Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

9 year old was using PC and clicked something

Solved 
7K views 32 replies 2 participants last post by  capnkrunch 
#1 · (Edited by Moderator)
I ran Malware Bytes, SpyBot, ADWCleaner, Restarted Firefox with default and brower hack keeps coming back.....Right now I only see it in Firefox...where I will be on a page and then it will just hop to Windows repair tool, fake abode, newsweek, and various other sites...I cleaned what I can I am decent at this stuff but i guess not good enough...Prior to my cleaning, Chrome was also jacked with the old home page of YOUR IP is locked pay us...GOV etc.. Chrome works fine now.

Firefox hop example...sitting on eBay then bamm loaded this page:

**content removed due to possibly malicious link**

Right now Firefox is the only issue.

I would like to add when I run ADWCleaner FireFox is not listed...Only Chrome...go figure....

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 64 bit
Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz, Intel64 Family 6 Model 23 Stepping 6
Processor Count: 2
RAM: 4094 Mb
Graphics Card: AMD Radeon HD 6800 Series, 1024 Mb
Hard Drives: C: Total - 99999 MB, Free - 6994 MB; D: Total - 414999 MB, Free - 12424 MB; E: Total - 438866 MB, Free - 32009 MB;
Motherboard: ASUSTeK Computer INC., P5QL-E
Antivirus: Microsoft Security Essentials, Updated and Enabled

What other program can I run to provide you data? This is my second time in 3 years :)
 
See less See more
#2 ·
Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.
Hello rcoops72 and welcome back to the Tech Support Guy Forums :)

Apologies about the delay in getting to your topic. My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

 
#3 ·
Please run the following program:

FRST Scan
  • Please download FRST by Farbar, and save it to your Desktop.
    You need to download the 64bit version.
  • Close all open programs and windows so you are at your Desktop.
  • Right click FRST.exe/FRST64.exe and select Run as administrator.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button and wait while the scan finished
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.txt
  • Addition.txt
  • Are there any changes in computer behavior?
 
#4 · (Edited)
No issues with instructions. THANK YOU. Last night I uninstalled FIREFOX, Ran CCLEANER and reinstalled FIREFOX. Just wanted you to know. PC still does not seem right....Below is the first log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016
Ran by Coop (administrator) on COOP-PC (30-09-2016 20:56:09)
Running from C:\Users\Coop\Desktop
Loaded Profiles: Coop (Available Profiles: Coop)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\ASUS\Six Engine\SixEngine.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Advanced Micro Devices Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169744 2015-09-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CTxfiHlp] => C:\Windows\SysWOW64\CTXFIHLP.EXE [25600 2009-04-09] (Creative Technology Ltd)
HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-05-24] (AMD)
Startup: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-02-13] ()
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136 192.168.1.1
Tcpip\..\Interfaces\{68EDA685-365D-416E-B3DA-45105A42302E}: [DhcpNameServer] 167.206.245.135 167.206.245.136 192.168.1.1
Tcpip\..\Interfaces\{DF18AE1E-3EA5-4EC6-A01E-508FBAF6A315}: [DhcpNameServer] 167.206.245.135 167.206.245.136 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2800502796-835880612-2508068223-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2014-12-09] (Wondershare)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF ProfilePath: C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Profiles\aj02sy3t.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @skyhookwireless.com/LokiPlugin -> C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\4.9.0.06\nploki.dll [2013-11-22] (Skyhook Wireless)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=3 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [2016-01-03] (GeoComply Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=9 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [2016-01-03] (GeoComply Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR -> D:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2013-01-11] (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin-x32: geocomply.com/player_location_check -> C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll [2016-01-03] (GeoComply)
FF Plugin HKU\S-1-5-21-2800502796-835880612-2508068223-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll [2010-03-28] (Move Networks)
FF Plugin HKU\S-1-5-21-2800502796-835880612-2508068223-1000: geocomply.com/gc_browser_plugin_client_2_1_9 -> C:\Program Files (x86)\GeoComply\gc-browser-plugin-client\2.1.9.4\npgc-browser-plugin-client_2_1_9.dll [2013-12-10] (GeoComply)
FF Plugin HKU\S-1-5-21-2800502796-835880612-2508068223-1000: geocomply.com/gc_browser_plugin_client_c -> C:\PROGRA~2\GEOCOM~1\GC-BRO~1\2110~1.1\NPGC-B~1.DLL [2014-01-20] (GeoComply)
FF Plugin HKU\S-1-5-21-2800502796-835880612-2508068223-1000: tdameritrade.com/thinkorswim -> E:\Program Files\thinkorswim\npthinkorswim.dll [2016-09-28] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2800502796-835880612-2508068223-1000: tdameritrade.com/tossc -> E:\Program Files\thinkorswim\nptossc.dll [2016-09-28] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-2800502796-835880612-2508068223-1000: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2800502796-835880612-2508068223-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Coop\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll => No File
CHR Plugin: (Shockwave for Director) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll => No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL => No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (AOL Media Playback Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npunagi2.dll => No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
CHR Plugin: (Google Update) - C:\Users\Coop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Move Streaming Media Player) - C:\Users\Coop\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File
CHR Profile: C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default [2016-09-30]
CHR Extension: (YouTube) - C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
StartMenuInternet: Google Chrome.FWUEEWQU6ADASTHOTUDWX66SBI - C:\Users\Coop\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S4 DAUpdaterSvc; E:\Program Files (x86)\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
S2 GeoComplyUpdate; C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [98776 2016-01-03] (GeoComply Inc.)
S2 GeoComplyUpdateM; C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [98776 2016-01-03] (GeoComply Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [61440 2009-06-07] (Nalpeiron Ltd.) [File not signed]
R2 Player Location Check; C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe [3431824 2016-01-03] (GeoComply)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2010-03-20] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Abyssus; C:\Windows\System32\drivers\Abyssus.sys [10880 2009-10-30] (Razer (Asia-Pacific) Pte Ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [14392 2007-12-17] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1261568 2010-04-07] (C-Media Inc)
R3 L1E; C:\Windows\System32\DRIVERS\L1E60x64.sys [57856 2009-08-05] (Atheros Communications, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-30 20:56 - 2016-09-30 20:56 - 00019045 _____ C:\Users\Coop\Desktop\FRST.txt
2016-09-30 20:53 - 2016-09-30 20:53 - 02404352 _____ (Farbar) C:\Users\Coop\Desktop\FRST64.exe
2016-09-28 22:20 - 2016-09-28 22:20 - 00000000 ____D C:\Users\Coop\AppData\Local\Mozilla
2016-09-28 22:19 - 2016-09-28 22:19 - 00000700 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-28 22:19 - 2016-09-28 22:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-28 22:17 - 2016-09-28 22:18 - 43586512 _____ C:\Users\Coop\Downloads\Firefox Setup 49.0.1.exe
2016-09-27 23:49 - 2016-09-27 23:50 - 03861056 _____ C:\Users\Coop\Downloads\adwcleaner_6.020 (2).exe
2016-09-26 23:35 - 2016-09-26 23:36 - 03861056 _____ C:\Users\Coop\Downloads\adwcleaner_6.020 (1).exe
2016-09-26 23:27 - 2016-09-26 23:27 - 00446488 _____ (Alex Dragokas) C:\Users\Coop\Downloads\clearlnk_2.9.0.7.exe
2016-09-26 23:25 - 2016-09-26 23:25 - 00509440 _____ (Tech Support Guy System) C:\Users\Coop\Downloads\SysInfo.exe
2016-09-23 19:16 - 2016-09-23 19:16 - 03861056 _____ C:\Users\Coop\Downloads\adwcleaner_6.020.exe
2016-09-22 22:20 - 2016-09-22 22:20 - 08244656 _____ (Piriform Ltd) C:\Users\Coop\Downloads\ccsetup522.exe
2016-09-21 19:37 - 2016-09-21 19:37 - 00452530 ____R C:\Windows\system32\Drivers\etc\hosts.20160921-193734.backup
2016-09-12 20:29 - 2016-09-23 18:35 - 00000867 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-09-12 20:20 - 2016-09-12 20:20 - 00000000 ____D C:\Users\Coop\Documents\StarCraft II
2016-09-02 14:14 - 2016-09-23 18:35 - 00001022 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-09-02 14:14 - 2016-09-02 14:14 - 00000000 ____D C:\Program Files\VS Revo Group
2016-09-02 13:38 - 2016-09-02 13:38 - 00000000 ____D C:\Users\Coop\AppData\Local\SKIDROW
2016-09-02 12:01 - 2016-09-02 12:02 - 08227032 _____ (Piriform Ltd) C:\Users\Coop\Downloads\ccsetup521.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-30 20:56 - 2014-06-07 14:49 - 00000000 ____D C:\FRST
2016-09-30 20:51 - 2015-01-07 22:52 - 00000924 _____ C:\Windows\Tasks\GeoComplyUpdateTaskMachineUA.job
2016-09-30 20:28 - 2015-10-17 16:00 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-30 20:23 - 2012-04-06 13:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-30 19:24 - 2011-06-22 10:01 - 00003678 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{069D048C-0B8B-486E-95E6-5F28BAF19E9B}
2016-09-30 19:12 - 2006-11-02 11:22 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-30 19:12 - 2006-11-02 11:22 - 00003840 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-30 18:28 - 2015-10-17 16:00 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-30 14:26 - 2013-01-24 21:24 - 00051272 _____ C:\Users\Coop\Documents\Jan B.xlsx
2016-09-30 09:18 - 2006-11-02 09:33 - 00000000 ____D C:\Windows\inf
2016-09-30 09:18 - 2006-11-02 08:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-30 09:12 - 2015-01-07 22:52 - 00000920 _____ C:\Windows\Tasks\GeoComplyUpdateTaskMachineCore.job
2016-09-30 09:12 - 2006-11-02 11:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-29 23:47 - 2006-11-02 11:42 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-09-29 23:44 - 2010-10-16 12:16 - 00017920 _____ C:\Users\Coop\Documents\Book11.xlsx
2016-09-28 22:31 - 2015-07-30 21:32 - 00000000 ____D C:\Users\Coop\.thinkorswim
2016-09-28 22:19 - 2008-11-01 04:34 - 00000000 ____D C:\Users\Coop\AppData\Roaming\Mozilla
2016-09-28 18:49 - 2014-06-09 19:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-28 18:09 - 2008-11-01 04:33 - 00000000 ____D C:\Users\Coop\AppData\Local\Deployment
2016-09-27 23:51 - 2014-06-07 14:27 - 00000000 ____D C:\AdwCleaner
2016-09-26 23:21 - 2011-06-10 21:48 - 00002557 _____ C:\Users\Coop\Desktop\HiJackThis.lnk
2016-09-25 23:44 - 2008-11-01 14:33 - 00000000 ____D C:\Users\Coop\AppData\Roaming\Skype
2016-09-25 23:42 - 2013-12-13 01:06 - 00000000 ____D C:\Users\Coop\AppData\Local\Battle.net
2016-09-25 21:44 - 2016-03-20 21:06 - 00002413 _____ C:\Users\Public\Desktop\Skype.lnk
2016-09-23 19:39 - 2010-01-23 02:22 - 00000000 ____D C:\Users\Coop\AppData\Roaming\BitTorrent
2016-09-23 18:35 - 2016-01-12 19:15 - 00001756 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-09-23 18:35 - 2015-11-06 20:03 - 00000963 _____ C:\Users\Public\Desktop\Wondershare TunesGo Retro.lnk
2016-09-23 18:35 - 2015-09-16 19:14 - 00001664 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-23 18:35 - 2015-07-30 21:32 - 00000754 _____ C:\Users\Public\Desktop\thinkorswim.lnk
2016-09-23 18:35 - 2014-12-14 19:58 - 00001057 _____ C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk
2016-09-23 18:35 - 2014-12-14 19:58 - 00001035 _____ C:\Users\Public\Desktop\Wondershare Media Server.lnk
2016-09-23 18:35 - 2014-08-28 22:27 - 00000758 _____ C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-09-23 18:35 - 2014-08-28 21:56 - 00000884 _____ C:\Users\Public\Desktop\Shadowrun Returns.lnk
2016-09-23 18:35 - 2014-08-03 17:41 - 00000681 _____ C:\Users\Public\Desktop\Thief.lnk
2016-09-23 18:35 - 2014-06-09 19:22 - 00000739 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-23 18:35 - 2014-02-05 11:06 - 00001142 _____ C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk
2016-09-23 18:35 - 2013-12-13 01:09 - 00000806 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-09-23 18:35 - 2013-11-26 22:35 - 00000638 _____ C:\Users\Public\Desktop\Steam.lnk
2016-09-23 18:35 - 2012-10-06 13:57 - 00000515 _____ C:\Users\Public\Desktop\Torchlight II.lnk
2016-09-23 18:35 - 2011-04-06 21:54 - 00001012 _____ C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk
2016-09-23 18:35 - 2010-11-07 12:57 - 00001030 _____ C:\Users\Public\Desktop\Heroes of Might and Magic V Collector Edition.lnk
2016-09-23 18:35 - 2010-10-31 21:17 - 00000948 _____ C:\Users\Public\Desktop\Mafia II.lnk
2016-09-23 18:35 - 2010-02-16 22:41 - 00000933 _____ C:\Users\Public\Desktop\Play Thief - Deadly Shadows.lnk
2016-09-23 18:35 - 2010-02-15 22:49 - 00000818 _____ C:\Users\Public\Desktop\Mass Effect 2.lnk
2016-09-23 18:35 - 2010-02-03 12:43 - 00001148 _____ C:\Users\Public\Desktop\Plants vs. Zombies.lnk
2016-09-23 18:35 - 2010-01-23 16:10 - 00000766 _____ C:\Users\Public\Desktop\Wizardry 8.lnk
2016-09-23 18:35 - 2010-01-23 12:37 - 00000870 _____ C:\Users\Public\Desktop\Kings Bounty Armored Princess.lnk
2016-09-23 18:35 - 2008-11-01 15:04 - 00000981 _____ C:\Users\Public\Desktop\Oblivion.lnk
2016-09-23 18:35 - 2008-11-01 13:26 - 00000974 _____ C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-23 18:35 - 2008-11-01 13:26 - 00000915 _____ C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2016-09-23 18:35 - 2008-11-01 13:26 - 00000909 _____ C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-23 18:35 - 2008-11-01 13:26 - 00000909 _____ C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-23 18:35 - 2008-11-01 11:57 - 00000845 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-09-23 18:34 - 2015-05-15 11:48 - 00000728 _____ C:\Users\Coop\Desktop\TVMC.lnk
2016-09-23 18:34 - 2015-01-17 14:23 - 00000797 _____ C:\Users\Public\Desktop\Dragon Age Origins.lnk
2016-09-23 18:34 - 2014-06-13 22:45 - 00000785 _____ C:\Users\Coop\Desktop\TERA-Launcher.lnk
2016-09-23 18:34 - 2013-12-13 01:06 - 00000783 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-09-23 18:34 - 2013-11-24 20:58 - 00000897 _____ C:\Users\Public\Desktop\DivX Player.lnk
2016-09-23 18:34 - 2013-11-24 20:57 - 00000962 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2016-09-23 18:34 - 2013-11-23 21:47 - 00001716 _____ C:\Users\Public\Desktop\Defraggler.lnk
2016-09-23 18:34 - 2013-09-17 21:25 - 00000650 _____ C:\Users\Coop\Desktop\uplink - Shortcut.lnk
2016-09-23 18:34 - 2013-08-01 21:41 - 00001975 _____ C:\Users\Public\Desktop\Brother Creative Center.lnk
2016-09-23 18:34 - 2012-10-06 14:22 - 00001773 _____ C:\Users\Public\Desktop\Dark Souls Prepare to Die Edition.lnk
2016-09-23 18:34 - 2012-05-15 19:52 - 00000777 _____ C:\Users\Public\Desktop\Diablo III.lnk
2016-09-23 18:34 - 2012-05-12 11:40 - 00000918 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2016-09-23 18:34 - 2011-12-10 02:30 - 00000868 _____ C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk
2016-09-23 18:34 - 2011-06-22 15:51 - 00001128 _____ C:\Users\Public\Desktop\BioShock.lnk
2016-09-23 18:34 - 2011-01-27 21:21 - 00000673 _____ C:\Users\Coop\Desktop\winpok6 - Shortcut.lnk
2016-09-23 18:34 - 2010-12-04 19:26 - 00000856 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-23 18:34 - 2010-03-12 23:10 - 00000667 _____ C:\Users\Public\Desktop\DVDneXtCOPY 4.lnk
2016-09-23 18:34 - 2010-02-18 21:48 - 00000957 _____ C:\Users\Coop\Desktop\Stalker-COP.lnk
2016-09-23 18:34 - 2010-01-23 17:49 - 00000816 _____ C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
2016-09-23 18:34 - 2010-01-23 12:47 - 00000871 _____ C:\Users\Coop\Desktop\Syberia 2.lnk
2016-09-23 18:34 - 2009-12-03 22:31 - 00000936 _____ C:\Users\Public\Desktop\Far Cry.lnk
2016-09-23 18:34 - 2009-10-16 19:41 - 00001842 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2016-09-23 18:34 - 2009-10-04 03:02 - 00000829 _____ C:\Users\Coop\Desktop\The Witcher.lnk
2016-09-23 18:34 - 2009-09-22 23:05 - 00000870 _____ C:\Users\Public\Desktop\AOL Desktop.lnk
2016-09-23 18:34 - 2009-05-10 23:16 - 00000752 _____ C:\Users\Coop\Desktop\Ventrilo.lnk
2016-09-23 18:34 - 2008-11-01 03:36 - 00000852 _____ C:\Users\Public\Desktop\EverQuest II.lnk
2016-09-23 18:33 - 2015-03-17 19:06 - 00000735 _____ C:\Users\Coop\Desktop\EQ2MAP Updater.lnk
2016-09-23 18:33 - 2015-03-17 19:01 - 00000652 _____ C:\Users\Coop\Desktop\Launch - Shortcut.lnk
2016-09-23 18:33 - 2015-01-01 00:14 - 00000565 _____ C:\Users\Coop\Desktop\ProjectZomboid64 - Shortcut.lnk
2016-09-23 18:33 - 2013-09-19 20:18 - 00000620 _____ C:\Users\Coop\Desktop\Decker - Shortcut.lnk
2016-09-23 18:33 - 2012-10-26 13:08 - 00000663 _____ C:\Users\Coop\Desktop\gens - Shortcut.lnk
2016-09-23 18:33 - 2011-12-17 19:14 - 00000880 _____ C:\Users\Coop\Desktop\EverQuest II.lnk
2016-09-23 18:33 - 2011-12-09 22:32 - 00000826 _____ C:\Users\Coop\Desktop\DukeForever - Shortcut.lnk
2016-09-23 18:33 - 2011-08-21 01:24 - 00001417 _____ C:\Users\Coop\Desktop\DivX Movies.lnk
2016-09-23 18:33 - 2011-06-22 16:50 - 00001095 _____ C:\Users\Coop\Desktop\Bioshock2Launcher - Shortcut.lnk
2016-09-23 18:33 - 2010-12-12 19:29 - 00000997 _____ C:\Users\Coop\Desktop\Amnesia.lnk
2016-09-23 18:33 - 2010-03-20 02:40 - 00000981 _____ C:\Users\Coop\Desktop\Crysis - Shortcut.lnk
2016-09-23 18:33 - 2010-03-06 11:45 - 00000802 _____ C:\Users\Coop\Desktop\Resident Evil 5.lnk
2016-09-23 18:33 - 2010-02-15 22:38 - 00001020 _____ C:\Users\Coop\Desktop\MassEffect.lnk
2016-09-23 18:33 - 2010-01-28 23:45 - 00001061 _____ C:\Users\Coop\Desktop\Borderlands.lnk
2016-09-23 18:33 - 2010-01-27 20:56 - 00000935 _____ C:\Users\Coop\Desktop\BM AA.lnk
2016-09-23 18:33 - 2010-01-24 19:38 - 00000864 _____ C:\Users\Coop\Desktop\dirt 2.lnk
2016-09-23 18:33 - 2010-01-24 16:53 - 00000986 _____ C:\Users\Coop\Desktop\Elf Bowling Holiday Pack.lnk
2016-09-23 18:33 - 2009-03-11 19:29 - 00000825 _____ C:\Users\Coop\Desktop\King's Bounty. The Legend.lnk
2016-09-23 18:33 - 2009-03-10 22:49 - 00000590 _____ C:\Users\Coop\Desktop\GrabIt.lnk
2016-09-23 18:33 - 2009-02-01 03:13 - 00001097 _____ C:\Users\Coop\Desktop\Spybot - Search & Destroy.lnk
2016-09-23 18:33 - 2008-11-01 19:19 - 00001864 _____ C:\Users\Coop\Desktop\ProfitUI Reborn Updater.lnk
2016-09-23 18:33 - 2008-11-01 04:33 - 00001011 _____ C:\Users\Coop\Desktop\Google Chrome.lnk
2016-09-23 17:36 - 2008-11-01 04:33 - 00000000 ____D C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-09-21 19:37 - 2006-11-02 08:34 - 00452530 ____R C:\Windows\system32\Drivers\etc\hosts.20160923-200716.backup
2016-09-20 21:08 - 2013-02-11 22:12 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-17 16:53 - 2014-05-22 11:23 - 00000000 ____D C:\Users\Coop\AppData\Roaming\TVMC
2016-09-14 22:18 - 2014-09-09 21:07 - 00000000 ____D C:\Users\Coop\AppData\Local\Adobe
2016-09-14 22:18 - 2012-04-06 13:21 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-14 22:18 - 2012-04-06 13:21 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-14 22:18 - 2011-11-17 19:33 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-14 22:18 - 2011-06-05 11:03 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-14 22:18 - 2008-11-01 02:26 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-14 22:12 - 2009-04-14 23:54 - 00000000 ____D C:\Users\Coop\AppData\LocalLow\Adobe
2016-09-02 23:26 - 2012-06-01 11:52 - 00000000 ____D C:\Users\Coop\Desktop\Work
2016-09-02 13:54 - 2008-11-01 03:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-09-02 13:38 - 2008-11-01 14:58 - 00000000 ____D C:\Users\Coop\Documents\My Games
2016-09-02 09:50 - 2013-08-14 20:24 - 00000000 ____D C:\Windows\system32\MRT
2016-09-02 09:42 - 2006-11-02 08:35 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\mrt.exe

