Desktop\Windows 7 USB DVD Download Tool.lnk
2015-10-24 17:07 - 2015-07-10 06:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-23 13:17 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\system32\NDF
2015-10-23 13:00 - 2015-08-11 22:23 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2015-10-22 17:04 - 2015-07-10 06:04 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-10-22 14:25 - 2015-08-27 14:27 - 00000000 ____D C:\Users\Trixie\AppData\LocalLow\Temp
2015-10-21 17:08 - 2015-08-10 23:15 - 00000000 ____D C:\inetpub
2015-10-21 13:40 - 2015-08-22 19:02 - 00000946 _____ C:\Users\Trixie\Desktop\autodetectutility - Shortcut.lnk
2015-10-21 12:34 - 2015-08-15 15:36 - 00000000 ____D C:\Users\Trixie\Documents\ProfoundSound
2015-10-19 22:18 - 2015-09-21 09:32 - 00000000 ____D C:\Users\Trixie\AppData\Local\Deployment
2015-10-19 22:18 - 2015-08-08 12:09 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-19 21:49 - 2015-08-10 20:00 - 00000000 ___RD C:\Users\Trixie\OneDrive
2015-10-18 21:49 - 2015-08-15 02:30 - 00000000 ____D C:\Windows\Minidump
2015-10-18 21:43 - 2015-09-19 01:35 - 00001630 _____ C:\Windows\system32\.crusader
2015-10-18 19:20 - 2015-08-08 12:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-18 09:47 - 2015-10-10 21:46 - 00000708 _____ C:\Users\Trixie\Desktop\pbsetup - Shortcut.lnk
2015-10-17 12:55 - 2015-08-16 08:55 - 00000000 ____D C:\Users\Trixie\AppData\Local\PunkBuster
 