==================== Files in the root of some directories =======

2013-04-10 20:49 - 2013-04-10 20:53 - 0000576 _____ () C:\Users\Coop\AppData\Roaming\All CPU MeterV3_Settings.ini
2011-05-24 20:06 - 2011-05-24 20:06 - 0000697 _____ () C:\Users\Coop\AppData\Roaming\ConvAPIPlugin.log
2013-04-10 20:56 - 2013-04-10 20:56 - 0000281 _____ () C:\Users\Coop\AppData\Roaming\GPU MeterV2_Settings.ini
2013-04-10 21:04 - 2014-06-14 01:25 - 0000000 _____ () C:\Users\Coop\AppData\Roaming\Network Meter_Usage.ini
2010-03-12 22:56 - 2010-03-13 20:06 - 0007859 _____ () C:\Users\Coop\AppData\Roaming\pcouffin.cat
2010-03-12 22:56 - 2010-03-13 20:06 - 0001167 _____ () C:\Users\Coop\AppData\Roaming\pcouffin.inf
2010-03-12 22:57 - 2010-03-13 20:07 - 0000033 _____ () C:\Users\Coop\AppData\Roaming\pcouffin.log
2010-03-12 22:56 - 2010-03-13 20:06 - 0082816 _____ (VSO Software) C:\Users\Coop\AppData\Roaming\pcouffin.sys
2011-10-14 21:33 - 2011-10-14 21:33 - 0040130 _____ () C:\Users\Coop\AppData\Roaming\UserTile.png
2008-11-01 02:25 - 2014-05-09 12:53 - 0002032 _____ () C:\Users\Coop\AppData\Local\d3d9caps.dat
2008-11-01 13:26 - 2012-05-16 17:51 - 0001460 _____ () C:\Users\Coop\AppData\Local\d3d9caps64.dat
2008-11-01 03:41 - 2014-12-14 11:16 - 0138240 _____ () C:\Users\Coop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-18 18:59 - 2013-12-06 16:11 - 0392384 _____ () C:\Users\Coop\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2011-12-18 18:58 - 2011-12-18 18:58 - 0000002 _____ () C:\Users\Coop\AppData\Local\dd_dotnetfx35error.txt
2011-12-18 18:58 - 2013-12-06 16:12 - 0513948 _____ () C:\Users\Coop\AppData\Local\dd_dotnetfx35install.txt
2013-12-06 16:11 - 2013-12-06 16:11 - 2811648 _____ () C:\Users\Coop\AppData\Local\dd_NET_Framework35_x64_MSI2B54.txt
2011-12-18 18:59 - 2011-12-18 19:00 - 2311872 _____ () C:\Users\Coop\AppData\Local\dd_NET_Framework35_x64_MSI3A6B.txt
2012-05-14 22:31 - 2012-05-14 22:31 - 0379620 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI07FA.txt
2011-04-27 22:22 - 2011-04-27 22:22 - 0456898 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI1C45.txt
2015-05-15 11:48 - 2015-05-15 11:48 - 0358228 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI1DEB.txt
2011-02-15 20:52 - 2011-02-15 20:52 - 0429134 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI2BE4.txt
2010-01-28 23:07 - 2010-01-28 23:07 - 0360752 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI2E11.txt
2010-01-28 23:08 - 2010-01-28 23:08 - 0362332 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI2F2A.txt
2010-01-28 23:10 - 2010-01-28 23:10 - 0363100 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI30CC.txt
2010-01-28 23:13 - 2010-01-28 23:13 - 0360270 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI3314.txt
2014-02-15 18:26 - 2014-02-15 18:26 - 0358638 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI3E43.txt
2011-12-10 02:04 - 2011-12-10 02:04 - 0379454 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI3FF5.txt
2012-10-06 13:57 - 2012-10-06 13:57 - 0381646 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI3FF6.txt
2014-05-22 11:22 - 2014-05-22 11:22 - 0358264 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI4634.txt
2014-02-15 21:31 - 2014-02-15 21:31 - 0357496 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI4B27.txt
2010-01-28 21:06 - 2010-01-28 21:06 - 0420722 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI51C3.txt
2014-02-15 18:53 - 2014-02-15 18:53 - 0358644 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI5253.txt
2012-05-15 19:50 - 2012-05-15 19:51 - 0379780 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI5B0D.txt
2012-05-15 19:52 - 2012-05-15 19:52 - 0380078 _____ () C:\Users\Coop\AppData\Local\dd_vcredistMSI5C9F.txt
2012-05-14 22:31 - 2012-05-14 22:31 - 0011202 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI07FA.txt
2011-04-27 22:22 - 2011-04-27 22:22 - 0015878 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI1C45.txt
2015-05-15 11:48 - 2015-05-15 11:48 - 0011154 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI1DEB.txt
2011-02-15 20:52 - 2011-02-15 20:52 - 0011360 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI2BE4.txt
2010-01-28 23:07 - 2010-01-28 23:07 - 0014466 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI2E11.txt
2010-01-28 23:08 - 2010-01-28 23:08 - 0014504 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI2F2A.txt
2010-01-28 23:10 - 2010-01-28 23:10 - 0015768 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI30CC.txt
2010-01-28 23:13 - 2010-01-28 23:13 - 0011186 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI3314.txt
2014-02-15 18:26 - 2014-02-15 18:26 - 0011170 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI3E43.txt
2011-12-10 02:04 - 2011-12-10 02:04 - 0011122 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI3FF5.txt
2012-10-06 13:57 - 2012-10-06 13:57 - 0012862 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI3FF6.txt
2014-05-22 11:22 - 2014-05-22 11:22 - 0011186 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI4634.txt
2014-02-15 21:30 - 2014-02-15 21:31 - 0011154 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI4B27.txt
2010-01-28 21:06 - 2010-01-28 21:06 - 0011362 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI51C3.txt
2014-02-15 18:53 - 2014-02-15 18:53 - 0011202 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI5253.txt
2012-05-15 19:50 - 2012-05-15 19:51 - 0011218 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI5B0D.txt
2012-05-15 19:52 - 2012-05-15 19:52 - 0014986 _____ () C:\Users\Coop\AppData\Local\dd_vcredistUI5C9F.txt
2012-05-24 22:28 - 2012-05-24 22:28 - 0034814 _____ () C:\Users\Coop\AppData\Local\dt.dat
2013-09-27 20:57 - 2013-09-27 20:57 - 0000022 _____ () C:\Users\Coop\AppData\Local\kodakpcd.ini
2011-12-18 18:58 - 2013-12-06 16:12 - 0004466 _____ () C:\Users\Coop\AppData\Local\uxeventlog.txt
2011-05-24 19:59 - 2013-08-14 23:02 - 0005457 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Coop\IP_Log_Data.js
C:\Users\Coop\Network_Meter_Data.js

Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dwm.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-09-30 09:24

==================== End of FRST.txt ============================
 
#5 ·
Second log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-09-2016
Ran by Coop (30-09-2016 20:57:04)
Running from C:\Users\Coop\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) (2008-11-01 20:22:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2800502796-835880612-2508068223-500 - Administrator - Disabled)
Coop (S-1-5-21-2800502796-835880612-2508068223-1000 - Administrator - Enabled) => C:\Users\Coop
Guest (S-1-5-21-2800502796-835880612-2508068223-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Shadowrun Returns» (HKLM-x32\...\«Shadowrun Returns»_is1) (Version: - Harebrained Schemes)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version: - )
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{9248FA70-BD64-2FD1-CD23-448112E7ACE9}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Amnesia - The Dark Descent (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version: - AOL Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
ASUS Xonar DS Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - )
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.28 - Atheros Communications Inc.)
Atheros Ethernet Utility (HKLM-x32\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.3 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Batman: Arkham Asylum (HKLM-x32\...\{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}) (Version: 1.0.0.0 - Eidos Inc/Warner Brothers)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version: - )
BioShock (HKLM-x32\...\{E280923D-C5D9-4728-8C79-AC9A0DC75875}) (Version: 2.5.0000 - 2K Games)
BioShock 2 (HKLM-x32\...\{4A8B461A-9336-4CF9-98F4-14DD38E673F0}) (Version: 1.00.0000 - 2K Games)
BioShock 2 (x32 Version: 1.0.0005.131 - Take-Two Interactive Software) Hidden
BitTorrent (HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\BitTorrent) (Version: 7.9.8.42577 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\{52B65911-1559-4ED5-9461-46957FDD48CD}) (Version: 1.0.295 - 2K Games)
BorgataCasino (HKLM-x32\...\BorgataCasino) (Version: - theBorgata)
Call of Duty Modern Warfare 2 (HKLM-x32\...\Call of Duty Modern Warfare 2_is1) (Version: - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11006.1 - Cisco Consumer Products LLC)
CPUID HWMonitor 1.19 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.20.0000 - Electronic Arts)
Curse Client (HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Deus Ex - Human Revolution version 1.0 (HKLM-x32\...\{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1) (Version: 1.0 - Square Enix)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version: - Codemasters Racing Studio)
DiRT2 (HKLM-x32\...\{52D1D62C-FEAB-4580-849E-1DB624BADBBD}) (Version: 1.00.0000 - Codemasters)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.04 - Electronic Arts, Inc.)
DVDneXtCOPY 4 neXtTech (HKLM-x32\...\DVDneXtCOPY 4 neXtTech) (Version: - )
Dynex PowerPanel Personal Edition (HKLM-x32\...\{97149C40-4BFC-4E0D-AD1F-C4AC58F9E9A0}) (Version: 0.9.3 - Dynex)
Elf Bowling Holiday Pack 1.00 (HKLM-x32\...\Elf Bowling Holiday Pack 1.00) (Version: - )
EQ2MAP Updater 1.2.10 (HKLM-x32\...\EQ2MAP Updater) (Version: 1.2.10 - Johan Nilsson)
EverQuest II (HKLM-x32\...\{B2ED6DAA-31AA-49E4-BFA1-AF3388D90F7D}) (Version: 1.00.000 - Sony Online Entertainment)
EverQuest II (HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\DG0-EverQuest II) (Version: - Sony Online Entertainment)
EverQuest II (HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\SOE-EverQuest II) (Version: - Sony Online Entertainment)
EverQuest II: The Shadow Odyssey (HKLM-x32\...\{81D2FECF-FB01-4120-828B-DB3213440356}) (Version: 1.00.000 - Sony Online Entertainment)
Express Gate (HKLM-x32\...\{685C7EBA-82F4-44F8-9514-911A69850DA3}) (Version: 1.2.1.1 - DeviceVM, Inc.)
Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ubisoft)
Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden
Far Cry (x32 Version: 1.00.0000 - Ubisoft) Hidden
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft)
GeoComply Browser Plugin (HKLM-x32\...\{AC35AF5F-D14E-49E2-94F0-8D5F00FC960E}) (Version: 2.1.9.4 - GeoComply)
GeoComply Browser Plugin-C (HKLM-x32\...\{0CFDEDF4-9CE9-4C11-9D04-22E98FB90F7A}) (Version: 2.1.10.1 - GeoComply)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GrabIt 1.7.2 Beta 4 (build 997) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes)
Half-Life (HKLM-x32\...\Steam App 70) (Version: - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life: Blue Shift (HKLM-x32\...\Steam App 130) (Version: - Gearbox Software)
Haunted Memories (HKLM-x32\...\Steam App 241640) (Version: - MadMan Theory Games)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of Might and Magic V Collector Edition (HKLM-x32\...\{DDB68A90-340C-42B9-B42B-D2CBED1B91DC}) (Version: - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HL-2240 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HydraVision (x32 Version: 4.2.206.0 - ATI Technologies Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.1.0 - LIGHTNING UK!)
iTunes (HKLM\...\{CEC7613B-E286-4A31-BEE3-3F7798488D9F}) (Version: 12.1.3.6 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JMB36X Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
King's Bounty. The Legend (Remove Only) (HKLM-x32\...\{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1) (Version: 1.0.0.0 - Atari)
King's Bounty: Crossworlds (HKLM-x32\...\Kings Bounty Armored Princess_is1) (Version: - )
Loki Browser Plugin (HKLM-x32\...\Loki Browser Plugin) (Version: - SkyhookWireless)
Mafia II (HKLM-x32\...\Mafia II_is1) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)
Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.00 - Electronic Arts, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint 2007 (HKLM-x32\...\POWERPOINT) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
ModPlug Player (HKLM-x32\...\ModPlug Player v1.46_is1) (Version: 1.46 - Olivier Lapicque/MODPlug Central)
Move Media Player (HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\Move Media Player) (Version: - Move Networks)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PeerBlock 1.1+ (r691) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.1.0.691 - PeerBlock, LLC)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Player Location Check (HKLM-x32\...\{24BDE5F7-123E-4DC4-B00A-730FDD36D82C}) (Version: 3.0.2.10 - GeoComply)
ProfitUI Reborn Updater (HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\ProfitUI Reborn Updater) (Version: - Kaldran - EQ2 Valor Server)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.19.0 - Ralink)
Rapture3D 2.4.8 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
Razer Abyssus (HKLM-x32\...\{CBD6B23A-B54F-476A-9527-C262F469CACF}) (Version: 2.00 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5628 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM-x32\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
RTC Client API v1.2 (HKLM-x32\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02] (HKLM-x32\...\{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.02 - bitComposer Games)
Six Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.00.12 - )
Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.)
SoundFont Bank Manager (HKLM-x32\...\SFBM) (Version: 3.21 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syberia 2 1.00 (HKLM-x32\...\Syberia 2 1.00) (Version: - )
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.41 - En Masse Entertainment)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Witcher Enhanced Edition (HKLM-x32\...\{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}) (Version: 1.00.0000 - CD Projekt Red)
Thief - Deadly Shadows (HKLM-x32\...\{FC123EEA-330A-4685-911C-95B8F5E9DE68}) (Version: 1.0 - )
Thief (HKLM-x32\...\VGhpZWY=_is1) (Version: 1 - )
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
THX Setup Console (HKLM-x32\...\THX_Console_Unicode) (Version: - )
Torchlight II (c) Runic Games version 1 (HKLM-x32\...\Torchlight II (c) Runic Games_is1) (Version: 1 - )
TreeSize Free V3.4.2 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.2 - JAM Software)
TVMC (HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\TVMC) (Version: - TVADDONS.ag)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uninstall AOL Emergency Connect Utility 1.0 (HKLM-x32\...\AOL Emergency Connect Utility 1.0) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Uplink (HKLM-x32\...\Uplink) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.5.0 - Flagship Industries, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinPoker 6 Shareware (HKLM-x32\...\WinPokerushr) (Version: - )
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WinZip 14.0 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}) (Version: 14.0.8688 - WinZip Computing, S.L. )
Wizardry 8 (HKLM-x32\...\Wizardry 8) (Version: - )
Wolfenstein(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Wolfenstein(TM) 1.2 Patch (x32 Version: - ) Hidden
Wondershare Dr.Fone for iOS(Build 6.2.0.15) (HKLM-x32\...\{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1) (Version: 6.2.0.15 - Wondershare Software Co.,Ltd.)
Wondershare TunesGo Retro ( Version 4.6.16 ) (HKLM-x32\...\{0B31C808-8274-460D-8846-C711D40544A0}_is1) (Version: 4.6.16 - Wondershare)
Wondershare Video Converter Ultimate(Build 8.0.2.8) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.0.2.8 - Wondershare Software)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D530101-B5A8-44F7-9A08-39A750496114} - System32\Tasks\GeoComplyUpdateTaskMachineCore => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2016-01-03] (GeoComply Inc.) <==== ATTENTION
Task: {1626B5F6-FE72-4965-9E70-B482470384E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-14] (Adobe Systems Incorporated)
Task: {41E368C7-5142-4AA2-8094-116C8AFB5009} - System32\Tasks\GeoComplyUpdateTaskMachineUA => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [2016-01-03] (GeoComply Inc.) <==== ATTENTION
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {648E56CF-2C1C-4131-8A43-822361CCC314} - System32\Tasks\{CC077C2E-8DCD-492D-83D6-7D4989D62538} => pcalua.exe -a C:\Users\Coop\Downloads\heroes_might_magic_5_download_1.01.exe -d C:\Users\Coop\Downloads
Task: {6D2F357C-B3EC-4D92-AAFB-E593C713DA52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-17] (Google Inc.)
Task: {8594BC84-F1C5-46B8-83C1-A3FD50485F8E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated)
Task: {87EF8E86-0D22-46F8-90E2-A586D373CB07} - System32\Tasks\{3665DE22-E8E0-494A-A43F-88C55C2A4986} => pcalua.exe -a H:\launch.exe -d H:\
Task: {913963F7-AC55-489F-9381-7DCF3D17352A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-17] (Google Inc.)
Task: {9657B923-EEF8-4C6E-8EFF-D3622E2EAB79} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {9A9E8CC7-4D25-4854-B0B8-E1D9C60DA45D} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {B9FA307B-0692-4F3D-9F30-B901A198BA6A} - \DiskMaintain -> No File <==== ATTENTION
Task: {DE40CBF6-CFC1-41CD-B00A-CFC4B7164D6E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {E3941240-11ED-46BC-A152-160EF84F8801} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\Six Engine\SixEngine.exe [2008-05-14] ()
Task: {FBF00E8F-83E4-4319-8B9A-550E28C6981A} - System32\Tasks\{559EF6FB-6DF4-4F5F-8F9F-DEFAB54BA29C} => pcalua.exe -a "D:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V Collector Edition\heroes_might_magic_5_1.01_us.exe" -d "D:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V Collector Edition"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GeoComplyUpdateTaskMachineCore.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GeoComplyUpdateTaskMachineUA.job => C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-12-14 19:58 - 2014-10-24 15:16 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2011-05-24 22:24 - 2013-12-06 16:18 - 00045056 _____ () C:\Windows\system32\atitmp64.dll
2008-11-01 02:15 - 2008-05-14 18:42 - 05958656 _____ () C:\Program Files\ASUS\Six Engine\SixEngine.exe
2010-03-20 00:32 - 2010-03-20 00:32 - 00066872 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2008-11-01 02:15 - 2005-05-11 16:39 - 00565248 _____ () C:\Program Files\ASUS\Six Engine\pngio.dll
2008-11-01 02:15 - 2008-04-15 10:07 - 00053248 _____ () C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\Coop\Downloads\68788_submitter_file1__001.AVI:TOC.WMV [130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.

IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\vizzed.com -> www.vizzed.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123simsen.com -> www.123simsen.com

There are 7916 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 08:34 - 2016-09-23 20:07 - 00452530 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15555 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Coop\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 167.206.245.135 - 167.206.245.136
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AOL ACS => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: DAUpdaterSvc => 3
MSCONFIG\Services: GeoComplyUpdate => 2
MSCONFIG\Services: GeoComplyUpdateM => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: ppped => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Coop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Coop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Abyssus => "C:\Program Files (x86)\Razer\Abyssus\razerhid.exe"
MSCONFIG\startupreg: AOL Fast Start => "C:\Program Files (x86)\AOL Desktop 9.7\AOL.EXE" -b
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
MSCONFIG\startupreg: BitTorrent => "C:\Users\Coop\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
MSCONFIG\startupreg: BrowserPlugInHelper => "D:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe"
MSCONFIG\startupreg: BrStsMon00 => "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
MSCONFIG\startupreg: Cmaudio8788 => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
MSCONFIG\startupreg: Cmaudio8788GX => C:\Windows\syswow64\HsMgr.exe Envoke
MSCONFIG\startupreg: Cmaudio8788GX64 => C:\Windows\system\HsMgr64.exe Envoke
MSCONFIG\startupreg: CTxfiHlp => CTXFIHLP.EXE
MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DivXMediaServer => "C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HostManager => "C:\Program Files (x86)\Common Files\AOL\1253675026\ee\AOLSoftware.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: JMB36X IDE Setup => C:\Windows\RaidTool\xInsIDE.exe
MSCONFIG\startupreg: OODefragTray => C:\Program Files\OO Software\Defrag\oodtray.exe
MSCONFIG\startupreg: PowerPanel Personal Edition User Interaction => "C:\Program Files (x86)\Dynex PowerPanel Personal Edition\pppeuser.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => "C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe"
MSCONFIG\startupreg: Wondershare Media Server => "E:\Program Files (x86)\Wondershare\Video Converter Ultimate\MediaLibServer.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{5AD75D9B-A233-4E1F-94C0-5A61E75DA94C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{E739B883-6944-405C-9882-43AEF4101897}D:\program files (x86)\sony\everquest ii\everquest2.exe] => (Allow) D:\program files (x86)\sony\everquest ii\everquest2.exe
FirewallRules: [UDP Query User{541763CB-9056-4FF8-91E7-B23A8F87C938}D:\program files (x86)\sony\everquest ii\everquest2.exe] => (Allow) D:\program files (x86)\sony\everquest ii\everquest2.exe
FirewallRules: [TCP Query User{B8FB85A8-B402-4382-8471-F5596FD04637}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Allow) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [UDP Query User{AEC5809E-060E-4255-BA12-C0294A3D12D5}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Allow) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [TCP Query User{1D08AB73-83E4-426B-9B73-014D41E8C013}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Allow) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [UDP Query User{8535DF8C-E9EE-4746-895A-67B83AFC721D}C:\program files (x86)\sony\station\launchpad\launchpad.exe] => (Allow) C:\program files (x86)\sony\station\launchpad\launchpad.exe
FirewallRules: [TCP Query User{0BB8878B-C603-4A60-9807-90E32FE92834}D:\program files (x86)\sony\everquest ii\everquest2.exe] => (Allow) D:\program files (x86)\sony\everquest ii\everquest2.exe
FirewallRules: [UDP Query User{F5CE1C69-1EB1-4481-9F68-63F87674B78F}D:\program files (x86)\sony\everquest ii\everquest2.exe] => (Allow) D:\program files (x86)\sony\everquest ii\everquest2.exe
FirewallRules: [{FAF26080-401F-4AFB-B223-5E95F997C660}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{729D6C9E-4EFC-40A8-A61F-4793DD326361}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{C380E84B-4EA8-4AE0-95A0-FF790B4F8841}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [TCP Query User{C9ED7512-6219-4660-9A9D-66D9D399570A}D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe] => (Allow) D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe
FirewallRules: [UDP Query User{20FEF56F-D34E-4A1D-8D64-6513EBC98ADD}D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe] => (Allow) D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe
FirewallRules: [{4071976F-1899-4D1D-84C1-B9EE705A3750}] => (Allow) LPort=3724
FirewallRules: [{78145C28-56C2-4654-9070-9FFAD135600D}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{AA8DF4A1-EE60-4535-8FA2-91BF82F88362}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLDial.exe
FirewallRules: [{22B3C84E-4AF3-413C-AC29-8FEB55D3870F}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{381DAE45-153A-4D02-920F-D8A45A5A6DC2}] => (Allow) C:\Program Files (x86)\Common Files\aol\acs\AOLacsd.exe
FirewallRules: [{0E155B62-C631-4D78-9A67-B9FF28285C4D}] => (Allow) C:\Program Files (x86)\Common Files\aol\1253675026\ee\aolsoftware.exe
FirewallRules: [{2E59A685-2E09-400C-A843-C7422B0060B4}] => (Allow) C:\Program Files (x86)\Common Files\aol\1253675026\ee\aolsoftware.exe
FirewallRules: [{2725F45F-358D-49C1-8E27-8EC40997024C}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{92081F4E-6A52-4549-BE77-93F41ADE054E}] => (Allow) C:\Program Files (x86)\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
FirewallRules: [{100D99C9-8106-4825-A5B4-E85DD92FAF5D}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{9EB7CB0B-38AB-473A-B0E0-3CE693D21253}] => (Allow) C:\Program Files (x86)\Common Files\aol\Loader\aolload.exe
FirewallRules: [{66C67C56-EDAF-448F-A039-401169E3738D}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [{8918564B-9E63-445D-93AA-C4AE53A789B7}] => (Allow) C:\Program Files (x86)\Common Files\aol\System Information\sinf.exe
FirewallRules: [TCP Query User{8BA358C7-1D9C-4B1C-A934-A3F733E2D30B}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [UDP Query User{85D784E1-AA64-4BE2-BD51-6055563B7600}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe
FirewallRules: [TCP Query User{58D9F4F4-6AF5-437C-8CEA-77EB541E2C51}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{29FFA66C-0E30-4C37-AC73-FDE9711B8D40}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{2204947A-F61F-45D7-B827-3A55D9C77B6A}] => (Allow) D:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [{0FB5EC7D-A116-44E0-AC0B-A6E7ED640A4F}] => (Allow) D:\Program Files (x86)\Codemasters\DiRT2\dirt2_game.exe
FirewallRules: [TCP Query User{90D9C15E-A1DF-456B-8F0E-BBEA88C5388C}D:\program files (x86)\activision\modern warfare 2\iw4mp.exe] => (Allow) D:\program files (x86)\activision\modern warfare 2\iw4mp.exe
FirewallRules: [UDP Query User{293A11B0-666B-4713-B743-342B3CCCAF44}D:\program files (x86)\activision\modern warfare 2\iw4mp.exe] => (Allow) D:\program files (x86)\activision\modern warfare 2\iw4mp.exe
FirewallRules: [{1193CE61-B123-408E-B6A9-EEFB16BC0897}] => (Allow) D:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [{09CF1FB6-E801-41B8-A35A-85E58E018899}] => (Allow) D:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe
FirewallRules: [TCP Query User{754EECB0-E68B-47AD-87CC-7B71A496DDBD}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe] => (Allow) D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [UDP Query User{B4232AC3-A5B1-49B1-A83B-2C792EA27B56}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe] => (Allow) D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [{3951BA97-888D-4417-9B80-30A26B071BDF}] => (Allow) D:\Program Files (x86)\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{F54448C7-DFAA-4347-9CF7-7D279B66C1B7}] => (Allow) D:\Program Files (x86)\Games\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{68235299-ACED-46C5-996D-D13B2E68D6BA}] => (Allow) D:\Program Files (x86)\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{FF765D5E-5BB4-40A7-A141-242AEDA4B75B}] => (Allow) D:\Program Files (x86)\Games\Mass Effect\MassEffectLauncher.exe
FirewallRules: [{5E7D2EB6-7F85-47D8-958E-DE182286CEB0}] => (Allow) D:\Program Files (x86)\Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{9EC13B10-9E83-4609-BEA4-82EE021284C9}] => (Allow) D:\Program Files (x86)\Games\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{206C0083-DB69-4F16-B3EB-26701C85B31C}] => (Allow) D:\Program Files (x86)\Games\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{12101435-85CE-4D61-BD49-E3DDF8BAFD70}] => (Allow) D:\Program Files (x86)\Games\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [TCP Query User{B961856F-7A83-4F73-B5FF-1930B3F142A2}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{B0D26D54-CC00-49FF-99B8-96A7AFEF692C}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{D934BA14-3AEA-40AF-BB4C-54A8E97F5006}] => (Allow) D:\Program Files (x86)\bitComposer Games\S.T.A.L.K.E.R. - Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{FF89E04B-3AD4-4CA7-B932-FEE356B5E871}] => (Allow) D:\Program Files (x86)\bitComposer Games\S.T.A.L.K.E.R. - Call of Pripyat\bin\xrEngine.exe
FirewallRules: [{282470E0-9FC7-49D6-BF1D-9093F8169E5F}] => (Allow) D:\Program Files (x86)\bitComposer Games\S.T.A.L.K.E.R. - Call of Pripyat\bin\dedicated\xrEngine.exe
FirewallRules: [{DAEAC230-C9D0-40FF-9BF8-68B50051659F}] => (Allow) D:\Program Files (x86)\bitComposer Games\S.T.A.L.K.E.R. - Call of Pripyat\bin\dedicated\xrEngine.exe
FirewallRules: [TCP Query User{486E5382-79F0-4526-B2CF-CBAECA16F86F}D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe] => (Allow) D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe
FirewallRules: [UDP Query User{D18E5E59-0635-41D1-9830-7CB93511DD61}D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe] => (Allow) D:\program files (x86)\sony\everquest ii\eq2voiceservice.exe
FirewallRules: [{6866CB91-D152-47B7-B146-D6D355719B09}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{781B10DB-EEE7-4653-8A07-614D46D4A310}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FarCry2.exe
FirewallRules: [{6F802A96-82B1-45B0-86CD-F6A1E4F3FF52}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{B9E39FC6-3A30-47D0-911C-977A687B1112}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Launcher.exe
FirewallRules: [{421E2B00-1FA0-4376-80A0-06C9052D3558}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{1AE6E978-61B6-4DDA-9A0F-B456C791CB74}] => (Allow) D:\Program Files (x86)\Ubisoft\Far Cry 2\bin\FC2Editor.exe
FirewallRules: [{F32CCBDC-C27F-4B27-B2B5-BDCCC47AF195}] => (Allow) D:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{98065CF8-5F67-4362-AA80-720F14D3D3A0}] => (Allow) D:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE
FirewallRules: [{5C0621D6-F177-4D5D-AF38-35775639FDB7}] => (Allow) D:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{4D82B5EB-A7AF-4D45-9020-892E268ABC1A}] => (Allow) D:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE
FirewallRules: [{808BB3C2-0ADB-4FA5-8F41-73DF06363D57}] => (Allow) D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{FDC409BA-9A9E-4022-8C1E-919F5627D446}] => (Allow) D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe
FirewallRules: [{2D43A65D-A9CD-40B0-B825-7D5E816390A6}] => (Allow) D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{47F21E40-0000-4117-A22C-EFC8317279EA}] => (Allow) D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe
FirewallRules: [{67430E6F-FA99-44E2-AD8B-E3455A74F9C7}] => (Allow) D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{1A21BF09-4E4F-41AE-9906-025AACB9F819}] => (Allow) D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\Crysis.exe
FirewallRules: [{2ABC417A-2095-4DFD-A0D1-6731F24978BA}] => (Allow) D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{47F31A7D-8E58-44AF-A570-F2502EE6610D}] => (Allow) D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin64\CrysisDedicatedServer.exe
FirewallRules: [{2980794B-0FB1-4625-BBBC-E09CFB34D31B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{38AED727-9864-4FDE-AA70-B0EA448B4F82}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{40156F4C-5DB0-4F08-BC8A-62645C199C03}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D3618065-DD62-4AAB-A8FB-0E134AE1C4C3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{0A000D39-1E78-40BC-9D0D-05899D7430A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{27ACD9A2-F046-4F19-892C-B1ED5CEEC340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{2EEB69A8-9FAE-479E-8C45-6A3514D6AFD5}D:\program files (x86)\codemasters\dirt2\dirt2_game.exe] => (Block) D:\program files (x86)\codemasters\dirt2\dirt2_game.exe
FirewallRules: [UDP Query User{49D1313D-C47A-4B8C-98F4-A40993962995}D:\program files (x86)\codemasters\dirt2\dirt2_game.exe] => (Block) D:\program files (x86)\codemasters\dirt2\dirt2_game.exe
FirewallRules: [{7A6B807B-C06A-456E-A388-63C9C9AF46A8}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{C62070F9-4494-48B9-BE4A-7104015B4E32}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{8A2FD07A-C80B-485A-85D7-013F5F24F351}] => (Allow) LPort=26675
FirewallRules: [{3C0AF4B3-03AD-459C-9B90-FB1ED5D14149}] => (Allow) LPort=80
FirewallRules: [{4AB14957-0B18-4872-BC21-9A4EAC01100B}] => (Allow) LPort=80
FirewallRules: [{63FFA6A1-AAC7-49FD-8FE1-7D9AD1ACA443}] => (Allow) LPort=80
FirewallRules: [{F2203BD0-AAE7-4F17-BC57-B17047B5A7D0}] => (Allow) D:\Program Files (x86)\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe
FirewallRules: [{61B09B5E-4D58-424B-B986-0022182BC1C8}] => (Allow) D:\Program Files (x86)\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2.exe
FirewallRules: [{F357AE24-802C-4344-B556-412EB1DF35BD}] => (Allow) D:\Program Files (x86)\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe
FirewallRules: [{4D983A39-8E8F-4CFE-A55B-26BE223FD402}] => (Allow) D:\Program Files (x86)\2K Games\BioShock 2\MP\Builds\Binaries\Bioshock2.exe
FirewallRules: [{7793B6AB-FA0A-4A75-B550-A18E741400A9}] => (Allow) D:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{0530C24D-131A-4761-AB99-ADAE504A5139}] => (Allow) D:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{D6C284C7-31FB-4943-8E56-E57352EDA7E4}] => (Allow) D:\Program Files (x86)\NAMCO BANDAI Games\DarkSouls\DARKSOULS.exe
FirewallRules: [{EC8BD457-691B-43CB-94B9-F06F67B3AC92}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{EE9CDE9D-3D53-42E1-BA46-5D823A01513E}] => (Allow) %systemroot%\WindowsMobile\wmdHost.exe
FirewallRules: [{99D2233D-19C0-46B2-A84D-1BE24986F3B5}] => (Allow) LPort=26675
FirewallRules: [{1D92F9F1-247B-4E3C-A2E1-7DAD55677C93}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{84EF5F68-0E5E-493B-9778-655A94CDDB86}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{752CBC3D-348C-4184-ACC9-BA46A97F4FB3}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{56868EA1-C952-47D6-9793-401FF2298D85}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{19BA15E6-7C20-448E-8102-D005825AC7B7}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{90B443FA-A783-431E-A489-DA0EA8FF2511}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{449DB81A-5458-4999-903F-F3A710F9B435}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\DiRT 3\dirt3.exe
FirewallRules: [{4E89F729-5304-4BB5-B08F-5715A68786F3}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\DiRT 3\dirt3.exe
FirewallRules: [{B4D2A82E-2A89-4917-9476-92B36226ED81}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\HM.exe
FirewallRules: [{C862CB87-5B30-42CA-86AE-6D5AE561FAF6}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\HauntedMemories\HM.exe
FirewallRules: [{2F556339-C986-4DBE-99B8-9828DA5922D7}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E5F8E0BD-4FCD-4504-A2A6-606BF9877691}] => (Allow) D:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{91F7B7CF-A988-4A76-90FC-1A02523FDFAC}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{BD4DD18F-F8D2-4299-8BD5-1563726A9973}] => (Allow) D:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{7E37A4E3-C9CC-468E-BE8D-3C3CD4AD0AEA}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{E813A671-3FFD-47B6-A22E-6D261320C526}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{B6BEFE30-330C-43B3-ABDB-12E8424F16B9}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{97E41EC0-4E41-4738-B06D-40BDB372054D}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{ABCA1F70-E1C8-422A-9A8A-BB32CA064850}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FC350B1C-0599-41F2-9F6F-99818D3D0104}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8AC96BED-D0AC-4051-AFC4-0578CC9EBA2A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6AAFC4F2-BFBD-4B20-B28C-28F0CFC2CC2B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A4129F19-B336-4F39-AD15-C8A1C9BCBBDD}] => (Allow) C:\Users\Coop\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6A5EFCB2-0753-47B8-AE1D-98FD31F3A156}] => (Allow) C:\Users\Coop\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{FC0536AF-2D52-4B5A-81A4-9BB3FBBD5215}] => (Allow) D:\Program Files (x86)\En Masse Entertainment\TERA\TERA-Launcher.exe
FirewallRules: [{28B00374-5742-47FC-B8D3-3C5B385957DE}] => (Allow) D:\Program Files (x86)\En Masse Entertainment\TERA\TERA-Launcher.exe
FirewallRules: [{F91EA403-D127-4DFE-BF57-F73C18E0F579}] => (Allow) D:\Program Files (x86)\En Masse Entertainment\TERA\TERA-Launcher.exe
FirewallRules: [{93E97B2F-FFB6-4E1C-918B-5225FF683E09}] => (Allow) D:\Program Files (x86)\En Masse Entertainment\TERA\TERA-Launcher.exe
FirewallRules: [{76188D46-DD82-4DB7-ADBD-FF87EBE275E3}] => (Allow) D:\Program Files (x86)\En Masse Entertainment\TERA\Client\TL.exe
FirewallRules: [{6D81547A-8A97-4475-B4BE-E6A9CB1A5001}] => (Allow) D:\Program Files (x86)\En Masse Entertainment\TERA\Client\TL.exe
FirewallRules: [{9A26F87A-3100-4D55-AE06-BD00AA9608C4}] => (Allow) D:\Program Files (x86)\En Masse Entertainment\TERA\Client\TL.exe
FirewallRules: [{B8B1F3DF-470F-49E6-9E31-34173BD8738D}] => (Allow) D:\Program Files (x86)\En Masse Entertainment\TERA\Client\TL.exe
FirewallRules: [TCP Query User{DD58B102-579E-4AE6-907D-F903AA42F4FF}D:\program files (x86)\harebrained schemes\shadowrun returns\shadowrun.exe] => (Allow) D:\program files (x86)\harebrained schemes\shadowrun returns\shadowrun.exe
FirewallRules: [UDP Query User{431FF5D7-1293-4DF6-ADAB-6AB610600BA5}D:\program files (x86)\harebrained schemes\shadowrun returns\shadowrun.exe] => (Allow) D:\program files (x86)\harebrained schemes\shadowrun returns\shadowrun.exe
FirewallRules: [{686F24C5-3B7E-4209-9260-BD17D5F62653}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8815753C-CE25-4B7A-AB09-2A874CFC92F8}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{9C30F5D4-CA68-4E6F-AD3A-145D0F55BB04}E:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Allow) E:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{A607B2B0-F280-4E3F-B6DC-9F1D5D06AA40}E:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Allow) E:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [TCP Query User{A578ECBC-9FE7-4989-91CB-7F72DDA392B9}E:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) E:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [UDP Query User{5FFA1CF7-6B8F-4998-89A8-607026ED49A1}E:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) E:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
FirewallRules: [TCP Query User{9DFE785D-6E04-48A2-AAC9-A4ED08CC8B18}E:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [UDP Query User{D7EDDC40-548C-46E3-AF86-52C453D1E439}E:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\dirt 3\dirt3_game.exe
FirewallRules: [{836D6F87-08F7-4FAC-B593-A02044492BFC}] => (Allow) E:\Program Files (x86)\games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{736CDD7C-74BD-4680-83F2-CCE3D8235781}] => (Allow) E:\Program Files (x86)\games\Dragon Age\bin_ship\daorigins.exe
FirewallRules: [{AE4EE9C1-E2F7-41B1-94DF-0A36F329D2BD}] => (Allow) E:\Program Files (x86)\games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [{D14DE258-C82B-42AE-BFA8-CE7E68264DE5}] => (Allow) E:\Program Files (x86)\games\Dragon Age\DAOriginsLauncher.exe
FirewallRules: [TCP Query User{9D130056-F28E-4332-B3D5-405235E6EAFB}E:\program files (x86)\games\dragon age\bin_ship\daorigins.exe] => (Block) E:\program files (x86)\games\dragon age\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{D77FFE1C-1596-4D91-96A1-902648363331}E:\program files (x86)\games\dragon age\bin_ship\daorigins.exe] => (Block) E:\program files (x86)\games\dragon age\bin_ship\daorigins.exe
FirewallRules: [TCP Query User{F025FA36-7E1D-4009-8267-B97219F9C231}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [UDP Query User{4E531EF0-1A05-4F30-8518-0E13018F5A74}C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\jp2launcher.exe
FirewallRules: [TCP Query User{64527069-D586-4527-808C-F866CC6A4012}E:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) E:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [UDP Query User{C626FED1-1967-4343-A237-70526454B74C}E:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe] => (Block) E:\program files (x86)\wondershare\video converter ultimate\medialibserver.exe
FirewallRules: [{86597E4C-600D-432F-BA28-1F5F58ADB568}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{7C9E4E09-FDE3-46FB-8C7B-040DF62FE783}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [TCP Query User{62BCFADF-1A63-4CA0-A333-1C93C3AF4BFB}E:\program files (x86)\tvmc\tvmc.exe] => (Allow) E:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [UDP Query User{525633B1-C5E9-4B89-8606-4BCF6A539C73}E:\program files (x86)\tvmc\tvmc.exe] => (Allow) E:\program files (x86)\tvmc\tvmc.exe
FirewallRules: [{BBAC3A9E-6DDE-4D6F-9C51-E75C38294468}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{66B2839D-233F-4BA4-B3FA-825EB604513B}] => (Allow) E:\Program Files (x86)\Steam\SteamApps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{6291F5E1-8A00-495B-8174-7D59D5B48172}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{52452FE9-23BE-48BA-925B-57F779C86229}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe
FirewallRules: [{15CD170F-8943-4DFD-AAAE-0D80CD421E71}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.1\waol.exe
FirewallRules: [{A66140C2-FDDB-47BB-8EE1-F010CC7B0F48}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{F950C650-2E20-4A9A-B1B6-A4D54A557533}] => (Allow) C:\Program Files (x86)\AOL Desktop 9.8.2\waol.exe
FirewallRules: [{772CDD43-777B-4EA9-A4E9-04C885165A5C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{DFB1E202-4910-4A89-BA00-D8B81F109E83}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe] => (Block) D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [UDP Query User{E32C48D9-A98D-4CB1-AFC6-ABF5596599A9}D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe] => (Block) D:\program files (x86)\2k games\gearbox software\borderlands\binaries\borderlands.exe
FirewallRules: [{38FB21DE-23FF-4AAC-8F0A-24DDA47FFCD6}] => (Allow) e:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EEDDAC74-CC56-4AFC-9509-1413EF7700EB}] => (Allow) e:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

08-09-2016 18:27:08 Windows Update
09-09-2016 18:37:18 Scheduled Checkpoint
10-09-2016 12:13:31 Scheduled Checkpoint
11-09-2016 16:01:39 Scheduled Checkpoint
12-09-2016 18:10:22 Windows Update
14-09-2016 22:11:28 Revo Uninstaller's restore point - Adobe Shockwave Player 12.2
19-09-2016 17:50:52 Windows Update
28-09-2016 21:55:08 Revo Uninstaller's restore point - Mozilla Firefox 49.0.1 (x86 en-US)
30-09-2016 09:14:38 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2016 09:13:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/29/2016 05:26:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/28/2016 10:18:35 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Coop\Downloads\chrome.exe".
Dependent Assembly 44.0.2403.107,language="*",type="win32",version="44.0.2403.107" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/28/2016 10:17:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program waol.exe version 9.8.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: d38
Start Time: 01d219f75af03029
Termination Time: 11

Error: (09/28/2016 10:11:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/28/2016 05:51:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/27/2016 11:43:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 179c
Start Time: 01d2193a54a4f4e0
Termination Time: 16

Error: (09/27/2016 11:42:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 8b0
Start Time: 01d2192b9e9070c0
Termination Time: 0

Error: (09/27/2016 06:54:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/26/2016 05:46:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

System errors:
=============
Error: (09/30/2016 09:13:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (09/30/2016 09:13:49 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (09/29/2016 05:26:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (09/28/2016 10:35:45 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.229.68.0

Update Source: Microsoft Update Server

Update Stage: Search

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.13103.0

Error code: 0x8024001e

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Error: (09/28/2016 10:11:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

Error: (09/28/2016 10:11:04 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (09/28/2016 05:52:00 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
i8042prt

Error: (09/27/2016 06:54:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic System Host service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/27/2016 06:54:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.

Error: (09/27/2016 06:54:02 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

CodeIntegrity:
===================================
Date: 2016-09-28 19:13:34.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:34.114
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:33.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:33.619
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:33.369
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:33.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:32.864
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:32.618
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:32.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2016-09-28 19:13:32.117
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz
Percentage of memory in use: 46%
Total physical RAM: 4094.18 MB
Available physical RAM: 2206.25 MB
Total Virtual: 8411.64 MB
Available Virtual: 5571.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.66 GB) (Free:8.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Storage #1) (Fixed) (Total:405.27 GB) (Free:11.62 GB) NTFS
Drive e: (Storage #2) (Fixed) (Total:428.58 GB) (Free:30.91 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: A9B522AE)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=405.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=428.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#6 ·
Hello rcoops72 :)

Is this computer used for business purposes? I need to know because some modifications made by corporate IT can mimic malware and changing them may violate company policies.

P2P Advisory!
IMPORTANT
There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
BitTorrent

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step one...

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    BitTorrent
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

Step two...

CKScanner

Please download CKScanner and save it to your Desktop.
This program should only be run once!
Make sure that CKScanner.exe is on the your desktop before running the application!

  • Right click on the CKScanner.exe icon and select Run as administrator.
  • Click the Search For Files button.
  • When the scan is finished (the cursor hourglass disappears) click the Save List To File button.
    A text file will be created on your desktop named "ckfiles.txt"
  • Click OK at the file saved message box. Double-click on the ckfiles.txt icon on your desktop.
  • Please copy/paste the contents of ckfiles.txt in your next reply.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • An answer to my question about business use.
  • ckfiles.txt
  • Are there any changes in computer behavior?
 
#7 · (Edited)
Hello Thank you again for working with me.
This PC was used for business 4 years ago were I would VPN into work. This is no longer valid and is only used for internet and gaming. So if there is anything you see I can remove, lets do that.

Your instructions are great. Thank you.
I uninstalled BitTorrent and rebooted
I ran CKScanner from my desktop and below is the log

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\users\coop\zomboid\lua\keys.ini
scanner sequence 3.NA.11.BCAPCZ
----- EOF -----

PC after these steps//I went to a legit website and was logging in and the page flipped to this one.....So something is still waked with Firefox...

http://www.afesurveys.com/
 
#8 ·
Hello rcoops72 :)

Thanks for answering my questions. Let's move on with cleaning up some stuff.

Step one...

Please answer these questions:
GeoComply Browser Plugin
Player Location Check
Do you recognize either or both of these programs? Were they installed volunarily?

AOL Uninstaller (Choose which Products to Remove)
Do you use AOL and/or the AOL software? If not we can remove it. AOL's software is not malicious but it is mostly junk that can slow down your PC by running in the background.

Step two...

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    Adobe Reader X (10.1.16)
    Java 8 Update 31
    Loki Browser Plugin
    QuickTime 7
    Spybot - Search & Destroy
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

Step three...

FRST Fix
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
  • Copy and Paste the following script into Notepad, Do not include the word Code:.
    Code:
    CreateRestorePoint:
    GroupPolicy: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-2800502796-835880612-2508068223-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
    BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
    FF Plugin-x32: @skyhookwireless.com/LokiPlugin -> C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\4.9.0.06\nploki.dll [2013-11-22] (Skyhook Wireless)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    Task: {B9FA307B-0692-4F3D-9F30-B901A198BA6A} - \DiskMaintain -> No File <==== ATTENTION
    AlternateDataStreams: C:\Windows:nlsPreferences [0]
    AlternateDataStreams: C:\Users\Coop\Downloads\68788_submitter_file1__001.AVI:TOC.WMV [130]
    IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
    IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
    IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\clonewarsadventures.com -> clonewarsadventures.com
    IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\freerealms.com -> freerealms.com
    IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\soe.com -> soe.com
    IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\sony.com -> sony.com
    IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\vizzed.com -> www.vizzed.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123simsen.com -> www.123simsen.com
    FirewallRules: [TCP Query User{58D9F4F4-6AF5-437C-8CEA-77EB541E2C51}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
    FirewallRules: [UDP Query User{29FFA66C-0E30-4C37-AC73-FDE9711B8D40}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
    FirewallRules: [{A4129F19-B336-4F39-AD15-C8A1C9BCBBDD}] => (Allow) C:\Users\Coop\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{6A5EFCB2-0753-47B8-AE1D-98FD31F3A156}] => (Allow) C:\Users\Coop\AppData\Roaming\BitTorrent\BitTorrent.exe
    
    C:\Program Files (x86)\Spybot - Search & Destroy
    C:\Program Files (x86)\Java
    C:\Program Files (x86)\Adobe\Reader 10.0
    
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step four

Junkware Removal Tool (JRT)
  • Please download Junkware Removal Tool (JRT) by Malwarebytes and save it to your Desktop.
  • Close all open programs and windows.
  • Right click on JRT.exe and select Run as administrator.
  • When the tool loads press any key to start the scan.
  • When JRT finishes it will open a log in Notepad, JRT.txt. Copy and paste the contents in your reply.

Step five

MiniToolBox
  • Please download MiniToolBox by Farbar and save it to your Desktop.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click MiniToolBox.exe and select Run as administrator.
  • Check the following boxes and click GO:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of HOSTS
    • List IP Configuration
    • List Winsock Entries
  • A file MTB.txt will be created in the same location as MiniToolBox. Please copy and paste the contents in your reply.
  • You can now close MiniToolBox.
Please try all your browsers, including IE, and let me know which ones are still experiencing problems.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Answers to my questions
  • Fixlog.txt
  • JRT.txt
  • MTB.txt
  • Which browsers, if any, are still experiencing problems?
  • Are there any changes in computer behavior?
 