==================== Files in the root of some directories =======
 
2015-08-15 15:34 - 2015-08-20 07:26 - 0005120 _____ () C:\Users\Trixie\AppData\Local\file__0.localstorage
2015-10-29 12:57 - 2015-10-29 12:57 - 0007613 _____ () C:\Users\Trixie\AppData\Local\Resmon.ResmonCfg
2015-10-22 08:07 - 2015-10-22 08:07 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-10 19:31 - 2015-08-10 19:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some zero byte size files/folders:
==========================
C:\Windows\System32\accesschk.exe
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-13 03:31
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-11-2015
Ran by Trixie (2015-11-13 17:42:15)
Running from E:\FRST
Windows 10 Pro (X64) (2015-08-11 00:52:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2610782532-1500699501-3633152452-500 - Administrator - Disabled) => C:\Users\Administrator.Trixie-PC
DefaultAccount (S-1-5-21-2610782532-1500699501-3633152452-503 - Limited - Disabled)
Guest (S-1-5-21-2610782532-1500699501-3633152452-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2610782532-1500699501-3633152452-1002 - Limited - Enabled)
Trixie (S-1-5-21-2610782532-1500699501-3633152452-1000 - Administrator - Enabled) => C:\Users\Trixie
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2610782532-1500699501-3633152452-1000\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
AMD Catalyst Install Manager (HKLM\...\{AAFD93A0-6522-9FF4-69CF-15B98681681A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.1.0.0 - Auslogics Labs Pty Ltd)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.6.2.40658 - Electronic Arts)
Battlefield 4™ CTE (HKLM-x32\...\{551A08D1-B60E-4DED-9B67-C3B38258CCA3}) (Version: 1.0.2.44728 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
DJ Streamer (HKLM-x32\...\{FB71D020-380A-4E88-B6F9-7F1F1069A505}) (Version: 1.4.1 - Screaming Bee)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.1.879 - Paramount Software (UK) Ltd.) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.45 - PDF Complete, Inc)
Profound Sound Repair version 1.6 Repair (HKLM-x32\...\{8EFE00A1-A7A8-4A42-A84B-80933937C800}_is1) (Version: 1.6 Repair - Quickfilter Technologies)
ProfoundSound Audio (HKLM-x32\...\{FBD289DA-9850-4394-81E0-D02763809313}) (Version: 1.13.0000 - Quickfilter Technologies Inc)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version:  - City Interactive)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warships (HKU\S-1-5-21-2610782532-1500699501-3633152452-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-09-10 00:52 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0DC95FDD-8593-4283-ACC8-5185FE4436EB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {12B9929F-6729-4CB6-908C-BFD5D108AAD3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {1B249873-BCB5-41C9-B556-5640D370E153} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {298034D3-7A23-40C2-9045-0F1EEA1D10D3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {29AA3B95-C680-46AE-A04C-A11070A77F1C} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {44D6CB6F-8898-4724-9200-00ABCB5B479C} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {4D94931A-8008-4357-AE9F-5D238B371B54} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {50A38DF4-7595-46B8-96D8-7106F60827F8} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {52A87DF8-2857-4CBF-B2BA-13A6FD01FEE5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5FAC95A4-4068-4DFE-8A50-2C9689DCF4FD} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {633E70D7-5BAA-497D-BB06-C50196985F47} - System32\Tasks\Macrium-Backup-{F312DDF6-D479-49CE-BBF9-EA611CAE8873} => C:\Program Files\Macrium\Reflect\Reflect.exe [2015-10-23] (Paramount Software UK Ltd)
Task: {6C488413-8509-4D62-94EB-159DC0C33122} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows
Task: {6FEF40ED-2BCD-4695-B951-C6B5A425868F} - System32\Tasks\Macrium-Backup-{CE2DE3D7-572A-4D61-9450-2F0B828A4127} => C:\Program Files\Macrium\Reflect\reflect.exe [2015-10-23] (Paramount Software UK Ltd)
Task: {817A3D73-25CC-4D34-AA89-72C66B55EAD4} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {857B38BF-A6B3-4A19-B37C-1FC95ACBA9F8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {864F5C66-E1CA-43DB-AC30-6F2C49563150} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {9043144B-1A78-46EF-A0D2-AB14F7C5206E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {B06EF2F2-1766-4123-B99A-1F8446ABC08B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B2667CAB-0DDD-4824-965E-05711B64E47B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {B2C74D4C-7CEE-4F7A-9F0A-0B1C52734813} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C3CE3E43-4F9D-4DC6-AF89-5552877FCF27} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {D051814B-6840-43BC-AB9F-A08AE105A1D9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {D183846D-F94E-4D74-A892-453A6389DCE1} - System32\Tasks\Macrium-Backup-{2800ADA0-931C-4080-BCD4-202C0CC1DBCA} => C:\Program Files\Macrium\Reflect\Reflect.exe [2015-10-23] (Paramount Software UK Ltd)