#9 ·
  • Did you have any problems with the instructions? Nope. Very clear to follow
  • Answers to my questions - GeoCpmply is used by online casinos in NJ to confirm you are playing from the state of NJ. So this should remain. I used to use AOL desktop software, I will uninstall
  • Fixlog.txt - I posted the file contents
  • JRT.txt - I posted the file contents
  • MTB.txt - I posted the file contents
  • Which browsers, if any, are still experiencing problems? - Seem better but let me know your thoughts on my files I posted
  • Are there any changes in computer behavior? - Seems faster but let me keep checking and I want to see what you say after reading my logs. Some stuff looks interesting to me.
 
#10 ·
Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-10-2016
Ran by Coop (02-10-2016 16:30:55) Run:2
Running from C:\Users\Coop\Desktop
Loaded Profiles: Coop (Available Profiles: Coop)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2800502796-835880612-2508068223-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26] (Oracle Corporation)
FF Plugin-x32: @skyhookwireless.com/LokiPlugin -> C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\4.9.0.06\nploki.dll [2013-11-22] (Skyhook Wireless)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
Task: {B9FA307B-0692-4F3D-9F30-B901A198BA6A} - \DiskMaintain -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [0]
AlternateDataStreams: C:\Users\Coop\Downloads\68788_submitter_file1__001.AVI:TOC.WMV [130]
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\vizzed.com -> www.vizzed.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\...\123simsen.com -> www.123simsen.com
FirewallRules: [TCP Query User{58D9F4F4-6AF5-437C-8CEA-77EB541E2C51}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{29FFA66C-0E30-4C37-AC73-FDE9711B8D40}C:\program files (x86)\bittorrent\bittorrent.exe] => (Allow) C:\program files (x86)\bittorrent\bittorrent.exe
FirewallRules: [{A4129F19-B336-4F39-AD15-C8A1C9BCBBDD}] => (Allow) C:\Users\Coop\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{6A5EFCB2-0753-47B8-AE1D-98FD31F3A156}] => (Allow) C:\Users\Coop\AppData\Roaming\BitTorrent\BitTorrent.exe

C:\Program Files (x86)\Spybot - Search & Destroy
C:\Program Files (x86)\Java
C:\Program Files (x86)\Adobe\Reader 10.0

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} => key not found.
HKCR\Wow6432Node\CLSID\{53707962-6F74-2D53-2644-206D7942484F} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@skyhookwireless.com/LokiPlugin => key not found.
C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\4.9.0.06\nploki.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader => key not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9FA307B-0692-4F3D-9F30-B901A198BA6A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9FA307B-0692-4F3D-9F30-B901A198BA6A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DiskMaintain => key not found.
C:\Windows => ":nlsPreferences" ADS could not remove.
C:\Users\Coop\Downloads\68788_submitter_file1__001.AVI => ":TOC.WMV" ADS removed successfully.
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com" => key removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vizzed.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\007guard.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008i.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\008k.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\00hq.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\010402.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\032439.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\0scan.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-2005-search.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1-domains-registrations.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1000gratisproben.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1001namen.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100888290cs.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\100sexlinks.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-26.net" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12-27.net" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123fporn.info" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123haustiereundmehr.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123moviedownload.com" => key removed successfully
"HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123simsen.com" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{58D9F4F4-6AF5-437C-8CEA-77EB541E2C51}C:\program files (x86)\bittorrent\bittorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{29FFA66C-0E30-4C37-AC73-FDE9711B8D40}C:\program files (x86)\bittorrent\bittorrent.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A4129F19-B336-4F39-AD15-C8A1C9BCBBDD} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6A5EFCB2-0753-47B8-AE1D-98FD31F3A156} => value not found.
C:\Program Files (x86)\Spybot - Search & Destroy => moved successfully
C:\Program Files (x86)\Java => moved successfully
"C:\Program Files (x86)\Adobe\Reader 10.0" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4029709 B
Java, Flash, Steam htmlcache => 175709079 B
Windows/system/drivers => 2360274 B
Edge => 0 B
Chrome => 243082258 B
Firefox => 363520478 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82752 B
systemprofile32 => 129023 B
LocalService => 66228 B
LocalService => 0 B
NetworkService => 81042 B
NetworkService => 0 B
Coop => 32067674 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 791.2 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 16:35:42 ====
 
#11 ·
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.8 (09.20.2016)
Operating System: Windows (TM) Vista Home Premium x64
Ran by Coop (Administrator) on Sun 10/02/2016 at 16:55:11.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Successfully deleted: C:\ProgramData\viewpoint (Folder)
Successfully deleted: C:\Users\Coop\AppData\Local\28050 (Folder)
Successfully deleted: C:\Users\Coop\AppData\Roaming\getrighttogo (Folder)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files (x86)\viewpoint (Folder)
Successfully deleted: C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I1NTRVI (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\571SCTYO (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCQPF5EF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Coop\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBXFLQWX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2I1NTRVI (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\571SCTYO (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CCQPF5EF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBXFLQWX (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/02/2016 at 16:58:16.13
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
#12 ·
MTB

MiniToolBox by Farbar Version: 17-06-2016
Ran by Coop (administrator) on 02-10-2016 at 17:00:19
Running from "C:\Users\Coop\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Model: P5QL-E Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : Coop-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
Physical Address. . . . . . . . . : 00-22-15-20-76-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:18b9:1e0f:0:3cc7:3701:9e5e:6c9b(Preferred)
Temporary IPv6 Address. . . . . . : 2002:18b9:1e0f:0:30d9:9dcf:a15e:f9a9(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cc7:3701:9e5e:6c9b%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.107(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, October 02, 2016 4:46:48 PM
Lease Expires . . . . . . . . . . : Monday, October 03, 2016 4:46:48 PM
Default Gateway . . . . . . . . . : fe80::6a7f:74ff:fe53:b8d3%10
192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 218112533
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-10-9E-4C-A2-00-22-15-20-76-CF
DNS Servers . . . . . . . . . . . : 167.206.245.135
167.206.245.136
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{DF18AE1E-3EA5-4EC6-A01E-508FBAF6A315}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vdnssec1.srv.prnynj.cv.net
Address: 167.206.245.135

Name: google.com
Addresses: 2607:f8b0:4006:807::200e
172.217.0.46

Pinging google.com [173.194.208.138] with 32 bytes of data:

Reply from 173.194.208.138: bytes=32 time=26ms TTL=44

Reply from 173.194.208.138: bytes=32 time=25ms TTL=44

Ping statistics for 173.194.208.138:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 26ms, Average = 25ms

Server: vdnssec1.srv.prnynj.cv.net
Address: 167.206.245.135

Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:44:204::a7
2001:4998:58:c02::a9
206.190.36.45
98.139.183.24
98.138.253.109

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=78ms TTL=49

Reply from 206.190.36.45: bytes=32 time=78ms TTL=49

Ping statistics for 206.190.36.45:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 78ms, Maximum = 78ms, Average = 78ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 22 15 20 76 cf ...... Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{DF18AE1E-3EA5-4EC6-A01E-508FBAF6A315}
12 ...00 00 00 00 00 00 00 e0 6TO4 Adapter
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.107 10
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.107 266
192.168.1.107 255.255.255.255 On-link 192.168.1.107 266
192.168.1.255 255.255.255.255 On-link 192.168.1.107 266
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.107 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.107 266
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
10 4106 ::/0 fe80::6a7f:74ff:fe53:b8d3
1 306 ::1/128 On-link
10 18 2002:18b9:1e0f::/64 On-link
10 266 2002:18b9:1e0f:0:30d9:9dcf:a15e:f9a9/128
On-link
10 266 2002:18b9:1e0f:0:3cc7:3701:9e5e:6c9b/128
On-link
10 266 fe80::/64 On-link
10 266 fe80::3cc7:3701:9e5e:6c9b/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48640] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

**** End of log ****
 
#13 ·
Hello rcoops72 :)

Good to hear that things seem a bit better at least.

How frequently were you getting redirects previously?

Also, I'd like to take a look at some of the logs for tools you previously ran and then we will run them one more time.

Step one...

Post old AdwCleaner logs
NOTE: If it is easier for you, feel free to attach these logs rather than copy and paste.
  • Please navigate to C:\AdwCleaner.
  • You will see logs named AdwCleaner[Sx].txt and AdwCleaner[Cx].txt where "x" is a number representing how many times it has been run.
  • Please post all logs named AdwCleaner[Cx].txt.

Step two...

Post old Malwarebytes Anti-Malware (MBAM) logs
  • Press the Windows Key + R.
  • Type mbam.exe into the text box and click OK.
  • Click History and then click the most recent Scan Log.
  • Click Export and then click Copy to Clipboard. Paste the results in your next reply.
  • Repeat this for every scan that you ran in trying to solve this problem.
  • NOTE: I do not need the Protection Logs.
While you have MBAM open, let's also run another scan.

Step three...

Malwarebytes Anti-Malware (MBAM) Scan
Note: you need to be connected to the internet so that MBAM can download any updates it needs to.
  • You should already have MBAM open. If not follow the instructions from Step two to open it again.
  • Allow MBAM to update if it asks you to.
  • Click Scan Now. MBAM will update its databases and proceed to scan your computer.
  • If any threats are found, ensure that all of them are checked and click Remove Selected.
  • If prompted to allow a reboot please do so.
    Failing to reboot when asked can prevent MBAM from removing all the malware it finds.
  • Once the scan is finished click Save Results >> in the bottom right corner and select Copy to Clipboard. Paste the results in your next reply.
  • If MBAM required a reboot please do the following to get the report:
    • On reboot reopen MBAM.
    • Click History and then click the most recent Scan Log.
    • Click Export and then click Copy to Clipboard. Paste the results in your next reply.

Step four...

AdwCleaner - Scan and Clean
  • Please delete any copies of adwcleaner.exe that you may currently have. Download a new copy HERE.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Click on Cleaning.
  • Once finished AdwCleaner will prompt you to reboot. Please allow it to do so.
  • On reboot a log will open AdwCleaner[Cx].txt where "x" is the number of times AdwCleaner has been run. Copy and paste the contents of that logfile in your reply.
Please also keep me updated on if you begin to experience redirects in any browser again.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Old AdwCleaner logs
  • Old MBAM logs
  • New MBAM log
  • New AdwCleaner log
  • Are there any changes in computer behavior?
 
#14 ·
I have not had many rejects since the last steps we took..But now FireFox seems to refreshing itself a lot and locking up where I need to X out or wait 3-5 mins and then just alt control del close them

I only see two (Cx)s C0 and C2...They are below:

# AdwCleaner v6.020 - Logfile created 23/09/2016 at 17:36:29
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-23.1 [Server]
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (X64)
# Username : Coop - COOP-PC
# Running from : C:\Users\Coop\Downloads\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder deleted on reboot: C:\ProgramData\{8b701d70-009a-ef2e-8b70-01d7000975c0}
[#] Folder deleted on reboot: C:\Users\Coop\AppData\Local\28050
[#] Folder deleted on reboot: C:\Users\Coop\AppData\LocalLow\Yahoo!\Companion
[#] Folder deleted on reboot: C:\Users\Coop\AppData\Roaming\.acestream
[#] Folder deleted on reboot: C:\Users\Coop\AppData\Roaming\download Manager
[#] Folder deleted on reboot: C:\_acestream_cache_
[#] Folder deleted on reboot: C:\ProgramData\Viewpoint
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Viewpoint
[#] Folder deleted on reboot: C:\Program Files (x86)\Viewpoint
[#] Folder deleted on reboot: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[#] Folder deleted on reboot: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

[-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minefield\Minefield (64-bit) (Safe Mode).lnk
[-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2K Games\Mafia II\Mafia II Launcher.lnk
[-] Shortcut disinfected: C:\Users\Coop\Desktop\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Coop\Desktop\The Witcher.lnk
[-] Shortcut disinfected: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[-] Shortcut disinfected: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut disinfected: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Shortcut disinfected: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut disinfected: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut disinfected: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key deleted: HKU\.DEFAULT\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\WEBAPP
[-] Key deleted: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Yahoo\YFriendsBar
[-] Key deleted: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6
[-] Key deleted: HKU\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\WEBAPP
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\MetaStream
[-] Key deleted: HKLM\SOFTWARE\Viewpoint
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[#] Key deleted on reboot: [x64] HKCU\Software\WEBAPP
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
[-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

***** [ Web browsers ] *****

[-] [C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: netflix.com
[-] [C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [7515 Bytes] - [23/09/2016 17:36:29]
C:\AdwCleaner\AdwCleaner[R0].txt - [3970 Bytes] - [07/06/2014 14:27:17]
C:\AdwCleaner\AdwCleaner[R1].txt - [1329 Bytes] - [08/06/2014 10:47:58]
C:\AdwCleaner\AdwCleaner[R2].txt - [1449 Bytes] - [14/06/2014 01:20:12]
C:\AdwCleaner\AdwCleaner[R3].txt - [1614 Bytes] - [02/08/2014 16:02:57]
C:\AdwCleaner\AdwCleaner[R4].txt - [4420 Bytes] - [26/01/2015 11:12:40]
C:\AdwCleaner\AdwCleaner[R5].txt - [3268 Bytes] - [25/07/2015 20:48:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [3631 Bytes] - [07/06/2014 14:28:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [1396 Bytes] - [08/06/2014 10:49:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [1516 Bytes] - [14/06/2014 01:21:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [1681 Bytes] - [02/08/2014 16:04:22]
C:\AdwCleaner\AdwCleaner[S4].txt - [4184 Bytes] - [26/01/2015 11:14:31]
C:\AdwCleaner\AdwCleaner[S5].txt - [9424 Bytes] - [23/09/2016 17:35:54]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [8464 Bytes] ##########

# AdwCleaner v6.020 - Logfile created 23/09/2016 at 19:20:03
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-23.1 [Server]
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (X64)
# Username : Coop - COOP-PC
# Running from : C:\Users\Coop\Downloads\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder deleted on reboot: C:\ProgramData\{8b701d70-009a-ef2e-8b70-01d7000975c0}
[#] Folder deleted on reboot: C:\Users\Coop\AppData\Local\28050
[#] Folder deleted on reboot: C:\Users\Coop\AppData\LocalLow\Yahoo!\Companion
[#] Folder deleted on reboot: C:\Users\Coop\AppData\Roaming\.acestream
[#] Folder deleted on reboot: C:\ProgramData\Viewpoint
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Viewpoint
[#] Folder deleted on reboot: C:\Program Files (x86)\Viewpoint
[#] Folder deleted on reboot: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[#] Folder deleted on reboot: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: "Prefetch" files deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8591 Bytes] - [23/09/2016 17:36:29]
C:\AdwCleaner\AdwCleaner[C2].txt - [1573 Bytes] - [23/09/2016 19:20:03]
C:\AdwCleaner\AdwCleaner[R0].txt - [3970 Bytes] - [07/06/2014 14:27:17]
C:\AdwCleaner\AdwCleaner[R1].txt - [1329 Bytes] - [08/06/2014 10:47:58]
C:\AdwCleaner\AdwCleaner[R2].txt - [1449 Bytes] - [14/06/2014 01:20:12]
C:\AdwCleaner\AdwCleaner[R3].txt - [1614 Bytes] - [02/08/2014 16:02:57]
C:\AdwCleaner\AdwCleaner[R4].txt - [4420 Bytes] - [26/01/2015 11:12:40]
C:\AdwCleaner\AdwCleaner[R5].txt - [3268 Bytes] - [25/07/2015 20:48:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [3631 Bytes] - [07/06/2014 14:28:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [1396 Bytes] - [08/06/2014 10:49:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [1516 Bytes] - [14/06/2014 01:21:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [1681 Bytes] - [02/08/2014 16:04:22]
C:\AdwCleaner\AdwCleaner[S4].txt - [4184 Bytes] - [26/01/2015 11:14:31]
C:\AdwCleaner\AdwCleaner[S5].txt - [9424 Bytes] - [23/09/2016 17:35:54]
C:\AdwCleaner\AdwCleaner[S6].txt - [2648 Bytes] - [23/09/2016 19:19:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2595 Bytes] ##########
 
#15 ·
I loaded Malwarebytes and there was no history which is strange. I ran it again and it found nothing. Below is the scan history

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/3/2016
Scan Time: 8:22:29 PM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.04.01
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Coop

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368418
Time Elapsed: 31 min, 35 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
 
#16 ·
When I click the HERE to download a new copy of ADWCLEANER it says

Server not found

Firefox can't find the server at www.general-changelog-team.fr.

Check the address for typing errors such as ww.example.com instead of www.example.com
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
 
#18 ·
I ran ADWcleaner from the desktop as ADMIN..below is the log: Seems the same stuff keeps appearing I guess it is not really deleting those folders? Also there is no tab for FireFox.. I just want to confirm it is looking at firefox as well.

Question what is normally the sign or meaning when you boot up an older OS like this and 90% of your desktop icons are white and over 1-3 mins they finally turn to their correct icon? This is also happening now.

Do you see anything interesting?

# AdwCleaner v6.020 - Logfile created 04/10/2016 at 20:12:49
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-10-03.1 [Server]
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (X64)
# Username : Coop - COOP-PC
# Running from : C:\Users\Coop\Desktop\adwcleaner_6.020.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[#] Folder deleted on reboot: C:\Users\Coop\AppData\LocalLow\Yahoo!\Companion
[#] Folder deleted on reboot: C:\Users\Coop\AppData\Roaming\.acestream
[#] Folder deleted on reboot: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion
[#] Folder deleted on reboot: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: netflix.com
[-] [C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Coop\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: "Prefetch" files deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8591 Bytes] - [23/09/2016 17:36:29]
C:\AdwCleaner\AdwCleaner[C2].txt - [2674 Bytes] - [23/09/2016 19:20:03]
C:\AdwCleaner\AdwCleaner[C3].txt - [1638 Bytes] - [04/10/2016 20:12:49]
C:\AdwCleaner\AdwCleaner[R0].txt - [3970 Bytes] - [07/06/2014 14:27:17]
C:\AdwCleaner\AdwCleaner[R1].txt - [1329 Bytes] - [08/06/2014 10:47:58]
C:\AdwCleaner\AdwCleaner[R2].txt - [1449 Bytes] - [14/06/2014 01:20:12]
C:\AdwCleaner\AdwCleaner[R3].txt - [1614 Bytes] - [02/08/2014 16:02:57]
C:\AdwCleaner\AdwCleaner[R4].txt - [4420 Bytes] - [26/01/2015 11:12:40]
C:\AdwCleaner\AdwCleaner[R5].txt - [3268 Bytes] - [25/07/2015 20:48:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [3631 Bytes] - [07/06/2014 14:28:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [1396 Bytes] - [08/06/2014 10:49:22]
C:\AdwCleaner\AdwCleaner[S2].txt - [1516 Bytes] - [14/06/2014 01:21:10]
C:\AdwCleaner\AdwCleaner[S3].txt - [1681 Bytes] - [02/08/2014 16:04:22]
C:\AdwCleaner\AdwCleaner[S4].txt - [4184 Bytes] - [26/01/2015 11:14:31]
C:\AdwCleaner\AdwCleaner[S5].txt - [9424 Bytes] - [23/09/2016 17:35:54]
C:\AdwCleaner\AdwCleaner[S6].txt - [2648 Bytes] - [23/09/2016 19:19:31]
C:\AdwCleaner\AdwCleaner[S7].txt - [2988 Bytes] - [26/09/2016 23:37:30]
C:\AdwCleaner\AdwCleaner[S8].txt - [3061 Bytes] - [27/09/2016 23:51:44]
C:\AdwCleaner\AdwCleaner[S9].txt - [2930 Bytes] - [04/10/2016 20:12:37]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [2879 Bytes] ##########
 
#19 ·
Hello rcoops72 :)

Not sure about the icons. Did that just start happening? Doesn't really sound like a malware issue to me, but I wanted to check your shorcuts anyways so one of these scans will do that.

The AdwCleaner detections are benign. AdwCleaner doesn't like Yahoo!, Ask or Netflix (as well as a couple others, Bing I think is one). However these search engines are installed in many browsers by default. AdwCleaner removes them because they are associated with the respective foistware toolbars (you've probably seen the optional offers for Ask at least before) but there is nothing inherently bad about the search provider.

Please run the following scans:

Step one...

FRST - Search Registry
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Right click FRST64.exe and select Run as administrator.
  • Copy and paste the following into the Search box:
    acestream;magicplayer;ace_engine;ace_update;viewpoint;{8b701d70-009a-ef2e-8b70-01d7000975c0};metastream;{03F998B2-0E00-11D3-A498-00104B6EB52E};{7D831388-D405-4272-9511-A07440AD2927};{1B00725B-C455-4DE6-BFB6-AD540AD427CD};{6E993643-8FBC-44FE-BC85-D318495C4D96};{8233093C-178B-484B-979E-3C6B5B147DBC};{B722ED8B-0B38-408E-BB89-260C73BCF3D4};{9522B3FB-7A2B-4646-8AF6-36E7F593073C};Coupon;getrighttogo
  • Click Search Registry. The scan can take 10 minutes or more to complete.
  • You will get a popup telling you when the search has completed. Click OK.
  • This will open a file SearchReg.txt. Please copy and paste the contents in your reply.
    SearchReg.txt can also be found in the same folder FRST was run from.

Step two...

FRST Shortcut Scan
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Right click FRST64.exe and select Run as administrator.
  • Under Optional Scan check Shortcut.txt.
  • Click Scan and wait as the scan completes.
  • Once the scan finishes, two files will open, FRST.txt and Shortcut.txt. Post Shortcut.txt only.

Step three...

TDSSKiller - Scan Only
  • Please download TDSSKiller by Kaspersky Lab and save it to your Desktop.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on tdsskiller.exe and select Run as administrator.
    • If you are not able to run it then right click tdsskiller.exe and select Rename.
    • Rename it to a random string of letters with a .com extension (for example eajkxiga.com).
  • If UAC prompts you to allow it to make changes to your computer please click Yes.
  • When the End User License Agreement opens click Accept.
  • Click Accept again for the KSN Statement.
  • Click on Change parameters and check Verify file digital signatures.
    IMPORTANT: ensure that Detect TDLFS file system remains UNCHECKED.
  • Click on OK to close the Settings window.
  • Click on Start Scan. Do not use your computer during the scan.
  • If malicious objects are found change the action from Cure to Skip.
    DO NOT attempt to Cure anything at this point.
  • Once the scan is finished click on Report in the top right corner. Copy and paste the contents of that log in your next reply.
    The log can also be found at C:\TDSSKiller.version_dd.mm.yyyy_hh.mm.ss_log.txt.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • SearchReg.txt
  • Shortcut.txt
  • TDSSKiller.version_dd.mm.yyyy_hh.mm.ss_log.txt
  • Are there any changes in computer behavior?
 
#20 ·
Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by Coop (05-10-2016 19:15:58)
Running from C:\Users\Coop\Desktop
Boot Mode: Normal

================== Search Registry: "acestream;magicplayer;ace_engine;ace_update;viewpoint;{8b701d70-009a-ef2e-8b70-01d7000975c0};metastream;{03F998B2-0E00-11D3-A498-00104B6EB52E};{7D831388-D405-4272-9511-A07440AD2927};{1B00725B-C455-4DE6-BFB6-AD540AD427CD};{6E993643-8FBC-44FE-BC85-D318495C4D96};{8233093C-178B-484B-979E-3C6B5B147DBC};{B722ED8B-0B38-408E-BB89-260C73BCF3D4};{9522B3FB-7A2B-4646-8AF6-36E7F593073C};Coupon;getrighttogo" ===========

===================== Search result for "viewpoint" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{342224AC-1149-663A-05A3-E67C2C0D485B}]
""="Viewpoint Media Player"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{342224AC-1149-663A-05A3-E67C2C0D485B}]
"ComponentID"="Viewpoint"

===================== Search result for "metastream" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E}]
""="IMetaStreamCtl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E}]
""="IMetaStreamCtl"

===================== Search result for "{9522B3FB-7A2B-4646-8AF6-36E7F593073C}" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]

===================== Search result for "Coupon" ==========

[HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0]

====== End of Search ======
 
#21 ·
Users shortcut scan result (x64) Version: 04-10-2016
Ran by Coop (05-10-2016 19:23:55)
Running from C:\Users\Coop\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E6B5EBF3-63C7-4E3E-9CC3-E069CC0CCCAA}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E6B5EBF3-63C7-4E3E-9CC3-E069CC0CCCAA}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{DE01EE11-4E4C-4E19-AE69-57A3575ED0EA}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com:80/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{DE01EE11-4E4C-4E19-AE69-57A3575ED0EA}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com:80/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{BE0A1416-2667-450A-A0E0-08EC6310EDB8}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{BE0A1416-2667-450A-A0E0-08EC6310EDB8}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B55AEE04-759D-44EC-99E9-10167CB26736}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com:80/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B55AEE04-759D-44EC-99E9-10167CB26736}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com:80/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B523D78F-D2D8-4797-ABFA-139E9480B330}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B523D78F-D2D8-4797-ABFA-139E9480B330}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{7F8509DC-009A-42B5-AFFC-8ABBA74DB2E3}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{7F8509DC-009A-42B5-AFFC-8ABBA74DB2E3}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{59D1DC93-599C-4170-9004-2C15B03F35F8}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com:80/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{59D1DC93-599C-4170-9004-2C15B03F35F8}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com:80/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{449722E5-6AA0-4059-A03C-77156B909895}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com:80/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{449722E5-6AA0-4059-A03C-77156B909895}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com:80/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{394A9940-E1F0-416E-A533-3F19C94110E8}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com:80/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{394A9940-E1F0-416E-A533-3F19C94110E8}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com:80/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{302E03D8-B1EA-4FD3-8E56-8688E468F390}\SupportTasks\1\Support.lnk -> hxxp://support.ubi.com/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{302E03D8-B1EA-4FD3-8E56-8688E468F390}\SupportTasks\0\Home Page.lnk -> hxxp://www.farcrygame.com/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{16B047A3-4554-4822-9242-88E224005081}\SupportTasks\1\Support.lnk -> hxxp://www.everquest2.com/support/
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{16B047A3-4554-4822-9242-88E224005081}\SupportTasks\0\Home Page.lnk -> hxxp://www.everquest2.com/

Shortcut: C:\Users\Coop\Videos\Sample Videos.lnk -> C:\Users\Public\Videos\Sample Videos ()
Shortcut: C:\Users\Coop\Pictures\Sample Pictures.lnk -> C:\Users\Public\Pictures\Sample Pictures ()
Shortcut: C:\Users\Coop\Links\Documents.lnk -> C:\Users\Coop\Documents ()
Shortcut: C:\Users\Coop\Links\Music.lnk -> C:\Users\Coop\Music ()
Shortcut: C:\Users\Coop\Links\Pictures.lnk -> C:\Users\Coop\Pictures ()
Shortcut: C:\Users\Coop\Links\Public.lnk -> C:\Users\Public ()
Shortcut: C:\Users\Coop\Links\Recently Changed.lnk -> C:\Users\Coop\Searches\Recently Changed.search-ms ()
Shortcut: C:\Users\Coop\Links\Searches.lnk -> C:\Users\Coop\Searches ()
Shortcut: C:\Users\Coop\Desktop\Amnesia.lnk -> D:\Program Files (x86)\Amnesia - The Dark Descent\redist\Launcher.exe ()
Shortcut: C:\Users\Coop\Desktop\AOL Saved Files.lnk -> C:\Users\Public\Documents\AOL Downloads ()
Shortcut: C:\Users\Coop\Desktop\Bioshock2Launcher - Shortcut.lnk -> D:\Program Files (x86)\2K Games\BioShock 2\SP\Builds\Binaries\Bioshock2Launcher.exe (Sony DADC Austria AG)
Shortcut: C:\Users\Coop\Desktop\BM AA.lnk -> D:\Program Files (x86)\Eidos\Batman Arkham Asylum\Binaries\BmStartApp.exe (Sony DADC Austria AG)
Shortcut: C:\Users\Coop\Desktop\Borderlands.lnk -> D:\Program Files (x86)\2K Games\Gearbox Software\Borderlands\Binaries\Borderlands.exe (Take-Two Interactive Software, Inc.)
Shortcut: C:\Users\Coop\Desktop\Crysis - Shortcut.lnk -> D:\Program Files (x86)\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe (Crytek GmbH)
Shortcut: C:\Users\Coop\Desktop\Decker - Shortcut.lnk -> D:\Program Files\Decker\Decker.exe ()
Shortcut: C:\Users\Coop\Desktop\dirt 2.lnk -> D:\Program Files (x86)\Codemasters\DiRT2\dirt2.exe (Sony DADC Austria AG)
Shortcut: C:\Users\Coop\Desktop\DivX Movies.lnk -> C:\Users\Coop\Videos\DivX Movies ()
Shortcut: C:\Users\Coop\Desktop\DukeForever - Shortcut.lnk -> D:\Program Files (x86)\Duke Nukem Forever\System\DukeForever.exe ()
Shortcut: C:\Users\Coop\Desktop\Elf Bowling Holiday Pack.lnk -> D:\Program Files (x86)\Games\Elf Bowling Holiday Pack\ElfBowling.exe ()
Shortcut: C:\Users\Coop\Desktop\EQ2MAP Updater.lnk -> D:\Program Files (x86)\EQ2MAP Updater1.1\EQ2MAP_Updater.exe ()
Shortcut: C:\Users\Coop\Desktop\EverQuest II.lnk -> D:\Program Files (x86)\Sony\EverQuest II\LaunchPad.exe (Daybreak Game Company)
Shortcut: C:\Users\Coop\Desktop\gens - Shortcut.lnk -> C:\Users\Coop\Downloads\SHADOWRUN\gens.exe ()
Shortcut: C:\Users\Coop\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Coop\Desktop\GrabIt.lnk -> D:\Program Files (x86)\GrabIt\GrabIt.exe ()
Shortcut: C:\Users\Coop\Desktop\HiJackThis.lnk -> C:\Users\Coop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe (Trend Micro Inc.)
Shortcut: C:\Users\Coop\Desktop\King's Bounty. The Legend.lnk -> E:\Program Files (x86)\Atari\King's Bounty. The Legend\kb.exe ()
Shortcut: C:\Users\Coop\Desktop\Launch - Shortcut.lnk -> C:\Users\Coop\Documents\PROFIT\Launch.exe ()
Shortcut: C:\Users\Coop\Desktop\MassEffect.lnk -> D:\Program Files (x86)\Games\Mass Effect\Binaries\MassEffect.exe (BioWare)
Shortcut: C:\Users\Coop\Desktop\ProjectZomboid64 - Shortcut.lnk -> E:\Project Zomboid\ProjectZomboid64.exe ()
Shortcut: C:\Users\Coop\Desktop\Resident Evil 5.lnk -> D:\Program Files (x86)\CAPCOM\RESIDENT EVIL 5\Launcher.exe (CAPCOM CO., LTD.)
Shortcut: C:\Users\Coop\Desktop\Stalker-COP.lnk -> D:\Program Files (x86)\bitComposer Games\S.T.A.L.K.E.R. - Call of Pripyat\Stalker-COP.exe (GSC Game World)
Shortcut: C:\Users\Coop\Desktop\Syberia 2.lnk -> D:\Program Files (x86)\Games\Syberia 2\Syberia2.exe (Microids Canada)
Shortcut: C:\Users\Coop\Desktop\TERA-Launcher.lnk -> D:\Program Files (x86)\En Masse Entertainment\TERA\TERA-Launcher.exe (En Masse Entertainment)
Shortcut: C:\Users\Coop\Desktop\The Witcher.lnk -> E:\Program Files (x86)\The Witcher Enhanced Edition\The Witcher Enhanced Edition\launcher.exe (CD Projekt Red)
Shortcut: C:\Users\Coop\Desktop\TVMC.lnk -> E:\Program Files (x86)\TVMC\TVMC.exe (TVADDONS.ag)
Shortcut: C:\Users\Coop\Desktop\uplink - Shortcut.lnk -> D:\Program Files (x86)\Uplink\uplink.exe (Introversion Software)
Shortcut: C:\Users\Coop\Desktop\Ventrilo.lnk -> C:\Program Files\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.)
Shortcut: C:\Users\Coop\Desktop\winpok6 - Shortcut.lnk -> C:\Users\Coop\Documents\WINPOKPR\winpok6.exe ()
Shortcut: C:\Users\Coop\Desktop\Work\DAEMON Tools Lite.lnk -> D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (No File)
Shortcut: C:\Users\Coop\Desktop\Work\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\Users\Coop\Desktop\Work\MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Shortcut: C:\Users\Coop\Desktop\Work\PeerBlock.lnk -> C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe ()
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinPoker 6 Shareware\WinPoker 6 Shareware.lnk -> C:\Program Files (x86)\Winpoker 6 Shareware\winpok6.exe ()
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ventrilo\Ventrilo.lnk -> C:\Program Files\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVMC\Uninstall TVMC.lnk -> E:\Program Files (x86)\TVMC\Uninstall.exe ()
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> E:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -> C:\Users\Coop\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe (Trend Micro Inc.)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\EverQuest II.lnk -> D:\Program Files (x86)\Sony\EverQuest II\LaunchPad.exe (Daybreak Game Company)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals\Uneraser\DiskInternals Uneraser.lnk -> C:\Program Files (x86)\DiskInternals\Uneraser\Unerase.exe (DiskInternals Research)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals\Uneraser\Documentation.lnk -> C:\Program Files (x86)\DiskInternals\Uneraser\help.chm ()
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals\Uneraser\Uninstall.lnk -> C:\Program Files (x86)\DiskInternals\Uneraser\Uninstall.exe (DiskInternals Research)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals\Excel Recovery\DiskInternals Excel Recovery.lnk -> C:\Program Files (x86)\DiskInternals\ExcelRecovery\ExcelRecovery.exe (DiskInternals Research)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals\Excel Recovery\Uninstall.lnk -> C:\Program Files (x86)\DiskInternals\ExcelRecovery\Uninstall.exe (DiskInternals Research)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files (x86)\CCleaner\CCleaner.exe (Piriform Ltd)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\SendTo\Wondershare TunesGo Retro.lnk -> E:\Program Files (x86)\Wondershare\TunesGo Retro\TunesGoRetro.exe (Wondershare)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk -> C:\Program Files (x86)\ImgBurn\ImgBurn.exe (LIGHTNING UK!)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Wondershare Video Converter Ultimate.lnk -> E:\Program Files (x86)\Wondershare\Video Converter Ultimate\VideoConverterUltimate.exe (Wondershare Software)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{FD39D675-AC39-4F88-9CE7-A552F27427BC}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{FCBF4DC7-221F-40C2-8680-CA4BD6BD1960}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{FAEC6900-3C4F-4876-9BBB-DAD7FC9E46C7}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{FA4AA25B-F44B-4C40-B9DF-E1A0D6715106}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F8FEFAF1-FFA9-449F-8DC9-83E5A872BE13}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F8B6491E-35E3-4C65-825A-03C4E37E0924}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F8A96A4E-0B42-45BA-9E2E-75599211359F}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F7C711FE-ED72-4E87-B2F7-5C9C493CF4BD}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F75AC32F-E8E2-4CE3-B95A-7A7AD34CBBF9}\PlayTasks\0\The Witcher Enhanced Edition.lnk -> E:\Program Files (x86)\The Witcher Enhanced Edition\The Witcher Enhanced Edition\launcher.exe (CD Projekt Red)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F58A6C37-3ADA-430C-88E2-16491B5D32FE}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F4C133B9-ABAE-4434-9F1D-22F0CC0E68CC}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F36801DD-F6EA-4AD6-9F14-B55AEA6D0D06}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F2C02FF1-ED80-4A9F-AC02-A8D9A3915768}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{F05FB02E-AE03-4946-A957-6D37D7A0925F}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{f03fba79-ac9d-cb21-79a8-020a193b2082}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\LaunchPad.exe (Daybreak Game Company)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{EF5C7FA6-40BC-4431-8C58-861CF617B5D1}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{EEAD45D2-428B-4139-AF5A-9614F62B125E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{EE91C278-FF4C-44C5-AE22-AE85B6042F81}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{EDF64B89-4DCF-408A-B983-01B1A871BDD7}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{ECFF97A8-AF2E-4F47-9D3D-C73A4CCD2991}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{EC92CA0E-1E97-442D-BD1F-26B064571504}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E8CA0F69-2E03-440E-B9C6-319853433D0B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E8C4D35F-3CB3-4721-816C-7028C6B81455}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E87902C8-970D-4E6E-A543-138C5F4BD211}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E863E839-882F-46D2-9C32-73EF74E0FEEB}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E719FF30-7E0D-455D-B19C-496C1E8D08FE}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E6D452F1-7872-4314-A087-2B3B9C3A366E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E6B5EBF3-63C7-4E3E-9CC3-E069CC0CCCAA}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E695F8B5-52ED-4BF2-8605-9DA09D78AC26}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E51B1FD8-70A6-4D17-8784-FA4640657F55}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E4D0ADC3-0339-4EB6-9F7E-D291DD189940}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{E2156C74-BB19-4400-BE26-881220CCE748}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{DFE73673-2435-4B1A-9EC4-73BEC2191D5D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{DE01EE11-4E4C-4E19-AE69-57A3575ED0EA}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{DC9F245F-FF2A-4044-B23A-6B32BFB8E15B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Activision\ZGI\ZGIWIN.EXE (No File)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D9289DA8-DC17-493E-94F2-FC6CB4BC9087}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D840FD80-6DD8-472B-828F-40AF53ACB9F9}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D70E34CB-DE5A-428D-A74C-AF5F8EDC4156}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D60D6BD6-E330-4DF1-B193-C18AE1A084A5}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D5D489D8-30AB-4971-BAC8-47FB8A59B3B4}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D5C9FF29-BFAF-40E5-9854-17DE9F8FAF2E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D431D025-6DE3-4024-8AC1-C4F821684B1B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D3CA1905-C5B2-45E8-BBBB-D2E7DB43E42D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D3AAFDBD-C6F3-4D69-85CA-379128ED1310}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{D37D4B07-84D6-4C59-BA0E-66E79DEDE363}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{CE0AEA16-A1A2-49EB-9A2A-694DC7122335}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{CAB83C66-7866-4D46-9FA4-14AFD9AF918A}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{CA8C6101-205C-4122-B72E-0563E3C1C6DF}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C9811461-4197-431E-8811-03A4DA48E338}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C929FE17-2731-4BB0-A90F-B3069815BB6F}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C867F496-F82B-4A3C-ABE7-16876FB90CE9}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C866259B-30C1-4C06-9721-6558DEA1B59C}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C7D73C8A-A4F1-43D7-990B-1E5A0FED851A}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C6D4D429-6FA4-427C-96B3-BFA7E8CEE3FB}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C5E7499F-89C4-4FCB-BDC8-79228857579D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C5489C6B-DA83-410E-B5C7-6E23C1EB633E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C533A5D1-FD04-4321-AC40-24967F14D275}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C52365BA-D548-463C-9512-CA8E131FFE9C}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C4EDE162-BF65-4DD8-BE11-7E0AE0E3E0FF}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{C4C14D92-6733-4D59-A961-A8EFED4F73B8}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{BE8E0728-C91E-4664-9780-173A3C27F977}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{BE0A1416-2667-450A-A0E0-08EC6310EDB8}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{BD52C995-5488-4659-BF0B-87141A952002}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{BC3FC45A-EBE0-45A2-A09A-F8E600B44484}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{BA88EEF6-3336-475B-8D5E-866770E0B33F}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B9BDD03D-CA17-4769-8A47-B2E1424CEA5E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Thief - Deadly Shadows\System\T3.exe (Ion Storm, L.P.)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B99D7039-5771-40BD-A231-149F4D1DE951}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B7ED4FFD-BDFA-4A8A-AC7E-8F7E0FD8D86C}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B55AEE04-759D-44EC-99E9-10167CB26736}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B523D78F-D2D8-4797-ABFA-139E9480B330}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B0F10D40-7B9D-46EB-AC6F-2D22185B29E4}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{B0BF3B1A-BF21-4617-B543-9B8D4AAA7FE4}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{AF6642E0-6C12-440A-B08F-8D5289329FE6}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{AE8592E4-6C0D-4F02-B23C-A46340C95380}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{ADBC6981-7B1C-49A5-ADA5-032FE869E941}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{ADA3B3A1-D5DF-4480-BA66-A36C9962261E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{ACF13D5C-7A23-4AA4-8573-877B0B76EE76}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Uplink\uplink.exe (Introversion Software)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{ACAD9B62-A06C-47B9-B09D-E5BDB865174B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{AB680D9F-3742-4923-AC45-C2AF954792DD}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{AAE963F4-8450-457B-999C-3C4D00F17FA3}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A87A3032-5D35-40DF-AFDC-2BF925D39112}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A77A7814-2697-4ED6-AF15-AD6DA8FCF3BA}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A730F9A4-31DA-4D37-A5A9-9CACD7E640C4}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A6FF96DB-115F-4AE7-A08D-834BAF1C7D4E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A602DF1E-52C4-4BC0-B215-D312A2588479}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A4C2DA51-F6DF-40D0-A3CC-8209DE3169E0}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A40F2256-1509-46C3-9811-DB8877656259}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A206D0AE-AD31-45FE-BBDB-F8A219F1FC46}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A0FD6FA3-CB3A-4DE6-9B2B-CB44F287603D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{A09BCC30-2CF4-4783-ABB9-77DA5C3797ED}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{9F431447-74C9-4AF3-8B23-3DA865CD8296}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{9C228AE2-51EB-4172-85C9-8A408462CE12}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{9B0429A1-8504-41A2-B0A9-58237FE53E24}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{994F2110-B86C-498D-84FA-CCED27CEBCC8}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{98C22A4D-6898-4C5E-BC86-1DBC62B8718D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{987FE06A-3612-42BD-A6CF-43914173C85F}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{9424311E-9F58-47CE-9A4A-1EF6B8297C62}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{93D3E465-A6EE-43CF-A0E6-45949FA9ED1F}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{910853B5-FBE1-4CA4-AAB1-B6CF01C5427A}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{90472277-4022-4E8F-882A-1BFBCFE2C020}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{8FCB4F63-8789-41D0-BDE3-5BF88475AA0B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{8DBE81DA-39E2-437A-9E8C-DE49F658C83A}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{8C0151C2-8033-46E6-8290-190C68DE8F30}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{8AE8BFB7-F9CE-4267-B997-BB3267849DBD}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{8909C28F-8CFA-41E1-AC22-DBE7D3BC05C5}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{8825CB8F-C03C-4A95-9E7F-569F607FBED9}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{87F7CE11-5279-40BE-9260-B685C4291505}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{869677BD-34B4-4FDF-93C1-6B29E407E08D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{8623F950-D95F-4FC7-B4A6-3532EA86371E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{85C4ADE8-B1C1-4CB3-A91D-F8AB22E439A5}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{85B24B54-B5D7-4E0D-9875-8ACC0FF92963}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{82DE2731-8DF3-49EC-A2E3-5F9592FD263E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{82A699BE-7EFB-4279-9A2C-87A122EAD4B0}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{812CAC7C-9D0A-4E20-A95F-BB9C98F72AA4}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{7F8509DC-009A-42B5-AFFC-8ABBA74DB2E3}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{7E933BAC-76A9-4523-818B-EC47D9575945}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{7D4CD54A-70B7-4057-A0CD-AEA7C2A6127B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{79BFA20D-CE4B-4E13-920D-CC4EF886C33E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{79518901-0800-476D-8894-4A4E9864D03C}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{78A463BA-B779-4501-B907-A8D02158045B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{75B0D7CE-3566-4363-9B73-0990AB8A7332}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{7492A8D7-C66B-4CF8-B83E-A25ABDB68929}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{7481550F-BE6E-45D5-8BB3-DFED1BBE4A88}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{720931B4-C000-46A9-9D14-2073DED62F9B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{71D9F068-72A4-4F22-A0D4-B9CBB3841D50}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{714A95ED-9FFB-48DB-AC46-3C8353560AD1}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{70E925DF-C3A8-490B-B731-7D3D10C5F1E5}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{6F8EF945-9309-41F1-8BDA-BDBB4888E0A6}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{6D42F151-12CE-48FA-B3C6-7686BF1B1302}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{6A0B7641-3FA6-4242-B8BA-2442944F2593}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{66BE4AF3-9CD7-43A6-9D92-C45F8C085793}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{65B77ABA-7649-4FCF-9D10-154A7F24FE1D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{6562F039-602B-489B-B0BF-FCADC0FC586D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{64E3D881-898F-4EF6-B2DC-E17FEB9685F3}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{64D360A5-9962-496F-9810-9D12E3DE1B1D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Uplink\uplink.exe (Introversion Software)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{6425ABF3-D1D6-4494-924F-17F55E81F1EB}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V Collector Edition\bin\H5_Game.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{63DC87DE-2D29-4170-B0AF-37C44B013384}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{6300C06A-E0B8-4F31-958E-ECAD87DC8447}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{62D3F689-7A1B-4529-B77B-A848BBD9B328}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Bethesda Softworks\Oblivion\Oblivion.exe (Bethesda Softworks)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{5F7F15E2-5295-4879-884C-1D7BEE79C041}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{5F4DE5C9-08A6-41B3-9E76-CDE5E406E4E0}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{5EE53EEB-11E6-4443-80A3-493193014A46}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{5E3DE83E-7AAD-4D72-B139-3748209210B3}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{5DCB420A-0098-49B4-AD65-A82216988831}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{5CBB2901-D220-42E6-AEE9-9B4D26DEC154}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{59D1DC93-599C-4170-9004-2C15B03F35F8}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{5927306A-5E27-45B7-8902-BB9690AF9B1D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{58C372C3-2FCB-48A0-8E67-D0F5911F3EE0}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{58ABB8AD-EF90-4293-9D05-DFB9F9364E9A}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{588FBA58-6A75-49EE-8CBC-8BBD155ECD61}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{54AB1D68-A579-4976-8036-1B44D0F7CCFE}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{53C27AD2-EC08-4D13-85B3-CEA05E5B24D2}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{53B1C8CA-22E7-4A56-B607-62FD41B4E692}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{514373DC-D7AB-48BF-BE7D-11D4BA806BAC}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{4F08204A-B37F-4DB2-A48F-4F04F6E2B6AB}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{4CE61338-F010-480B-A0DA-F24EA9AB7290}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{4AD2B80F-C4E3-4E32-9097-9BAD90A1E33F}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{49C96299-ECC0-43F9-B8CB-32061D2F6C03}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{499408D1-EAE0-4EAF-AFD5-7DAF1D364627}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{4957B6FE-0386-4B38-960F-6F511D242CD0}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{476EAE07-2F10-415F-BD4B-908147F84E26}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{46ECD326-4C91-459A-86B7-9A7A12176694}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{449722E5-6AA0-4059-A03C-77156B909895}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{4479E57D-19F5-4E6F-96F7-B8AB54546F73}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{4351DD21-6BC8-47E9-A633-38A32FBABE68}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{4014FF58-3AE9-4B53-8E9B-476C6F49DC53}\PlayTasks\0\Play.lnk -> C:\Windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{3E0895B8-941D-447F-B9DF-4488202DCA7B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{3B0DE4B9-3362-4E6F-A53D-94102B3D565D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{3A14B7F1-F6D5-43D5-8DEE-446001EBA16C}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{397E3DDA-8868-45D9-969F-4126261773F5}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{394A9940-E1F0-416E-A533-3F19C94110E8}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{36938BC8-2719-46BE-B657-96B0ACE4C445}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{361D6878-5A42-46A0-B415-A6265CB65AA2}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{35AA2EE6-F41B-4334-9140-FE6755E4D4A2}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{331D9B14-2404-4D86-ADB8-F1C6DC0B7CA4}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{3187DE61-75F0-430E-AA52-14E03424F279}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{31424B6C-0D5D-45C9-9573-A033A85E37DA}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{304A95BC-B06F-45A0-A6C0-34A207C40735}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{302E03D8-B1EA-4FD3-8E56-8688E468F390}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe (Crytek)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{30118A46-C840-401C-A54C-9917A33C5E4E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2E6ACB6C-ABB1-4BD4-AEB0-02FC6B5F4A83}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2C6B4EF0-4FC7-4328-86B5-F8031BA43914}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2BC90B01-C611-4A3E-A71E-A8CAD601964E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2B200A00-92A7-4D90-8F75-708646F0D099}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2A3F5D31-0A0E-4D62-BAE6-E0ECA2489BB5}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2A370284-97F6-4D59-B11A-92587ED935CD}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{27B6C864-133B-4C43-A477-A3DC81610DA2}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{277CC364-C0B7-4C50-A218-0A72B62861B9}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2631BB2C-FE38-4797-BA38-ED5658817FE5}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{259F391D-6FBC-4F4D-814B-385359238115}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{24114185-54FC-4B05-9F05-D57777020553}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{23A3A769-8305-43FE-9F76-ED8DDFF7AEB3}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{23953361-E818-4223-8D8C-12F98081819D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{233E2CCD-DE9F-4C82-81E3-097450CD8B74}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{22900458-AB0E-4D47-BCD4-44A9737992AD}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2285D4CD-AEEA-4FC2-9AC1-BCA8F539CFF9}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{208BFBA3-04A0-4CFD-A8D8-AFD9676D70DD}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{206A1BD2-3479-46AF-8604-BB28D9E323F6}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{20652319-2972-43D1-A92A-D435E4C948BA}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{2048162A-7009-4825-A99E-6678EB2DFC8B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{1B6282B2-B773-4738-9193-D94D71FA979E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{1B131ED8-EDFF-466D-8C23-23C84F93090E}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{1A86DD1C-BCD6-49D0-8A39-7BC45268B52C}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{19985FC9-CBAD-4172-A5E8-371DDA90831B}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\TLJ\launcher.exe (No File)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{1854468F-3569-4524-B967-A2D5BF72B2C8}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{17D13473-F935-440D-8B24-13D69FE55DC8}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Games\Syberia 2\Syberia2.exe (Microids Canada)
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{17778092-2F3C-48CE-904A-1B062568C490}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{16B047A3-4554-4822-9242-88E224005081}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{14EF737C-CC4C-4349-8CEA-E5C18064277D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{14C507B6-F0A5-436B-9DDD-D859E454CDEC}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{14AA8CE0-9775-47C1-BEE3-258D616786E6}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{1442AFFC-D760-4B3F-992A-8AEA36ECC2D0}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{1402F810-80CA-4A81-810E-CA798CE623BA}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{11F4C2D0-45CA-420B-9C46-C577D169FBD0}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{10FAD93F-0689-4CA4-A399-2795AC39A435}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{1074519F-779A-489B-8322-512216C31054}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{0EE46CD0-AE7E-43F8-8AE9-BCEE8AF99634}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{0D784505-E838-4237-BCC3-5E63A0CA38D6}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{0BBF16FF-884D-49E8-96CD-643103E2B156}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{0950EFC4-3BD2-4CD6-90C3-5C8CDD9B5E90}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{09415B75-A8F2-4C1E-9D1D-96BB021E58E7}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{0813AD90-F67C-4E33-86A6-0EE60F73E463}\PlayTasks\0\Play.lnk -> E:\Program Files (x86)\Sirtech\Wizardry 8\Wiz8.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{067D0C5A-A32F-40FE-911D-104D9E987642}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{04529F5C-0F99-47FE-9CB5-886141B24D2D}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{03DC2417-BFAE-4D4A-9F56-2CA85507DF51}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{03D13941-545A-4D3A-B87E-3EA9E4834363}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{01AB4082-AFB2-44F3-B174-F7E01CB0A8F1}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Coop\AppData\Local\Microsoft\Windows\GameExplorer\{00965156-7F0B-43FF-9BEA-A6792384704F}\PlayTasks\0\Play.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Documents\AOL Downloads\AOL Desktop 9.8.1\AOL Downloads.lnk -> C:\Users\Public\Documents\AOL Downloads ()
Shortcut: C:\Users\Public\Documents\AOL Downloads\AOL Desktop 9.7\AOL Downloads.lnk -> C:\Users\Public\Documents\AOL Downloads ()
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> D:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\BioShock.lnk -> D:\Program Files (x86)\2K Games\BioShock\Builds\Release\Bioshock.exe ()
Shortcut: C:\Users\Public\Desktop\Brother Creative Center.lnk -> C:\Program Files (x86)\Brother\CreativeCenter\Brother Creative Center.url ()
Shortcut: C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk -> D:\Program Files (x86)\Activision\Modern Warfare 2\iw4sp.exe ()
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files (x86)\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\CPUID HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\Users\Public\Desktop\Dark Souls Prepare to Die Edition.lnk -> D:\Program Files (x86)\NAMCO BANDAI Games\DarkSouls\DARKSOULS.exe (NAMCO BANDAI Games Inc.)
Shortcut: C:\Users\Public\Desktop\Defraggler.lnk -> C:\Program Files\Defraggler\Defraggler64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Deus Ex - Human Revolution.lnk -> D:\Program Files (x86)\Square Enix\Deus Ex - Human Revolution\dxhr.exe (Square Enix Limited)
Shortcut: C:\Users\Public\Desktop\Diablo III.lnk -> D:\Program Files (x86)\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\DivX Converter.lnk -> C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe (DivX, LLC)
Shortcut: C:\Users\Public\Desktop\DivX Player.lnk -> C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe ()
Shortcut: C:\Users\Public\Desktop\Dragon Age Origins.lnk -> E:\Program Files (x86)\games\Dragon Age\DAOriginsLauncher.exe (BioWare)
Shortcut: C:\Users\Public\Desktop\DVDneXtCOPY 4.lnk -> D:\Program Files (x86)\DVDneXtCOPY 4\DNC4.exe (DVD neXt COPY Inc.)
Shortcut: C:\Users\Public\Desktop\EverQuest II.lnk -> D:\Program Files (x86)\Sony\EverQuest II\EQ2.exe ()
Shortcut: C:\Users\Public\Desktop\Far Cry.lnk -> D:\Program Files (x86)\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe (Crytek)
Shortcut: C:\Users\Public\Desktop\Hearthstone.lnk -> D:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Heroes of Might and Magic V Collector Edition.lnk -> D:\Program Files (x86)\Ubisoft\Heroes of Might and Magic V Collector Edition\bin\H5_Game.exe ()
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Kings Bounty Armored Princess.lnk -> E:\Program Files (x86)\1C Company\Kings Bounty Armored Princess\kb.exe ()
Shortcut: C:\Users\Public\Desktop\Kings Bounty Crossworlds.lnk -> E:\Program Files (x86)\1C Company\Kings Bounty Armored Princess\kb.exe ()
Shortcut: C:\Users\Public\Desktop\Mafia II.lnk -> D:\Program Files (x86)\2K Games\Mafia II\pc\Mafia2.exe (2K Czech)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mass Effect 2.lnk -> D:\Program Files (x86)\Games\Mass Effect 2\MassEffect2Launcher.exe (BioWare)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Oblivion.lnk -> D:\Program Files (x86)\Bethesda Softworks\Oblivion\OblivionLauncher.exe (Bethesda Softworks)
Shortcut: C:\Users\Public\Desktop\Plants vs. Zombies.lnk -> C:\Program Files (x86)\PopCap Games\Plants vs. Zombies\PlantsVsZombies.exe ()
Shortcut: C:\Users\Public\Desktop\Play Thief - Deadly Shadows.lnk -> D:\Program Files (x86)\Thief - Deadly Shadows\System\T3.exe (Ion Storm, L.P.)
Shortcut: C:\Users\Public\Desktop\Revo Uninstaller.lnk -> C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe (VS Revo Group)
Shortcut: C:\Users\Public\Desktop\Shadowrun Returns.lnk -> D:\Program Files (x86)\Harebrained Schemes\Shadowrun Returns\Shadowrun.exe ()
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\StarCraft II.lnk -> E:\Program Files (x86)\StarCraft II\StarCraft II\StarCraft II.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> E:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\Thief.lnk -> D:\Program Files (x86)\Thief\Binaries\Win32\Shipping-ThiefGame.exe (Square Enix)
Shortcut: C:\Users\Public\Desktop\thinkorswim.lnk -> E:\Program Files\thinkorswim\thinkorswim.exe (thinkorswim, Inc)
Shortcut: C:\Users\Public\Desktop\Torchlight II.lnk -> D:\Program Files (x86)\Torchlight II\Torchlight2.exe (Runic Games, Inc.)
Shortcut: C:\Users\Public\Desktop\Wizardry 8.lnk -> E:\Program Files (x86)\Sirtech\Wizardry 8\Wiz8.exe ()
Shortcut: C:\Users\Public\Desktop\Wondershare Dr.Fone for iOS.lnk -> C:\Program Files (x86)\Wondershare\Dr.Fone for iOS\iphoneRecovery_DrFoneForiOS.exe (Wondershare)
Shortcut: C:\Users\Public\Desktop\Wondershare Media Server.lnk -> E:\Program Files (x86)\Wondershare\Video Converter Ultimate\MediaServer.exe (MediaServer)
Shortcut: C:\Users\Public\Desktop\Wondershare TunesGo Retro.lnk -> E:\Program Files (x86)\Wondershare\TunesGo Retro\TunesGoRetro.exe (Wondershare)
Shortcut: C:\Users\Public\Desktop\Wondershare Video Converter Ultimate.lnk -> E:\Program Files (x86)\Wondershare\Video Converter Ultimate\WSVCUSplash.exe (Wondershare Software)
Shortcut: C:\Users\Public\Desktop\World of Warcraft.lnk -> D:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)