Task: {E413FC08-F15C-41FA-8F3A-CCC964FCD98D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-10] (Microsoft Corporation)
Task: {E6D474CF-2835-441C-9E46-ED8263BF4877} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {EBB3EC89-EFB5-4061-AB48-97C23CB82924} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F179E9ED-ECAE-44E5-84F0-82C34A21C3EC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {F8E4631D-F18E-44C8-8DFD-1409421882B9} - System32\Tasks\Macrium-Backup-{CD790472-3F33-43AB-B965-1659F21EC5FF} => C:\Program Files\Macrium\Reflect\reflect.exe [2015-10-23] (Paramount Software UK Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d10ae64a43088.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Macrium-Backup-{2800ADA0-931C-4080-BCD4-202C0CC1DBCA}.job => C:\Program Files\Macrium\Reflect\Reflect.exeh-e -w C:\Users\Trixie\Documents\Reflect\My Backup.xml
Task: C:\Windows\Tasks\Macrium-Backup-{CD790472-3F33-43AB-B965-1659F21EC5FF}.job => C:\Program Files\Macrium\Reflect\reflect.exek-e -w C:\Users\Trixie\Documents\Reflect\My Backup(1).xml
Task: C:\Windows\Tasks\Macrium-Backup-{CE2DE3D7-572A-4D61-9450-2F0B828A4127}.job => C:\Program Files\Macrium\Reflect\reflect.exek-e -w C:\Users\Trixie\Documents\Reflect\My Backup(1).xml
Task: C:\Windows\Tasks\Macrium-Backup-{F312DDF6-D479-49CE-BBF9-EA611CAE8873}.job => C:\Program Files\Macrium\Reflect\Reflect.exeh-e -w C:\Users\Trixie\Documents\Reflect\My Backup.xml
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-10 23:21 - 2015-08-10 23:21 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2013-04-19 19:11 - 2013-04-19 19:11 - 00136056 _____ () C:\Program Files (x86)\Quickfilter Technologies\Profound Sound\ProfoundSoundService.exe
2015-08-16 09:16 - 2015-11-05 15:26 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-09-30 18:28 - 2015-09-17 01:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-09-30 18:28 - 2015-09-17 01:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-09-30 18:28 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-09-30 18:28 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-09-30 18:28 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-30 18:28 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-09-30 18:28 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-22 18:05 - 2015-10-20 09:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-22 18:05 - 2015-10-20 09:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Trixie\Cookies:gs5sys
AlternateDataStreams: C:\Users\Trixie\Templates:gs5sys
AlternateDataStreams: C:\Users\Trixie\AppData\Local\History:gs5sys
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2610782532-1500699501-3633152452-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Trixie\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\northpolemoon.bmp
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: !SASCORE => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 3
MSCONFIG\Services: AppHostSvc => 2
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: asHmComSvc => 2
MSCONFIG\Services: AsSysCtrlService => 2
MSCONFIG\Services: AsusFanControlService => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DTSAudioSvc => 2
MSCONFIG\Services: gupdate => 3
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MbaeSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: pdfcDispatcher => 2
MSCONFIG\Services: PnkBstrA => 2
MSCONFIG\Services: ProfoundSound Service => 2
MSCONFIG\Services: ReflectService.exe => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TunngleService => 3
MSCONFIG\startupreg: ASUS AiChargerPlus Execute => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
MSCONFIG\startupreg: ASUS WiFi GO! FileTransfer Execute => C:\Program Files (x86)\ASUS\AI Suite II\Remote GO!\AssistTools\WiFile\WiFileTransfer.exe
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_DTS"
HKLM\...\StartupApproved\Run: => "StartCCC"
HKLM\...\StartupApproved\Run: => "Eraser"
HKLM\...\StartupApproved\Run: => "Classic Start Menu"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run32: => "Eraser"
HKLM\...\StartupApproved\Run32: => "PDF Complete"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2610782532-1500699501-3633152452-1000\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{593F4E59-6CBB-4885-AD55-9521AEBAF2EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{2788ABC5-25F2-413D-A13B-0B63C567745A}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4_x86.exe
FirewallRules: [{7008152A-86E9-424A-B25F-40FEB2E43A56}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4_x86.exe