ShortcutWithArgument: C:\Users\Coop\Videos\DivX Movies\DivX.com.lnk -> C:\Program Files (x86)\DivX\divxdotcom.ico () -> SW_SHOWNORMAL
ShortcutWithArgument: C:\Users\Coop\Videos\DivX Movies\Enhance your video soundtracks.lnk -> C:\Program Files (x86)\DivX\dfx.ico () -> SW_SHOWNORMAL
ShortcutWithArgument: C:\Users\Coop\Documents\Shutdown.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -s -t 00 -f
ShortcutWithArgument: C:\Users\Coop\Desktop\ProfitUI Reborn Updater.lnk -> C:\Windows\SysWOW64\javaws.exe (Oracle Corporation) -> -localfile "C:\Users\Coop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\3c7a95e-5ae9733b"
ShortcutWithArgument: C:\Users\Coop\Desktop\Work\BorgataCasino.lnk -> E:\Borgata\Borgata.exe () -> -P=BorgataCasino
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinPoker 6 Shareware\Read Me.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) -> C:\PROGRA~2\WINPOK~1\README.TXT
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinPoker 6 Shareware\UnInstall.lnk -> C:\Program Files (x86)\Winpoker 6 Shareware\Unwise.exe () -> install.log
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProfitUI Reborn Updater\ProfitUI Reborn Updater.lnk -> C:\Windows\SysWOW64\javaws.exe (Oracle Corporation) -> -localfile "C:\Users\Coop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\3c7a95e-5ae9733b"
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProfitUI Reborn Downloader\ProfitUI Reborn Updater.lnk -> C:\Windows\SysWOW64\javaws.exe (Oracle Corporation) -> -localfile "C:\Users\Coop\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\59901d5a-42db2b68"
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\Belarc\Advisor\System\NPBelv32.dll,RunDll32_ShowLocalPage -p60 -bAdvisor.bcx
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BorgataCasino.lnk -> E:\Borgata\Borgata.exe () -> -P=BorgataCasino
ShortcutWithArgument: C:\Users\Coop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\shutdown_v2.gadget\en-US\script\lock.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> user32.dll, LockWorkStation
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\shutdown_v2.gadget\en-US\script\restart.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -r -t 0
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\shutdown_v2.gadget\en-US\script\shutdown.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -s -t 0
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\shutdown_v2.gadget\de-DE\script\lock.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> user32.dll, LockWorkStation
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\shutdown_v2.gadget\de-DE\script\restart.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -r -t 0
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\shutdown_v2.gadget\de-DE\script\shutdown.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -s -t 0
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System_V2.0.gadget\Hibernate.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> PowrProf,SetSuspendState Hibernate
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System_V2.0.gadget\Logoff.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> user32.dll, LockWorkStation
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System_V2.0.gadget\Restart.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -r -f -t 01
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System_V2.0.gadget\Shutdown.lnk -> C:\Windows\System32\shutdown.exe (Microsoft Corporation) -> -s -f -t 01
ShortcutWithArgument: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Control_System_V2.0.gadget\Standby.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> PowrProf,SetSuspendState
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Public\Desktop\Belarc Advisor.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\Belarc\Advisor\System\NPBelv32.dll,RunDll32_ShowLocalPage -p60 -bAdvisor.bcx

InternetURL: C:\Users\Administrator\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Administrator\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Coop\Favorites\YouTube - Coop's iPhone\youtu.be_pAH4klqLTXg.url -> URL: hxxp://youtu.be/pAH4klqLTXg
InternetURL: C:\Users\Coop\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Coop\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Coop\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Coop\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Coop\Favorites\Netflix\Netflix - TV & movies instantly streamed online + DVD & Blu-ray rentals - Free Trial.url -> URL: hxxp://www.netflix.com/LogoutPage?authURL=1295195520515.47fuNfjLso%2B%2F1mnkBQJv3xpQNEM%3D
InternetURL: C:\Users\Coop\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Coop\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Coop\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Coop\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Coop\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Coop\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\AT&T Mall.url -> URL: file:///windows/ATnTMall.html
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\Chat.url -> URL: hxxp://www.cingular.com/wap/chat
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\Explore Windows Mobile.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=43710
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\MEdia Net.url -> URL: hxxp://home/
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\MSN Mobile.url -> URL: hxxp://mobile.msn.com/pocketpc
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\My Windows Mobile.url -> URL: hxxp://www.mywindowsmobile.com/
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\News.url -> URL: hxxp://www.cingular.com/wap/news
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\Sports.url -> URL: hxxp://www.cingular.com/wap/sports
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\Weather.url -> URL: hxxp://www.cingular.com/wap/weather
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\Windows Mobile Extras.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=78116&clcid=0x409
InternetURL: C:\Users\Coop\Favorites\Mobile Favorites\WindowsMedia.com.url -> URL: hxxp://windowsmedia.com/redir/smartphone.asp
InternetURL: C:\Users\Coop\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Coop\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Coop\Favorites\Microsoft Websites\Marketplace.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=69151
InternetURL: C:\Users\Coop\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Coop\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Coop\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Coop\Favorites\Microsoft Websites\Welcome to IE7.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68919
InternetURL: C:\Users\Coop\Favorites\Links\American Horror Story _ Asylum - Dominique - YouTube.url -> URL: hxxp://m.youtube.com/watch?v=Ie7tnEXDiMY
InternetURL: C:\Users\Coop\Favorites\Links\chemical brothers devil is in the details - Google Search.url -> URL: hxxp://www.google.com/search?q=chemical+brothers+devil+is+in+the+details&ie=UTF-8&oe=UTF-8&hl=en&client=safari
InternetURL: C:\Users\Coop\Favorites\Links\Player's Life Mobile.url -> URL: hxxp://mobile.playerslife.com/#members
InternetURL: C:\Users\Coop\Favorites\Links\Price Is Right Cliffhangers Yodeling Song Sound Clip and Quote - Hark.url -> URL: hxxp://www.hark.com/clips/lvvwtrdnmv-price-is-right-cliffhangers-yodeling-song
InternetURL: C:\Users\Coop\Favorites\Links\SSL VPN Service.url -> BASEURL: hxxps://vpn.ascensus.com/+CSCOE+/logon.html URL: hxxps://vpn.ascensus.com/+CSCOE+/logon.html
InternetURL: C:\Users\Coop\Favorites\Links\The Renew _ Cancel Index - TV Ratings, Nielsen Ratings, Television Show Ratings _ TVbytheNumbers.url -> URL: hxxp://tvbythenumbers.zap2it.com/the-renew-cancel-index/
InternetURL: C:\Users\Coop\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Coop\Favorites\Casinos\ESPN NBA Scores & Schedules.url -> URL: hxxp://m.espn.go.com/nba/scoreboard?w=1ahfn&i=MENU
InternetURL: C:\Users\Coop\Favorites\Casinos\Harrah's.url -> URL: hxxp://mobile.usablenet.com/mt/www.harrahs.com/index.shtml
InternetURL: C:\Users\Coop\Favorites\Casinos\Movies Adult.url -> URL: hxxp://m.cliphunter.com/
InternetURL: C:\Users\Coop\Favorites\Casinos\ProFootballKnockout.url -> URL: hxxp://boomerandcartonprofootballknockout.cbslocal.com/knockout/football/gamesmobile.asp?Week=&Login=1
InternetURL: C:\Users\Coop\Favorites\Casinos\Site.url -> URL: hxxp://www.777sportsline.com/
InternetURL: C:\Users\Coop\Favorites\Auction sites\My eBay All Selling.url -> URL: hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbay&gbh=1&CurrentPage=MyeBayAllSelling&ssPageName=STRK:ME:LNLK:MESX
InternetURL: C:\Users\Coop\Desktop\DiRT 3.url -> URL: steam://rungameid/44320
InternetURL: C:\Users\Coop\Desktop\Half-Life 2 Lost Coast.url -> URL: steam://rungameid/340
InternetURL: C:\Users\Coop\Desktop\Half-Life 2.url -> URL: steam://rungameid/220
InternetURL: C:\Users\Coop\Desktop\Half-Life Blue Shift.url -> URL: steam://rungameid/130
InternetURL: C:\Users\Coop\Desktop\Half-Life.url -> URL: steam://rungameid/70
InternetURL: C:\Users\Coop\Desktop\Haunted Memories.url -> URL: steam://rungameid/241640
InternetURL: C:\Users\Coop\Desktop\Path of Exile.url -> URL: steam://rungameid/238960
InternetURL: C:\Users\Coop\Desktop\Team Fortress 2.url -> URL: steam://rungameid/440
InternetURL: C:\Users\Coop\Desktop\The Elder Scrolls V Skyrim.url -> URL: steam://rungameid/72850
InternetURL: C:\Users\Coop\Desktop\Warframe.url -> URL: steam://rungameid/230410
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVMC\Visit TVMC Online.url -> URL: hxxp://tvaddons.ag
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\DiRT 3.url -> URL: steam://rungameid/44320
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Half-Life 2 Lost Coast.url -> URL: steam://rungameid/340
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Half-Life 2.url -> URL: steam://rungameid/220
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Half-Life Blue Shift.url -> URL: steam://rungameid/130
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Half-Life.url -> URL: steam://rungameid/70
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Haunted Memories.url -> URL: steam://rungameid/241640
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Path of Exile.url -> URL: steam://rungameid/238960
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Warframe.url -> URL: steam://rungameid/230410
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse\Curse Client online support.url -> BASEURL: hxxp://clientsupport.curse.com/ URL: hxxp://clientsupport.curse.com/
InternetURL: C:\Users\Coop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.ccleaner.com/
InternetURL: C:\Users\Coop\AppData\Local\Microsoft\Windows Sidebar\Gadgets\SimplyWeather.gadget\Archive created by free jZip.url -> URL: hxxp://www.jzip.com/archive_link