FirewallRules: [{32BE1927-4148-4839-A867-99D9EF6787A5}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4.exe
FirewallRules: [{C4AB3F5A-D065-470C-A7CA-ED0F5DFBBE3A}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4.exe
FirewallRules: [{915AF46F-8A68-43DC-809D-8B3949A2E2C6}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{CC410E3C-E190-4BB3-978A-630F15A56002}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{60CB629F-2764-4589-8929-B07341A76E10}] => (Allow) F:\Program Files (x86)\Battlefield 3\bf3.exe
FirewallRules: [{3616FA25-A905-4663-9A6E-CE6623813ED4}] => (Allow) F:\Program Files (x86)\Battlefield 3\bf3.exe
FirewallRules: [{ADDAC9AF-E402-4D60-B0E2-D1BDDAB81390}] => (Allow) F:\Program Files (x86)\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{3B1D8498-5245-4709-B4E4-8D43972DAB15}] => (Allow) F:\Program Files (x86)\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{BB05797D-1CCE-4B3A-A8F1-9AC209555953}] => (Allow) F:\Program Files (x86)\Titanfall\Titanfall.exe
FirewallRules: [{BA748F9A-D98D-4EE4-9B8A-77DE02448686}] => (Allow) F:\Program Files (x86)\Titanfall\Titanfall.exe
FirewallRules: [{E174991C-9062-4F80-900A-A9E475D90DE7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CAA50B4A-4526-4C7E-8304-E23FDD1B5030}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B1EF1C8A-161F-4EAB-8352-8227A13CE4FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CD11B2A7-0E52-4415-800E-BFF86EE25A69}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2DB02934-BFED-4C87-9CC9-299F2741C686}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{43B34F66-2863-4F30-B206-2D0E22A1D603}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{B65735FE-771C-4026-8733-97E1390AF230}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{D9FA3CB4-E9EB-46AD-B88A-0DB4B33E3DB6}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{59D578FD-8694-42C2-BC51-C7994ACACDDC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1A147945-4E26-43C8-A25E-2E36DBEE56A3}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{AA001AAA-A67E-4340-BC93-12D9F0898B73}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5BFAA8E5-F4B5-49E9-9C92-A51A133B378D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{AE5924EC-6B9A-4524-B11E-79C1606275C4}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4_x86.exe
FirewallRules: [{3D597BCC-7A2A-45D7-B05C-860B0472D6A9}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4_x86.exe
FirewallRules: [{1169D670-A248-4717-9325-9CFF11152072}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4.exe
FirewallRules: [{02B0C0F2-D41A-4AE0-B968-A79AF0FD2F3C}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4.exe
FirewallRules: [{7C8655E2-630A-4FDC-AE48-98F548521F5E}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{945433EF-E52B-4E09-B53A-9F2E82D39C14}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{F9664178-677F-4963-B0FB-E0503B6FAAD8}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{157063F8-3546-4383-AC7A-215568FDB8A1}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{8025DCB0-4F01-448E-9E43-CECFDC43DAD3}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{0A0ABDEA-E92E-4E4A-823B-9391B2FB5F73}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{D0568FD4-1175-4FBA-88FB-3464B999CCAC}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{BF48B3B0-28A6-456F-A4D1-076189B8E8A4}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [TCP Query User{B99646C9-78AF-4C7F-BAC8-AE8307AA18A0}F:\program files (x86)\battlefield 4 cte\bf4cte.exe] => (Allow) F:\program files (x86)\battlefield 4 cte\bf4cte.exe
FirewallRules: [UDP Query User{DA38617D-7683-49F6-99D1-1C1CBFB95BF8}F:\program files (x86)\battlefield 4 cte\bf4cte.exe] => (Allow) F:\program files (x86)\battlefield 4 cte\bf4cte.exe
FirewallRules: [{F09F8CA8-A74F-48D6-A782-3C928021BBF2}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4FFF34BD-74E5-4B1D-888C-BB6C791375C4}] => (Allow) F:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{73F404F2-D6AA-4A0D-AE60-D280FD2FB90C}] => (Allow) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BD78854A-A68E-4A7D-A342-02CD804C78FF}] => (Allow) F:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F9B81DA2-F55F-403E-9D80-BFAD8FCC809A}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{BAF7718D-ED31-44C2-976D-0051C935C086}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{8919BBB5-C180-4777-99B4-C0CCE9A837C2}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{1BFF7B9A-F90F-4917-B126-29B3E0F18C9E}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{0EB595E6-84FD-4051-804B-AB80882A54C2}] => (Allow) F:\Program Files (x86)\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{FEDA3E63-C978-4B86-A39D-05BEC025E284}] => (Allow) F:\Program Files (x86)\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{BE44E7F7-57AB-4D30-92FD-589D2F6246C5}] => (Allow) F:\Program Files (x86)\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{D158CE93-29C8-45F6-8BF7-7697BB5B5638}] => (Allow) F:\Program Files (x86)\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{4AEAFDD4-4A61-4158-8B54-5458BF4FB0D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4B693F51-AC69-4E54-9C42-D8C48DAF5F63}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EE64ED9A-FC4F-4C9F-9339-E12CE5D9B5F8}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{9294AD39-D99C-4350-B7DB-66D3E78F87A4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CC6FA0D2-2E79-40DD-86DB-99B84A599385}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{30C4E949-FC7D-4C25-8703-2858849C1941}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{98541F5D-944E-4F23-867A-2E8DE134936B}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{AAC049BF-AE8D-4099-9ACE-0B1C5665DB36}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{74AFE964-97D6-4469-AE9D-3DD7BA778EF3}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{A38246D7-2667-4290-93DC-B755A97532F6}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{096F3C04-5F79-405A-8DBA-1A1C11030124}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{F16FADC8-F7D3-497B-8099-BFB0CC1CE039}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{BA9CE752-797E-430D-B2C4-2077BF340540}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{9E024D83-868E-4DED-AD68-DE06670AC601}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{83C63BE6-A12E-4B3D-B279-6BEAE1AC21DA}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{B5B1A2D9-38C4-41A8-8404-53BB528A0015}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{F085E918-C9ED-4CBC-A3DA-CAFCF31CA6A5}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{3202FE5B-E5D9-4400-A5B1-ACE4DCAFFB07}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{7DAFE793-3326-4256-AA29-8C212D765A05}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C1D6FD98-3FAB-4DA8-ACE4-AC210C7AAC2F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E50C2BCD-4EC9-4DA4-9F9A-4D4C81A2E522}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{653C5AC4-4D22-4E5B-8262-2EC983DF9724}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{F3B8FE49-0C4F-449C-9A93-AAD6599C730D}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
FirewallRules: [{9D605248-80C6-4B71-AFCD-6F6D13F1FCE3}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\SniperGhostWarrior2\Bin32\SniperGhostWarrior2.exe
FirewallRules: [{AF27501D-73CC-4D1C-9E66-3F79E8BA5198}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Sniper Ghost Warrior\Sniper_x86.exe
FirewallRules: [{DD899C47-9FAB-4FE5-BFC2-AE265EBA05E6}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Sniper Ghost Warrior\Sniper_x86.exe
FirewallRules: [TCP Query User{4A96CF01-981C-481B-8B91-58E8DF7CB7EC}H:\procon_1.5.1.1\new folder\procon.exe] => (Allow) H:\procon_1.5.1.1\new folder\procon.exe
FirewallRules: [UDP Query User{ABE0A72E-231A-4C29-BB57-CA3772BE6FE2}H:\procon_1.5.1.1\new folder\procon.exe] => (Allow) H:\procon_1.5.1.1\new folder\procon.exe
FirewallRules: [{932E1D67-CB3D-4A0A-A028-CB9BF5BEA756}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{EF539FF4-18FF-4372-A9F5-A1F7F9E347BE}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{1EC778CB-F66C-4175-97F0-DBA2C10880A4}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{5497C51F-E1DE-4916-91A7-7475358F5FA4}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaW.exe
FirewallRules: [{C37A4017-8997-4472-B288-BD8137D73F3A}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{BC1DBDA3-11AD-4B51-952A-AC13909F8E06}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\Call of Duty World at War\CoDWaWmp.exe
FirewallRules: [{21807273-2E9C-4400-8843-00167355FDFE}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{54024528-5D06-4EBB-9EFC-4E224BE90BF6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{4FBB3521-E555-4BF2-995A-1C848E618A29}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{32415BB6-54F7-4F66-8017-CC7CB109BBE9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CEAAF53B-E7A4-4BA8-B444-9C3E0EE6F905}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{D598E3C6-9EDD-4B92-ACFC-324925B0EB4A}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{3FD50F9D-BE5F-4677-8C16-8051E0FE56EE}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{595BBF88-B17D-4E15-9829-4E1A2E25CCB1}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{8894B2F0-A86F-43D5-9826-DAD1DD155465}] => (Allow) C:\Users\Trixie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CDC1F931-E7D4-4C54-B7C8-30DF58BCCEC8}] => (Allow) C:\Users\Trixie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C3125121-15CE-47AF-8904-CC6F859DB83D}] => (Allow) C:\Users\Trixie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7F10FD0F-32AC-4025-9D24-96863A088505}] => (Allow) C:\Users\Trixie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{24FD0A8E-D3A8-46C1-9FA9-F9A77CF1339E}] => (Allow) C:\Users\Trixie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{662F6EDF-E66B-4485-81E5-A519BA5C6DE3}] => (Allow) C:\Users\Trixie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{953C6FAF-964D-44F6-9514-08F3F41FE1CF}] => (Allow) F:\Program Files (x86)\Battlefield 4\bf4_x86.exe