==================== End of Shortcut.txt =============================
 
#22 ·
19:34:53.0646 0x130c TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31
19:35:32.0486 0x130c ============================================================
19:35:32.0486 0x130c Current date / time: 2016/10/05 19:35:32.0486
19:35:32.0486 0x130c SystemInfo:
19:35:32.0486 0x130c
19:35:32.0486 0x130c OS Version: 6.0.6002 ServicePack: 2.0
19:35:32.0486 0x130c Product type: Workstation
19:35:32.0486 0x130c ComputerName: COOP-PC
19:35:32.0486 0x130c UserName: Coop
19:35:32.0486 0x130c Windows directory: C:\Windows
19:35:32.0486 0x130c System windows directory: C:\Windows
19:35:32.0486 0x130c Running under WOW64
19:35:32.0486 0x130c Processor architecture: Intel x64
19:35:32.0486 0x130c Number of processors: 2
19:35:32.0486 0x130c Page size: 0x1000
19:35:32.0486 0x130c Boot type: Normal boot
19:35:32.0486 0x130c CodeIntegrityOptions = 0x00000001
19:35:32.0486 0x130c ============================================================
19:35:33.0803 0x130c KLMD registered as C:\Windows\system32\drivers\26521798.sys
19:35:33.0803 0x130c KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 6002.19636, osProperties = 0x1
19:35:35.0367 0x130c System UUID: {67E1AB0A-BA44-3F66-D9E2-FBB066B4EE7C}
19:35:36.0198 0x130c Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:35:36.0202 0x130c ============================================================
19:35:36.0202 0x130c \Device\Harddisk0\DR0:
19:35:36.0202 0x130c MBR partitions:
19:35:36.0202 0x130c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC350000
19:35:36.0202 0x130c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x32A8C000
19:35:36.0202 0x130c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3EDDC800, BlocksNum 0x35929800
19:35:36.0202 0x130c ============================================================
19:35:36.0219 0x130c C: <-> \Device\Harddisk0\DR0\Partition1
19:35:36.0249 0x130c D: <-> \Device\Harddisk0\DR0\Partition2
19:35:36.0273 0x130c E: <-> \Device\Harddisk0\DR0\Partition3
19:35:36.0273 0x130c ============================================================
19:35:36.0273 0x130c Initialize success
19:35:36.0273 0x130c ============================================================
20:13:08.0615 0x1274 ============================================================
20:13:08.0615 0x1274 Scan started
20:13:08.0615 0x1274 Mode: Manual; SigCheck;
20:13:08.0615 0x1274 ============================================================
20:13:08.0615 0x1274 KSN ping started
20:13:11.0725 0x1274 KSN ping finished: true
20:13:13.0152 0x1274 ================ Scan system memory ========================
20:13:13.0153 0x1274 System memory - ok
20:13:13.0153 0x1274 ================ Scan services =============================
20:13:13.0270 0x1274 [ CDF91E688D456B9702B2EA72C85F840C, F24CF756C541F11C16A6189E331591987DB12C6EE9A403B7CF0B71B7E09E35CA ] Abyssus C:\Windows\system32\drivers\Abyssus.sys
20:13:13.0395 0x1274 Abyssus - ok
20:13:13.0503 0x1274 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:13:13.0516 0x1274 ACDaemon - ok
20:13:13.0549 0x1274 [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI C:\Windows\system32\drivers\acpi.sys
20:13:13.0566 0x1274 ACPI - ok
20:13:13.0656 0x1274 [ F6CEFEF46986DE02A3AE5D93AE32B5DC, 903EC5A7B40F4F6B2F3378EFFE8DF28667B88061CDF681C44F2E4FE39B62959E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:13:13.0666 0x1274 AdobeARMservice - ok
20:13:13.0782 0x1274 [ 8FC33A20D54FB5CC7FBBA814B4E42A22, 707F61F0CEB9467D9BD1782868403BD53DB46EAB0342772661F370E5174AAD8C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:13:13.0794 0x1274 AdobeFlashPlayerUpdateSvc - ok
20:13:13.0847 0x1274 [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:13:13.0866 0x1274 adp94xx - ok
20:13:13.0917 0x1274 [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:13:13.0933 0x1274 adpahci - ok
20:13:13.0946 0x1274 [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:13:13.0957 0x1274 adpu160m - ok
20:13:13.0978 0x1274 [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:13:13.0989 0x1274 adpu320 - ok
20:13:14.0008 0x1274 [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:13:14.0040 0x1274 AeLookupSvc - ok
20:13:14.0078 0x1274 [ 8C771D6FBEE9D6F2E7DDE165940CB513, 1DDD7B495D12446F7FF206102D64D92D063C84EEA8D2F015F727721DC970BBE1 ] AFD C:\Windows\system32\drivers\afd.sys
20:13:14.0111 0x1274 AFD - ok
20:13:14.0127 0x1274 [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:13:14.0138 0x1274 agp440 - ok
20:13:14.0157 0x1274 [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:13:14.0168 0x1274 aic78xx - ok
20:13:14.0181 0x1274 [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG C:\Windows\System32\alg.exe
20:13:14.0230 0x1274 ALG - ok
20:13:14.0253 0x1274 [ 157D0898D4B73F075CE9FA26B482DF98, 84C3E163D7393FD306842F155C88A50B7D8AE88B59586F9014DB76B749CC33D5 ] aliide C:\Windows\system32\drivers\aliide.sys
20:13:14.0262 0x1274 aliide - ok
20:13:14.0326 0x1274 [ 66B54471B5856E314947881E28263A6D, 2D60706B52A2CE98FF806337D62CD010C1DEB2AEDDF899C7B67173928B2D7C4C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:13:14.0357 0x1274 AMD External Events Utility - ok
20:13:14.0372 0x1274 [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide C:\Windows\system32\drivers\amdide.sys
20:13:14.0380 0x1274 amdide - ok
20:13:14.0398 0x1274 [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:13:14.0423 0x1274 AmdK8 - ok
20:13:16.0399 0x1274 [ FBB35875FEFE53D4280259842069ED72, B1A1B5799A6C50C244182CD201A1E9FCB7BE3B5ED4BB2E2E6BCF8E1BF53B75DB ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:13:16.0922 0x1274 amdkmdag - ok
20:13:17.0041 0x1274 [ A32BCAD9377E3B75D034CAFBA463A0AE, F504895D9C9CD1B4607806BCAF15A1CBFBAC2E5824903277A1350C9F35045602 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:13:17.0073 0x1274 amdkmdap - ok
20:13:17.0114 0x1274 [ 7C8ECAAD76EA1D076A450C8303D9BD98, 90904B2BE380A51BDCEDADA530214CE5321C06456E10F5985B40E3282902BEF6 ] Appinfo C:\Windows\System32\appinfo.dll
20:13:17.0130 0x1274 Appinfo - ok
20:13:17.0209 0x1274 [ 3E7C6639E424FD28952C29D66B7E5277, B10AD3FA5CB36328C5DF33AF58F76770E2B54CFBCB70BD84934F925B8E19FA1F ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:13:17.0230 0x1274 Apple Mobile Device Service - ok
20:13:17.0258 0x1274 [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc C:\Windows\system32\drivers\arc.sys
20:13:17.0269 0x1274 arc - ok
20:13:17.0289 0x1274 [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:13:17.0300 0x1274 arcsas - ok
20:13:17.0344 0x1274 [ 8065A7659562005127673AC52898675F, B48A309EE0960DA3CAAAAF1E794E8C409993AEB3A2B64809F36B97AAC8A1E62A ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
20:13:17.0352 0x1274 AsIO - ok
20:13:17.0423 0x1274 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:13:17.0436 0x1274 aspnet_state - ok
20:13:17.0464 0x1274 [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:13:17.0489 0x1274 AsyncMac - ok
20:13:17.0524 0x1274 [ E68D9B3A3905619732F7FE039466A623, 74C0B29E54EF064660B9C756E03D5A7EB78F261EFF768EB6E74D261FBD34340D ] atapi C:\Windows\system32\drivers\atapi.sys
20:13:17.0533 0x1274 atapi - ok
20:13:17.0584 0x1274 [ 6429973B663AEAE69643F3926EFB5480, 5130430FFDD5811FA5FCB3010F1712E7CD0A9B3F9B65196830AA1E8B0F489978 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
20:13:17.0610 0x1274 AtiHDAudioService - ok
20:13:17.0659 0x1274 [ 4FCE8096191D260028FB6585A4159D6F, FCCB53A93CE69C8A21B61A4DE678AB3A59A55828BCA655D5E5AB6B08CE6FB412 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:13:17.0693 0x1274 AudioEndpointBuilder - ok
20:13:17.0732 0x1274 [ 4FCE8096191D260028FB6585A4159D6F, FCCB53A93CE69C8A21B61A4DE678AB3A59A55828BCA655D5E5AB6B08CE6FB412 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:13:17.0751 0x1274 AudioSrv - ok
20:13:17.0816 0x1274 [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE C:\Windows\System32\bfe.dll
20:13:17.0843 0x1274 BFE - ok
20:13:17.0904 0x1274 [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS C:\Windows\System32\qmgr.dll
20:13:17.0955 0x1274 BITS - ok
20:13:17.0971 0x1274 [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:13:17.0996 0x1274 blbdrive - ok
20:13:18.0031 0x1274 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:13:18.0051 0x1274 Bonjour Service - ok
20:13:18.0085 0x1274 [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:13:18.0105 0x1274 bowser - ok
20:13:18.0120 0x1274 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:13:18.0138 0x1274 BrFiltLo - ok
20:13:18.0152 0x1274 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:13:18.0170 0x1274 BrFiltUp - ok
20:13:18.0188 0x1274 [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser C:\Windows\System32\browser.dll
20:13:18.0214 0x1274 Browser - ok
20:13:18.0244 0x1274 [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:13:18.0335 0x1274 Brserid - ok
20:13:18.0359 0x1274 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:13:18.0394 0x1274 BrSerWdm - ok
20:13:18.0403 0x1274 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:13:18.0439 0x1274 BrUsbMdm - ok
20:13:18.0454 0x1274 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:13:18.0490 0x1274 BrUsbSer - ok
20:13:18.0537 0x1274 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
20:13:18.0646 0x1274 BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
20:13:18.0756 0x1274 Detect skipped due to KSN trusted
20:13:18.0756 0x1274 BrYNSvc - ok
20:13:18.0780 0x1274 [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:13:18.0816 0x1274 BTHMODEM - ok
20:13:18.0836 0x1274 [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:13:18.0862 0x1274 cdfs - ok
20:13:18.0895 0x1274 [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:13:18.0914 0x1274 cdrom - ok
20:13:18.0940 0x1274 [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc C:\Windows\System32\certprop.dll
20:13:18.0959 0x1274 CertPropSvc - ok
20:13:18.0972 0x1274 [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass C:\Windows\system32\drivers\circlass.sys
20:13:18.0997 0x1274 circlass - ok
20:13:19.0025 0x1274 [ D44BA2F707838E0FEF35BCEC5CBD9D60, A9E85E801B0B08F7E5AD6206C61F36E42B4A99878D8AA66EAD8B4E667E50D813 ] CLFS C:\Windows\system32\CLFS.sys
20:13:19.0060 0x1274 CLFS - ok
20:13:19.0112 0x1274 [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:13:19.0124 0x1274 clr_optimization_v2.0.50727_32 - ok
20:13:19.0160 0x1274 [ 753049933D5326D835F4FCACDF4AD5E3, 715BEE09C19BCBCAD2A93E4725DB3A1FDD8E2FEFFF6E0C3D2F98FC607FED5D3A ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:13:19.0172 0x1274 clr_optimization_v2.0.50727_64 - ok
20:13:19.0225 0x1274 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:13:19.0249 0x1274 clr_optimization_v4.0.30319_32 - ok
20:13:19.0266 0x1274 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:13:19.0279 0x1274 clr_optimization_v4.0.30319_64 - ok
20:13:19.0309 0x1274 [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:13:19.0318 0x1274 cmdide - ok
20:13:19.0383 0x1274 [ 62B8EC0CB4C2E4AFB2207E5A8DDE48DC, 07601B7384B9EB0242588EC1FEBE445D9A7E2DFE07BA7F78D8D3E431F7305E47 ] cmudaxp C:\Windows\system32\drivers\cmudaxp.sys
20:13:19.0441 0x1274 cmudaxp - ok
20:13:19.0470 0x1274 [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:13:19.0480 0x1274 Compbatt - ok
20:13:19.0483 0x1274 COMSysApp - ok
20:13:19.0535 0x1274 [ C08063F052308B6F5882482615387F30, 523D1D43E896077F32CD9ACAA8E85B513BFB7B013A625E56F0D4E9675D9822BA ] cpuz135 C:\Windows\system32\drivers\cpuz135_x64.sys
20:13:19.0543 0x1274 cpuz135 - ok
20:13:19.0553 0x1274 [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:13:19.0563 0x1274 crcdisk - ok
20:13:19.0583 0x1274 [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:13:19.0603 0x1274 CryptSvc - ok
20:13:19.0625 0x1274 [ 082F92EA9E8F1E5995E5599F74E2ACC7, 5344C55F80C608B8497F0C550F0C03BE8891D3E9D376A38C08380D2598B8B06C ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
20:13:19.0637 0x1274 CT20XUT - ok
20:13:19.0644 0x1274 [ 082F92EA9E8F1E5995E5599F74E2ACC7, 5344C55F80C608B8497F0C550F0C03BE8891D3E9D376A38C08380D2598B8B06C ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
20:13:19.0654 0x1274 CT20XUT.SYS - ok
20:13:19.0691 0x1274 [ A76EE7F62F578091693C9A7C57BB858E, F81CE0000E6A777F74F7F522BDC67A071056485850F9DDC3333EFFD5E0233F5E ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
20:13:19.0714 0x1274 ctac32k - ok
20:13:19.0749 0x1274 [ 380A277688E1D234F485ECEEC29AFF17, CB8338ECA69EF50DB0BF1B15DA70DC6583807F16E02698BB2E77832731953616 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
20:13:19.0777 0x1274 ctaud2k - ok
20:13:19.0856 0x1274 [ 60A839C14A5837CB98D060B4F2A45FF9, DE5D761408B93D814AAD89E427DD4CD3616DDF04EB68B5C5800630EAB9FDCAAD ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
20:13:19.0907 0x1274 CTEXFIFX - ok
20:13:19.0939 0x1274 [ 60A839C14A5837CB98D060B4F2A45FF9, DE5D761408B93D814AAD89E427DD4CD3616DDF04EB68B5C5800630EAB9FDCAAD ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
20:13:19.0977 0x1274 CTEXFIFX.SYS - ok
20:13:20.0004 0x1274 [ 2668BDD81B2264FEE3C2D3F0E8BD1533, F76ED5D874BDCD3E9129743B6ED07B8686C1D5EDF6F1830FBA44C3A8295517F0 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
20:13:20.0013 0x1274 CTHWIUT - ok
20:13:20.0018 0x1274 [ 2668BDD81B2264FEE3C2D3F0E8BD1533, F76ED5D874BDCD3E9129743B6ED07B8686C1D5EDF6F1830FBA44C3A8295517F0 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
20:13:20.0028 0x1274 CTHWIUT.SYS - ok
20:13:20.0039 0x1274 [ B96F094F2B2EDE028E5A1D3D1AA61E1B, BE2680E5EF7CF406B67A9F460C09376B173FCC63E64820A456B374827F049F15 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
20:13:20.0047 0x1274 ctprxy2k - ok
20:13:20.0062 0x1274 [ 1D638CE712E9D05E1410F1B3ADB415CF, D659C328BE5F280920C9E7A6307D73AA7C9095C0342229DDF0FFB2AFC01E95D6 ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
20:13:20.0074 0x1274 ctsfm2k - ok
20:13:20.0142 0x1274 [ 914A7156B0C0F10BE645A02E13F576B2, C8686CE4DD9C457D56D5535307FD210AE057BFF94AC59665681DA6CF46DBE2E8 ] DAUpdaterSvc E:\Program Files (x86)\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
20:13:20.0166 0x1274 DAUpdaterSvc - ok
20:13:20.0225 0x1274 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch C:\Windows\system32\rpcss.dll
20:13:20.0265 0x1274 DcomLaunch - ok
20:13:20.0289 0x1274 [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:13:20.0320 0x1274 DfsC - ok
20:13:20.0559 0x1274 [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR C:\Windows\system32\DFSR.exe
20:13:20.0710 0x1274 DFSR - ok
20:13:20.0760 0x1274 [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:13:20.0785 0x1274 Dhcp - ok
20:13:20.0810 0x1274 [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk C:\Windows\system32\drivers\disk.sys
20:13:20.0821 0x1274 disk - ok
20:13:20.0855 0x1274 [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:13:20.0881 0x1274 Dnscache - ok
20:13:20.0910 0x1274 [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc C:\Windows\System32\dot3svc.dll
20:13:20.0933 0x1274 dot3svc - ok
20:13:20.0973 0x1274 [ 74C02B1717740C3B8039539E23E4B53F, FF17BC1DAAE92C99D17EAE5C43FCFCC4B76E390D05EE2C603E5579C78A5536F0 ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
20:13:21.0001 0x1274 Dot4 - ok
20:13:21.0027 0x1274 [ 08321D1860235BF42CF2854234337AEA, 39BD593B373A43C34FDDE283BA17F8127558036E8B5604D7C7091BC99CA9D739 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:13:21.0051 0x1274 Dot4Print - ok
20:13:21.0079 0x1274 [ 4ADCCF0124F2B6911D3786A5D0E779E5, 950B6FA2B9ABF353036A64133ED441EF58EEE36DC4BF5D5C4FFB71796438B5AA ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
20:13:21.0103 0x1274 dot4usb - ok
20:13:21.0138 0x1274 [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS C:\Windows\system32\dps.dll
20:13:21.0165 0x1274 DPS - ok
20:13:21.0196 0x1274 [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:13:21.0219 0x1274 drmkaud - ok
20:13:21.0277 0x1274 [ 51991007674FB3548BE592F5071E747C, 4F73EBBAD41689057FC4CDB1570BA1C668A906722D302E00D87FACF024B514FC ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:13:21.0322 0x1274 DXGKrnl - ok
20:13:21.0351 0x1274 [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
20:13:21.0378 0x1274 E1G60 - ok
20:13:21.0422 0x1274 [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost C:\Windows\System32\eapsvc.dll
20:13:21.0450 0x1274 EapHost - ok
20:13:21.0481 0x1274 [ 665E1507E129DC598C6EB390A10AC05B, 851018D4DB6E80FC27445EA13B8AADC340746CB6E71908F9B05EB094C4BB78D9 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:13:21.0511 0x1274 Ecache - ok
20:13:21.0610 0x1274 [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:13:21.0635 0x1274 ehRecvr - ok
20:13:21.0648 0x1274 [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched C:\Windows\ehome\ehsched.exe
20:13:21.0661 0x1274 ehSched - ok
20:13:21.0684 0x1274 [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart C:\Windows\ehome\ehstart.dll
20:13:21.0697 0x1274 ehstart - ok
20:13:21.0718 0x1274 [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:13:21.0738 0x1274 elxstor - ok
20:13:21.0781 0x1274 [ E10597CED1246F81C87F00E67E7C6855, 67B5A552D5988FD20C35FC5AEF557456C73CB3DAC88E7735A3E15E7F3B6C0D73 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:13:21.0807 0x1274 EMDMgmt - ok
20:13:21.0847 0x1274 [ 7027CF2725F1D37755D6F76E99D3726F, 3E3D8DFA4EA666074AEA9207555427E9275BCEB4B383AD8A39045EF3772CB836 ] emupia C:\Windows\system32\drivers\emupia2k.sys
20:13:21.0856 0x1274 emupia - ok
20:13:21.0869 0x1274 [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:13:21.0892 0x1274 ErrDev - ok
20:13:21.0929 0x1274 [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem C:\Windows\system32\es.dll
20:13:21.0957 0x1274 EventSystem - ok
20:13:21.0981 0x1274 [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat C:\Windows\system32\drivers\exfat.sys
20:13:21.0999 0x1274 exfat - ok
20:13:22.0022 0x1274 [ 1E34B436811CCA4A2783C0BC7A0BEB2E, 7C9496100DEA53FBADDA8B1EFF9F943FD13E75601A039632887A35F190C1F799 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:13:22.0040 0x1274 fastfat - ok
20:13:22.0047 0x1274 [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:13:22.0071 0x1274 fdc - ok
20:13:22.0079 0x1274 [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost C:\Windows\system32\fdPHost.dll
20:13:22.0103 0x1274 fdPHost - ok
20:13:22.0114 0x1274 [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub C:\Windows\system32\fdrespub.dll
20:13:22.0150 0x1274 FDResPub - ok
20:13:22.0159 0x1274 [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:13:22.0171 0x1274 FileInfo - ok
20:13:22.0179 0x1274 [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:13:22.0203 0x1274 Filetrace - ok
20:13:22.0214 0x1274 [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:22.0238 0x1274 flpydisk - ok
20:13:22.0268 0x1274 [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:13:22.0284 0x1274 FltMgr - ok
20:13:22.0349 0x1274 [ DE26C43A170809645297C1B479B7F791, C76AAA07E6C4DD3E9C2035D88F63549D6A32C04329640617959BF86F50AEF735 ] FontCache C:\Windows\system32\FntCache.dll
20:13:22.0390 0x1274 FontCache - ok
20:13:22.0435 0x1274 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:13:22.0444 0x1274 FontCache3.0.0.0 - ok
20:13:22.0470 0x1274 [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:13:22.0484 0x1274 Fs_Rec - ok
20:13:22.0493 0x1274 [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:13:22.0505 0x1274 gagp30kx - ok
20:13:22.0538 0x1274 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:13:22.0546 0x1274 GEARAspiWDM - ok
20:13:22.0603 0x1274 GeoComplyUpdate - ok
20:13:22.0608 0x1274 GeoComplyUpdateM - ok
20:13:22.0641 0x1274 [ D2D54891B2CAB5C9B8EA4081A093E04A, 2916C140AB571D28DA23C2C746B7FFEF6986B7F39AB4285AAC05A5E6B358A5BD ] gpsvc C:\Windows\System32\gpsvc.dll
20:13:22.0674 0x1274 gpsvc - ok
20:13:22.0730 0x1274 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:13:22.0742 0x1274 gupdate - ok
20:13:22.0748 0x1274 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:13:22.0758 0x1274 gupdatem - ok
20:13:22.0826 0x1274 [ 6E260E60D9E1BA8C5E282397B0BE8C32, DC77B9A34EF77E0C57E29897AA57BAF1A4AE9FAD6E9ABF607BEAA457F7B880D2 ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
20:13:22.0886 0x1274 ha20x2k - ok
20:13:22.0925 0x1274 [ 68E732382B32417FF61FD663259B4B09, 10C5365AEAC46DF4F5F6A8F96D15141B4709851D4752613233E57EB20CE16446 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:13:22.0946 0x1274 HdAudAddService - ok
20:13:22.0990 0x1274 [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:13:23.0038 0x1274 HDAudBus - ok
20:13:23.0079 0x1274 [ 68214C82FA6222591873677A72DF2A66, 056B85D19CEEE763D6616898F5F16BFD6F0D626B24DBD24DBC84037F1480D907 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:13:23.0111 0x1274 HidBatt - ok
20:13:23.0125 0x1274 [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:13:23.0161 0x1274 HidBth - ok
20:13:23.0172 0x1274 [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:13:23.0207 0x1274 HidIr - ok
20:13:23.0242 0x1274 [ 207C7ED27BA6ADD3985A90671C931B55, CD059A9BE8A4FEAF88A647BB1BD47A1BF3550818C3C4247817A0A02F86221F98 ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
20:13:23.0254 0x1274 hidkmdf - ok
20:13:23.0277 0x1274 [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv C:\Windows\System32\hidserv.dll
20:13:23.0296 0x1274 hidserv - ok
20:13:23.0316 0x1274 [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:13:23.0338 0x1274 HidUsb - ok
20:13:23.0363 0x1274 [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:13:23.0389 0x1274 hkmsvc - ok
20:13:23.0406 0x1274 [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:13:23.0416 0x1274 HpCISSs - ok
20:13:23.0457 0x1274 [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:13:23.0490 0x1274 HTTP - ok
20:13:23.0522 0x1274 [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:13:23.0531 0x1274 i2omp - ok
20:13:23.0561 0x1274 [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:13:23.0580 0x1274 i8042prt - ok
20:13:23.0597 0x1274 [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:13:23.0613 0x1274 iaStorV - ok
20:13:23.0664 0x1274 [ A9AA69F749AC1D318151E77372CC83DB, 2A50A4D6ED22F5F6CB5DC56A639D904AD71E511DC744A6F6C3D1D4D39756AF31 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:13:23.0698 0x1274 idsvc - ok
20:13:23.0733 0x1274 [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:13:23.0742 0x1274 iirsp - ok
20:13:23.0761 0x1274 [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT C:\Windows\System32\ikeext.dll
20:13:23.0785 0x1274 IKEEXT - ok
20:13:23.0820 0x1274 [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide C:\Windows\system32\drivers\intelide.sys
20:13:23.0830 0x1274 intelide - ok
20:13:23.0839 0x1274 [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:13:23.0864 0x1274 intelppm - ok
20:13:23.0889 0x1274 [ 5624BC1BC5EEB49C0AB76A8114F05EA3, BD5AA534D8A923AF4D205EEC6DA55A3DC5F915E5F3223BF23F24C09824FA90B6 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:13:23.0918 0x1274 IPBusEnum - ok
20:13:23.0940 0x1274 [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:23.0959 0x1274 IpFilterDriver - ok
20:13:23.0993 0x1274 [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:13:24.0011 0x1274 iphlpsvc - ok
20:13:24.0014 0x1274 IpInIp - ok
20:13:24.0024 0x1274 [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:13:24.0050 0x1274 IPMIDRV - ok
20:13:24.0066 0x1274 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:13:24.0100 0x1274 IPNAT - ok
20:13:24.0155 0x1274 [ 0BE777523E5CB0E4F2CA2135DB4C60C8, 979BBAC7EAD3F5C913155BC12BB1B87D1EFD39D92293195D50805D657ABECC6D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:13:24.0188 0x1274 iPod Service - ok