FirewallRules: [{EDC027A9-799E-4743-95AE-0B8B633D044F}] => (Allow) C:\Users\Trixie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8A3D270E-540C-48F3-AF34-36FD44DBF4D5}] => (Allow) C:\Users\Trixie\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B9B56D09-C378-447B-9D06-177F320822CC}] => (Allow) C:\Program Files\HP\HP Deskjet 2510 series\Bin\USBSetup.exe
FirewallRules: [{B8A0F8AF-F88E-40E2-B861-F7A9445B91BA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6B1678FD-7E04-4B49-86F8-F6D809C00B66}] => (Allow) F:\Program Files (x86)\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{03E051CD-FC44-4E8F-A0AC-858CFE60DA32}] => (Allow) F:\Program Files (x86)\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{AF318FF9-C2A6-4594-9FB3-365080911963}] => (Allow) F:\Program Files (x86)\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{83BFF4BD-AE4D-403F-9601-2A64C1577D8C}] => (Allow) F:\Program Files (x86)\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{D849B6F8-5DA4-4277-9CD6-37807C16FA41}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\GRID Autosport\GRIDAutosport.exe
FirewallRules: [{174B3673-58AD-46D5-A771-A726DE83F1EB}] => (Allow) F:\Program Files (x86)\Steam\steamapps\common\GRID Autosport\GRIDAutosport.exe
FirewallRules: [{1AC111D7-B7B9-430D-8AA2-E8B65E99A367}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{02DB728B-3E83-422F-9EB8-2CDD741D4CD3}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{6BEBB7E9-6DB5-4B09-9750-6D9C6848B522}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{659836F5-CD87-4B6E-9E0D-C37860616D39}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{B01AE6FF-4636-4637-87E0-F6D3B6D1B7D9}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6EE5CCFE-802B-47B1-8AB7-B8DA7162E327}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D018335B-591E-4D9D-8A1D-1EC95279812C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{94CC8A15-609A-45A7-A12C-90692EEE0360}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{FFC7BB3B-359F-49D0-970A-1A114A384E54}M:\program files\call of duty black ops iii\blackops3.exe] => (Allow) M:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [UDP Query User{CACBC8A7-3A6A-48C8-9023-E9AA643555F5}M:\program files\call of duty black ops iii\blackops3.exe] => (Allow) M:\program files\call of duty black ops iii\blackops3.exe
FirewallRules: [{8C7B54F9-5067-4F0C-8A6F-80A22B33D8F8}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{E7A7E190-11C4-4310-969B-23F521AEB4A2}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEWebHelper.exe
FirewallRules: [{703824CB-4328-4D4B-9FB4-1F230623CFEC}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{C258BD47-22D3-46D4-AA5D-7FB97204598A}] => (Allow) F:\Program Files (x86)\Battlefield 4 CTE\BF4CTEX86WebHelper.exe
FirewallRules: [{7FCBA8CD-73E9-4678-B935-68CB254CDF58}] => (Allow) F:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{2F692753-CD6C-4F40-BEE1-AC55C3DEB3C5}] => (Allow) F:\Games\World_of_Warships\WoWSLauncher.exe
FirewallRules: [{940AF6D0-C469-42E4-90D2-3C11A3B66573}] => (Allow) F:\Games\World_of_Warships\worldofwarships.exe
FirewallRules: [{12D15770-D694-45DB-8C87-C4FF6FF7D847}] => (Allow) F:\Games\World_of_Warships\worldofwarships.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (11/13/2015 05:32:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/13/2015 05:32:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/13/2015 05:32:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/13/2015 05:32:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8350 Eight-Core Processor 
Percentage of memory in use: 11%
Total physical RAM: 16283.45 MB
Available physical RAM: 14362.05 MB
Total Virtual: 23182.45 MB
Available Virtual: 21173.95 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:100.51 GB) (Free:75.43 GB) NTFS
Drive d: (SanDisk) (Removable) (Total:119.24 GB) (Free:85.43 GB) exFAT
Drive e: (ADATA UFD) (Removable) (Total:14.45 GB) (Free:6.82 GB) NTFS
Drive f: (Game Drive) (Fixed) (Total:931.39 GB) (Free:609.35 GB) NTFS
Drive h: (Toshiba_16gb) (Removable) (Total:14.45 GB) (Free:5.86 GB) NTFS
Drive m: (Toshiba_Ext) (Fixed) (Total:931.51 GB) (Free:790.02 GB) NTFS
Drive s: (Game Drive) (Fixed) (Total:931.39 GB) (Free:837.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: 2827E490)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=100.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: A08CFD7E)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: DB841AE0)
 
Partition: GPT.
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 119.3 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 14.4 GB) (Disk ID: 05C8DB91)
Partition 1: (Active) - (Size=14.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 931.5 GB) (Disk ID: 626E6815)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:02:12 AM

Posted 16 November 2015 - 12:55 PM

Hello tazmo8448,

Please reboot into Safe Mode with Networking, then do this.

MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Also, can you clarify this?

along with Safe Mode with Networking not connecting to the internet when in that mode, I can boot to Safe Mode and my internet does work, yet internet does not work in Safe Mode. It has worked but recently has stopped.

Regards,
Alex


Edited by Alexstrasza, 16 November 2015 - 12:55 PM.


#14 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 16 November 2015 - 04:45 PM

Hi Alex~

   What I was trying to say was when I first upgraded to W10 Safe Mode with Networking worked and now it doesn't. I can still boot to all ''Safe Modes'' but the internet itself does not connect. I have downloaded the tool (mini tool box) and will run it in SMwN and report the findings or in this case the .txt file. BTW had to download the tool first then go to Safe Mode for the obvious reasons.


Edited by tazmo8448, 16 November 2015 - 04:47 PM.


#15 tazmo8448

tazmo8448
  • Topic Starter

  • Members
  • 88 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SC
  • Local time:09:12 PM

Posted 16 November 2015 - 05:02 PM

Hello again Alex here are the results of the MiniTool notepad:-

 

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Trixie (administrator) on 16-11-2015 at 16:54:25
Running from "C:\Users\Trixie\Desktop"
Microsoft Windows 10 Pro  (X64)
Model: To be filled by O.E.M. Manufacturer: To be filled by O.E.M.
Boot Mode: Network
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
TAP-Win32 Adapter V9 (Tunngle) = Ethernet 2 (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Trixie-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Ethernet adapter Ethernet 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TAP-Win32 Adapter V9 (Tunngle)
   Physical Address. . . . . . . . . : 00-FF-ED-6E-3B-0F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 14-DD-A9-50-EC-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 108.249.18.202(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : Monday, November 16, 2015 4:53:22 PM
   Lease Expires . . . . . . . . . . : Monday, November 16, 2015 5:03:22 PM
   Default Gateway . . . . . . . . . : 108.249.16.1
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  homeportal
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2607:f8b0:4002:c07::8b
 74.125.196.100
 74.125.196.139
 74.125.196.101
 74.125.196.102
 74.125.196.113
 74.125.196.138
 
 
Pinging google.com [74.125.196.139] with 32 bytes of data:
Reply from 74.125.196.139: bytes=32 time=27ms TTL=44
Reply from 74.125.196.139: bytes=32 time=26ms TTL=44
 
Ping statistics for 74.125.196.139:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 26ms, Maximum = 27ms, Average = 26ms
Server:  homeportal
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 2001:4998:44:204::a7
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=94ms TTL=44
Reply from 206.190.36.45: bytes=32 time=95ms TTL=44
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 94ms, Maximum = 95ms, Average = 94ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 15...00 ff ed 6e 3b 0f ......TAP-Win32 Adapter V9 (Tunngle)
  5...14 dd a9 50 ec b8 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     108.249.16.1   108.249.18.202     20
     108.249.16.0    255.255.252.0         On-link    108.249.18.202    276
   108.249.18.202  255.255.255.255         On-link    108.249.18.202    276
   108.249.19.255  255.255.255.255         On-link    108.249.18.202    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    108.249.18.202    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    108.249.18.202    276
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  1    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
 
System errors:
=============
Error: (11/16/2015 04:54:27 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/16/2015 04:54:27 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/16/2015 04:54:27 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/16/2015 04:54:27 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/16/2015 04:54:26 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/16/2015 04:54:26 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/16/2015 04:54:26 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (11/16/2015 04:53:55 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/16/2015 04:53:55 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (11/16/2015 04:53:55 PM) (Source: DCOM) (User: Trixie-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-11-16 16:40:38.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-11-16 16:40:38.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
AMD Catalyst Install Manager (HKLM\...\{AAFD93A0-6522-9FF4-69CF-15B98681681A}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.6.0000 - Asmedia Technology)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 6.1.0.0 - Auslogics Labs Pty Ltd)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.6.2.40658 - Electronic Arts)
Battlefield 4™ CTE (HKLM-x32\...\{551A08D1-B60E-4DED-9B67-C3B38258CCA3}) (Version: 1.0.2.45436 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
Call of Duty: World at War (HKLM-x32\...\Steam App 10090) (Version:  - Treyarch)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
DJ Streamer (HKLM-x32\...\{FB71D020-380A-4E88-B6F9-7F1F1069A505}) (Version: 1.4.1 - Screaming Bee)
Eraser 6.0.10.2620 (HKLM\...\{6E5159B4-A519-41EF-80EF-AD58371515DF}) (Version: 6.0.2620 - The Eraser Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{293CC68A-32BA-4BA4-84BD-0DCF6583566F}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\{025386EB-9F99-4F98-AB2C-638A84F9203C}) (Version: 6.1.879 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.1.45 - PDF Complete, Inc)
Profound Sound Repair version 1.6 Repair (HKLM-x32\...\{8EFE00A1-A7A8-4A42-A84B-80933937C800}_is1) (Version: 1.6 Repair - Quickfilter Technologies)
ProfoundSound Audio (HKLM-x32\...\{FBD289DA-9850-4394-81E0-D02763809313}) (Version: 1.13.0000 - Quickfilter Technologies Inc)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version:  - Rebellion)
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version:  - City Interactive)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warships (HKCU\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version:  - Wargaming.net)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 6%
Total physical RAM: 16283.45 MB
Available physical RAM: 15306.32 MB
Total Virtual: 25114.94 MB
Available Virtual: 24231.12 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:100.51 GB) (Free:75.65 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
3 Drive e: () (Fixed) (Total:931.41 GB) (Free:840.43 GB) NTFS
4 Drive f: (Game Drive) (Fixed) (Total:931.39 GB) (Free:607.55 GB) NTFS
5 Drive g: (ADATA UFD) (Removable) (Total:14.45 GB) (Free:3.08 GB) NTFS
6 Drive h: (Toshiba_16gb) (Removable) (Total:14.45 GB) (Free:5.86 GB) NTFS
7 Drive i: (SanDisk) (Removable) (Total:119.24 GB) (Free:78.7 GB) exFAT
8 Drive m: (Toshiba_ExtHD) (Fixed) (Total:931.51 GB) (Free:931.31 GB) NTFS
9 Drive s: (Game Drive) (Fixed) (Total:931.39 GB) (Free:815.43 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\TRIXIE-PC
 
Administrator            DefaultAccount           Guest                    
Trixie                   
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
 
**** End of log ****





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users