20:13:24.0216 0x1274 [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:13:24.0250 0x1274 IRENUM - ok
20:13:24.0265 0x1274 [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:13:24.0275 0x1274 isapnp - ok
20:13:24.0321 0x1274 [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:13:24.0334 0x1274 iScsiPrt - ok
20:13:24.0346 0x1274 [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:13:24.0357 0x1274 iteatapi - ok
20:13:24.0384 0x1274 [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:13:24.0393 0x1274 iteraid - ok
20:13:24.0408 0x1274 [ 8BC914191A15F1AA55D686EBFAC81EE7, E37E48D22B1D2C3585F439FE0136019F97011C07C8C54DEE93A4C089C42C01E9 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys
20:13:24.0434 0x1274 JRAID - ok
20:13:24.0466 0x1274 [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:13:24.0491 0x1274 kbdclass - ok
20:13:24.0508 0x1274 [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:13:24.0534 0x1274 kbdhid - ok
20:13:24.0585 0x1274 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso C:\Windows\system32\lsass.exe
20:13:24.0600 0x1274 KeyIso - ok
20:13:24.0693 0x1274 [ A724294640D84234FAC1E02E80ECBC34, 9BA16E1109579FA1C871C22D33C56318DBA22E43E1E82416EDABC7EB3DBAF43D ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:13:24.0718 0x1274 KSecDD - ok
20:13:24.0735 0x1274 [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:13:24.0759 0x1274 ksthunk - ok
20:13:24.0826 0x1274 [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:13:24.0861 0x1274 KtmRm - ok
20:13:24.0893 0x1274 [ 073508533E422CE8BCEE234EB35CEEBF, BA7383967BC87AA725AADF1DF12B23510A0FBBBDEC2ED1E2110FB4618C77130B ] L1E C:\Windows\system32\DRIVERS\L1E60x64.sys
20:13:24.0906 0x1274 L1E - ok
20:13:24.0933 0x1274 [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:13:24.0960 0x1274 LanmanServer - ok
20:13:24.0996 0x1274 [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:13:25.0015 0x1274 LanmanWorkstation - ok
20:13:25.0032 0x1274 [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:13:25.0057 0x1274 lltdio - ok
20:13:25.0075 0x1274 [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:13:25.0106 0x1274 lltdsvc - ok
20:13:25.0113 0x1274 [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts C:\Windows\System32\lmhsvc.dll
20:13:25.0139 0x1274 lmhosts - ok
20:13:25.0152 0x1274 [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:13:25.0174 0x1274 LSI_FC - ok
20:13:25.0185 0x1274 [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:13:25.0197 0x1274 LSI_SAS - ok
20:13:25.0211 0x1274 [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:13:25.0222 0x1274 LSI_SCSI - ok
20:13:25.0235 0x1274 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv C:\Windows\system32\drivers\luafv.sys
20:13:25.0262 0x1274 luafv - ok
20:13:25.0294 0x1274 [ 79D51E7F5926E8CE1B3EBECEBAE28CFF, 2722E217AF11F928E58F694E5C1CC5776283A56C54E7F84401FECFBD73E91EBA ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
20:13:25.0321 0x1274 mcdbus - ok
20:13:25.0358 0x1274 [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:13:25.0370 0x1274 Mcx2Svc - ok
20:13:25.0380 0x1274 [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas C:\Windows\system32\drivers\megasas.sys
20:13:25.0390 0x1274 megasas - ok
20:13:25.0409 0x1274 [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:13:25.0429 0x1274 MegaSR - ok
20:13:25.0454 0x1274 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS C:\Windows\system32\mmcss.dll
20:13:25.0479 0x1274 MMCSS - ok
20:13:25.0488 0x1274 [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem C:\Windows\system32\drivers\modem.sys
20:13:25.0512 0x1274 Modem - ok
20:13:25.0546 0x1274 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:13:25.0579 0x1274 monitor - ok
20:13:25.0598 0x1274 [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:13:25.0616 0x1274 mouclass - ok
20:13:25.0634 0x1274 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:13:25.0666 0x1274 mouhid - ok
20:13:25.0697 0x1274 [ 108DE0E4E7B0F53F5764F9A241F7A4E6, 0D7688E322FE1DD21BAC1324DC9F27D1007E8417717A0EF8637768D318654CDA ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:13:25.0720 0x1274 MountMgr - ok
20:13:25.0761 0x1274 [ CBCC3A1E47A664CCCBC7A25081C4D88B, BDE4510CED8EF3BB091118FEA8AEB61F0DB402C9B53615A4824896DF9DE3030E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:13:25.0774 0x1274 MozillaMaintenance - ok
20:13:25.0818 0x1274 [ DA0FAEE45D6F03D7647851A20977A7D0, AFB1EA053CD4BCA903868896D020205D4C207C85314E6C56C4663922A3F9BD6A ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:13:25.0838 0x1274 MpFilter - ok
20:13:25.0858 0x1274 [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio C:\Windows\system32\drivers\mpio.sys
20:13:25.0870 0x1274 mpio - ok
20:13:25.0881 0x1274 [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:13:25.0902 0x1274 mpsdrv - ok
20:13:25.0946 0x1274 [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:13:25.0983 0x1274 MpsSvc - ok
20:13:25.0992 0x1274 [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:13:26.0001 0x1274 Mraid35x - ok
20:13:26.0046 0x1274 [ 0F09F5686FD2025C1607B3CA301E3D28, 04F96858C82EDF636F0C8CF8F2286D3A1229BBC9F06C2AFA7BDB9D5DC5BD69BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:13:26.0071 0x1274 MRxDAV - ok
20:13:26.0124 0x1274 [ B31DB7D6E624479EA20FEE17E712A44C, E316244BD83698793A66EA185BE1395827C7A9D5B73B60592BBF6413BFCF52F1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:26.0141 0x1274 mrxsmb - ok
20:13:26.0163 0x1274 [ 2EB4A3EDA9FBECEC53CA2BB0853E2B66, 0DBA1CB6A9A97E9406111F724F82A009B9492A4D602FCD288FB907830E070E0E ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:26.0180 0x1274 mrxsmb10 - ok
20:13:26.0187 0x1274 [ 3F979D9CE02323CB3EBD15174732C8C1, 2B8301222B582012A86B85F45374E3B1A562D1EC61DE6A3F5AF611C3B38F409C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:26.0200 0x1274 mrxsmb20 - ok
20:13:26.0211 0x1274 [ 1AC860612B85D8E85EE257D372E39F4D, 74682CCE44BCEE31BCA286D4F4E53B64CAAE244155F2B4C8FEB6AE7C391CA89D ] msahci C:\Windows\system32\drivers\msahci.sys
20:13:26.0221 0x1274 msahci - ok
20:13:26.0247 0x1274 [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:13:26.0259 0x1274 msdsm - ok
20:13:26.0284 0x1274 [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC C:\Windows\System32\msdtc.exe
20:13:26.0310 0x1274 MSDTC - ok
20:13:26.0327 0x1274 [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:13:26.0350 0x1274 Msfs - ok
20:13:26.0366 0x1274 [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:13:26.0376 0x1274 msisadrv - ok
20:13:26.0400 0x1274 [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:13:26.0427 0x1274 MSiSCSI - ok
20:13:26.0430 0x1274 msiserver - ok
20:13:26.0449 0x1274 [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:13:26.0473 0x1274 MSKSSRV - ok
20:13:26.0550 0x1274 [ C66FE30BBA4604A06EE9E4180ABE4BD9, 43E60C15C05FF19082142BB9D1F29D1B3269AD4A7FB32AF109AE63FE5A6AA0A9 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:13:26.0563 0x1274 MsMpSvc - ok
20:13:26.0631 0x1274 [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:26.0675 0x1274 MSPCLOCK - ok
20:13:26.0708 0x1274 [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:13:26.0743 0x1274 MSPQM - ok
20:13:26.0782 0x1274 [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:13:26.0799 0x1274 MsRPC - ok
20:13:26.0812 0x1274 [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:13:26.0822 0x1274 mssmbios - ok
20:13:26.0833 0x1274 [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:13:26.0858 0x1274 MSTEE - ok
20:13:26.0901 0x1274 [ 6936198F2CC25B39CF5262436C80DF46, 20205040A5E0AFE5F94AC226D2DD8BF89029F62C7E7AF6D4B048D3D4D5827A8F ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
20:13:26.0909 0x1274 MTsensor - ok
20:13:26.0917 0x1274 [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup C:\Windows\system32\Drivers\mup.sys
20:13:26.0928 0x1274 Mup - ok
20:13:26.0961 0x1274 [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent C:\Windows\system32\qagentRT.dll
20:13:27.0004 0x1274 napagent - ok
20:13:27.0024 0x1274 [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:13:27.0043 0x1274 NativeWifiP - ok
20:13:27.0091 0x1274 [ 54803EAE413ED3AB97976674B0EF122A, B06D419B84EA1FB9EA218D5379F2DD32B0739D029A51DD75CA74C01F25BAA806 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:13:27.0127 0x1274 NDIS - ok
20:13:27.0149 0x1274 [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:27.0167 0x1274 NdisTapi - ok
20:13:27.0185 0x1274 [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:27.0209 0x1274 Ndisuio - ok
20:13:27.0237 0x1274 [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:27.0259 0x1274 NdisWan - ok
20:13:27.0271 0x1274 [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:13:27.0291 0x1274 NDProxy - ok
20:13:27.0304 0x1274 [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:13:27.0329 0x1274 NetBIOS - ok
20:13:27.0357 0x1274 [ 2EE680D31D685C0DB4F6D5A68F418A96, 27A41F194BA54BC5B27E063AEAB465862A9F73A86AF7B81646E0E08A4FC3510D ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:13:27.0384 0x1274 netbt - ok
20:13:27.0393 0x1274 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon C:\Windows\system32\lsass.exe
20:13:27.0404 0x1274 Netlogon - ok
20:13:27.0481 0x1274 [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman C:\Windows\System32\netman.dll
20:13:27.0518 0x1274 Netman - ok
20:13:27.0542 0x1274 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:13:27.0556 0x1274 NetMsmqActivator - ok
20:13:27.0567 0x1274 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:13:27.0580 0x1274 NetPipeActivator - ok
20:13:27.0598 0x1274 [ 7846D0136CC2B264926A73047BA7688A, 6F56CC1B17095C378D98B58A92F9EDA2D009529DDB6F60E815D85C7606C8EDC0 ] netprofm C:\Windows\System32\netprofm.dll
20:13:27.0630 0x1274 netprofm - ok
20:13:27.0702 0x1274 [ FB63EAFE6254D5D73F625AA8A1BF9EB9, 4CA1DE0465915116E2C5704BF93B7666779CC2A66CC30C12ACDC38A961CD580E ] netr28uX C:\Windows\system32\DRIVERS\netr28ux.sys
20:13:27.0765 0x1274 netr28uX - ok
20:13:27.0774 0x1274 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:13:27.0787 0x1274 NetTcpActivator - ok
20:13:27.0795 0x1274 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:13:27.0808 0x1274 NetTcpPortSharing - ok
20:13:27.0825 0x1274 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:13:27.0837 0x1274 nfrd960 - ok
20:13:27.0859 0x1274 [ 6D79C8CB73187FBEAAD1F680FADF98D3, 0075B2CCC4FFF929023F95686D7BBE32C0FCE05DEB2159C0784AF85D64E1B66E ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:13:27.0875 0x1274 NisDrv - ok
20:13:27.0916 0x1274 [ B8F4F580638373FBF72F2B572446D294, A5CD9ABCA5CDC335D2C6FDCB81327B600150E45BB867B88859A00AF974B42F85 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
20:13:27.0937 0x1274 NisSrv - ok
20:13:27.0971 0x1274 [ 9DC33E66BB7E6470BFE8AA9EF5FBED43, 23E583B264BBD7933E3A000F00D646ABE526D1068C41BC24CF93739529FCA339 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:13:27.0989 0x1274 NlaSvc - ok
20:13:28.0007 0x1274 nlsX86cc - ok
20:13:28.0028 0x1274 [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:13:28.0046 0x1274 Npfs - ok
20:13:28.0057 0x1274 [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi C:\Windows\system32\nsisvc.dll
20:13:28.0082 0x1274 nsi - ok
20:13:28.0093 0x1274 [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:13:28.0117 0x1274 nsiproxy - ok
20:13:28.0174 0x1274 [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:13:28.0236 0x1274 Ntfs - ok
20:13:28.0256 0x1274 [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null C:\Windows\system32\drivers\Null.sys
20:13:28.0280 0x1274 Null - ok
20:13:28.0299 0x1274 [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:13:28.0311 0x1274 nvraid - ok
20:13:28.0321 0x1274 [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:13:28.0332 0x1274 nvstor - ok
20:13:28.0343 0x1274 [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:13:28.0354 0x1274 nv_agp - ok
20:13:28.0359 0x1274 NwlnkFlt - ok
20:13:28.0363 0x1274 NwlnkFwd - ok
20:13:28.0522 0x1274 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:13:28.0541 0x1274 odserv - ok
20:13:28.0584 0x1274 [ B5B1CE65AC15BBD11C0619E3EF7CFC28, E9AA27724A7576D1869FF861A498DB8AF79A7B297F10272F1D63E6CB88CD455B ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:13:28.0603 0x1274 ohci1394 - ok
20:13:28.0642 0x1274 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:13:28.0653 0x1274 ose - ok
20:13:28.0683 0x1274 [ DD6F358B05F3E2BF4BB0A17CF72534C6, E7ACA5E17157927432D5E19F1366C4AE4B4F401B366BD269FB27E5B45C5385ED ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
20:13:28.0694 0x1274 ossrv - ok
20:13:28.0762 0x1274 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:13:28.0800 0x1274 p2pimsvc - ok
20:13:28.0829 0x1274 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc C:\Windows\system32\p2psvc.dll
20:13:28.0877 0x1274 p2psvc - ok
20:13:28.0931 0x1274 [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport C:\Windows\system32\drivers\parport.sys
20:13:28.0980 0x1274 Parport - ok
20:13:29.0009 0x1274 [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:13:29.0023 0x1274 partmgr - ok
20:13:29.0047 0x1274 [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc C:\Windows\System32\pcasvc.dll
20:13:29.0063 0x1274 PcaSvc - ok
20:13:29.0088 0x1274 [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci C:\Windows\system32\drivers\pci.sys
20:13:29.0106 0x1274 pci - ok
20:13:29.0136 0x1274 [ 2657F6C0B78C36D95034BE109336E382, C85CFDA57A64B7CC1BB09225C2F81629CEF21C5F25735B098F214397D6DE0D2C ] pciide C:\Windows\system32\drivers\pciide.sys
20:13:29.0146 0x1274 pciide - ok
20:13:29.0198 0x1274 [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:13:29.0224 0x1274 pcmcia - ok
20:13:29.0273 0x1274 [ AF7CE12C4F3DC8CB2B07685C916BBCFE, 1AF47113778D411BF3CF82ACF428676908121B1F3252133A5F98E188ED1E9C6C ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
20:13:29.0286 0x1274 pcouffin - ok
20:13:29.0313 0x1274 [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:13:29.0369 0x1274 PEAUTH - ok
20:13:29.0423 0x1274 [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:13:29.0457 0x1274 PerfHost - ok
20:13:29.0519 0x1274 [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla C:\Windows\system32\pla.dll
20:13:29.0591 0x1274 pla - ok
20:13:29.0706 0x1274 [ 2487C10BFE1CD715428E3385BB8E7E14, 7B533E824C056D4F8B0B6782AF9B19BAB38681C600AC2D30E271A8DE2B232B82 ] Player Location Check C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe
20:13:29.0835 0x1274 Player Location Check - ok
20:13:29.0873 0x1274 [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:13:29.0930 0x1274 PlugPlay - ok
20:13:29.0933 0x1274 PnkBstrA - ok
20:13:29.0962 0x1274 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:13:29.0991 0x1274 PNRPAutoReg - ok
20:13:30.0029 0x1274 [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:13:30.0057 0x1274 PNRPsvc - ok
20:13:30.0094 0x1274 [ 8E2693CFD14188ABA1254F2946F64EEA, BDF41AB6E29712BBB878FA484392E4BC5BBA2EEDDE127346BCCC8099DBD76E5D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:13:30.0116 0x1274 PolicyAgent - ok
20:13:30.0147 0x1274 [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:13:30.0184 0x1274 PptpMiniport - ok
20:13:30.0199 0x1274 [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor C:\Windows\system32\drivers\processr.sys
20:13:30.0224 0x1274 Processor - ok
20:13:30.0281 0x1274 [ EF321BEED9CF3DF60EBA29A1D618AD8A, FE277119BCC9938054DFA670844B31E4F66C19EBC6E59E747F99C38F76A433BD ] ProfSvc C:\Windows\system32\profsvc.dll
20:13:30.0352 0x1274 ProfSvc - ok
20:13:30.0359 0x1274 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:13:30.0370 0x1274 ProtectedStorage - ok
20:13:30.0402 0x1274 [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:13:30.0427 0x1274 PSched - ok
20:13:30.0516 0x1274 [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:13:30.0566 0x1274 ql2300 - ok
20:13:30.0592 0x1274 [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:13:30.0603 0x1274 ql40xx - ok
20:13:30.0636 0x1274 [ 90574842C3DA781E279061A3EFF91F07, F87DE7355DAA4FACF2126A0427C08BAAD9E647E0B02EE5447746BE969B28DA8D ] QWAVE C:\Windows\system32\qwave.dll
20:13:30.0654 0x1274 QWAVE - ok
20:13:30.0664 0x1274 [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:13:30.0675 0x1274 QWAVEdrv - ok
20:13:30.0730 0x1274 [ A55E7D0D873B2C97585B3B5926AC6ADE, 3BE3895DA7F0888E85B1941525878BA0846A8F215AD39ED8138BB39615468E32 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
20:13:30.0743 0x1274 RapiMgr - ok
20:13:30.0753 0x1274 [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:13:30.0777 0x1274 RasAcd - ok
20:13:30.0791 0x1274 [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto C:\Windows\System32\rasauto.dll
20:13:30.0817 0x1274 RasAuto - ok
20:13:30.0842 0x1274 [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:13:30.0862 0x1274 Rasl2tp - ok
20:13:30.0879 0x1274 [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan C:\Windows\System32\rasmans.dll
20:13:30.0906 0x1274 RasMan - ok
20:13:30.0934 0x1274 [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:13:30.0952 0x1274 RasPppoe - ok
20:13:30.0973 0x1274 [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:13:30.0985 0x1274 RasSstp - ok
20:13:31.0018 0x1274 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:13:31.0042 0x1274 rdbss - ok
20:13:31.0059 0x1274 [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:13:31.0082 0x1274 RDPCDD - ok
20:13:31.0103 0x1274 [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:13:31.0134 0x1274 rdpdr - ok
20:13:31.0153 0x1274 [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:13:31.0177 0x1274 RDPENCDD - ok
20:13:31.0203 0x1274 [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:13:31.0243 0x1274 RDPWD - ok
20:13:31.0263 0x1274 [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:13:31.0289 0x1274 RemoteAccess - ok
20:13:31.0358 0x1274 [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:13:31.0382 0x1274 RemoteRegistry - ok
20:13:31.0394 0x1274 [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator C:\Windows\system32\locator.exe
20:13:31.0408 0x1274 RpcLocator - ok
20:13:31.0441 0x1274 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs C:\Windows\System32\rpcss.dll
20:13:31.0476 0x1274 RpcSs - ok
20:13:31.0486 0x1274 [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:13:31.0511 0x1274 rspndr - ok
20:13:31.0526 0x1274 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs C:\Windows\system32\lsass.exe
20:13:31.0537 0x1274 SamSs - ok
20:13:31.0553 0x1274 [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:13:31.0564 0x1274 sbp2port - ok
20:13:31.0589 0x1274 [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:13:31.0612 0x1274 SCardSvr - ok
20:13:31.0655 0x1274 [ C453886F47A10D44A9B4AFCBF349071D, B677FD3C638436CE84EC7087569CEEF912F59D0B800B4C76A5CC72289243C49B ] Schedule C:\Windows\system32\schedsvc.dll
20:13:31.0695 0x1274 Schedule - ok
20:13:31.0722 0x1274 [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:13:31.0741 0x1274 SCPolicySvc - ok
20:13:31.0751 0x1274 [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:13:31.0769 0x1274 SDRSVC - ok
20:13:31.0779 0x1274 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:13:31.0793 0x1274 secdrv - ok
20:13:31.0818 0x1274 [ 251F63DD48559F73766E1159F94A6BD1, 4B18A3DDA49E6E189F44CBFB6387444EE4556B29F040E93A6798B3ACEAE0C382 ] seclogon C:\Windows\system32\seclogon.dll
20:13:31.0832 0x1274 seclogon - ok
20:13:31.0845 0x1274 [ 90973A64B96CD647FF81C79443618EED, 1D3CB7F724B7EADA6443DF07B258EE7FB7FEC92C2A7A9D3C57F6A220EF0DDDC4 ] SENS C:\Windows\system32\sens.dll
20:13:31.0870 0x1274 SENS - ok
20:13:31.0884 0x1274 [ 2449316316411D65BD2C761A6FFB2CE2, A428D3B4E113D3CB6DD87CC52CF71E179189A9A9E326B39FB50C7B3155A41A88 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:13:31.0908 0x1274 Serenum - ok
20:13:31.0934 0x1274 [ 4B438170BE2FC8E0BD35EE87A960F84F, A585E17607DCB3E79518BC9914C7030C39B30A1B5B5B32137DABA32FF7079858 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:13:31.0959 0x1274 Serial - ok
20:13:31.0973 0x1274 [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:13:31.0996 0x1274 sermouse - ok
20:13:32.0013 0x1274 [ A8E4A4407A09F35DCCC3771AF590B0C4, F56ECE42CE81098FCCBCDFBBF006C3FB9EDD29C62F03C4EAE012EE690669481B ] SessionEnv C:\Windows\system32\sessenv.dll
20:13:32.0040 0x1274 SessionEnv - ok
20:13:32.0048 0x1274 [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:13:32.0072 0x1274 sffdisk - ok
20:13:32.0081 0x1274 [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:13:32.0105 0x1274 sffp_mmc - ok
20:13:32.0115 0x1274 [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:13:32.0139 0x1274 sffp_sd - ok
20:13:32.0152 0x1274 [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:13:32.0187 0x1274 sfloppy - ok
20:13:32.0203 0x1274 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:13:32.0238 0x1274 SharedAccess - ok
20:13:32.0267 0x1274 [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:13:32.0288 0x1274 ShellHWDetection - ok
20:13:32.0295 0x1274 [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:13:32.0306 0x1274 SiSRaid2 - ok
20:13:32.0317 0x1274 [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:13:32.0328 0x1274 SiSRaid4 - ok
20:13:32.0362 0x1274 [ 4E6FAEE3F259DAC82213D935785991FB, ADA019AD261BBEAE78495B508B4D375BEC1005DF119F20897D29C3C613A0CA46 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:13:32.0380 0x1274 SkypeUpdate - ok
20:13:32.0462 0x1274 [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc C:\Windows\system32\SLsvc.exe
20:13:32.0579 0x1274 slsvc - ok
20:13:32.0624 0x1274 [ FD74B4B7C2088E390A30C85A896FC3AF, 897F1F89A4DDB356CF6E59EFBC32A2081C0CADE283793DB6879D263F7B2E313F ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:13:32.0644 0x1274 SLUINotify - ok
20:13:32.0664 0x1274 [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:13:32.0683 0x1274 Smb - ok
20:13:32.0708 0x1274 [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:13:32.0719 0x1274 SNMPTRAP - ok
20:13:32.0760 0x1274 [ 5F9785E7535F8F602CB294A54962C9E7, 22BE050955347661685A4343C51F11C7811674E030386D2264CD12ECBF544B7C ] speedfan C:\Windows\syswow64\speedfan.sys
20:13:32.0781 0x1274 speedfan - ok
20:13:32.0810 0x1274 [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr C:\Windows\system32\drivers\spldr.sys
20:13:32.0820 0x1274 spldr - ok
20:13:32.0854 0x1274 [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:13:32.0874 0x1274 Spooler - ok
20:13:32.0906 0x1274 [ 72A631C70592AE9AACCFA4882F48BD2E, ECB0EB8910C15C79A3A8712254CEBDE0174DC119987C2CB16E8AEC9140495670 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:13:32.0939 0x1274 srv - ok
20:13:32.0961 0x1274 [ A2BBB991AEA301A56432FECBE525B756, 082E139380F6580E395CBE400C73D8E730BCAF0FD467F98B6BEC42EFA3633A59 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:13:32.0983 0x1274 srv2 - ok
20:13:33.0003 0x1274 [ 8AEAA745CB897481125B88848066FCAE, 5C32074AAF0D6B05E000FFCD593D60AC5ED17F24A250F12FE150D69AC8802CEB ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:13:33.0026 0x1274 srvnet - ok
20:13:33.0041 0x1274 [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:13:33.0070 0x1274 SSDPSRV - ok
20:13:33.0110 0x1274 [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:13:33.0124 0x1274 SstpSvc - ok
20:13:33.0182 0x1274 [ BE826A247D22F2FDF24B92AD40049F89, 06996ECCE5A694DEFDC99DB56F45DD0ABD9A2150581F1FD132FBBD863C474DE3 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:13:33.0578 0x1274 Steam Client Service - ok
20:13:33.0642 0x1274 [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc C:\Windows\System32\wiaservc.dll
20:13:33.0670 0x1274 stisvc - ok
20:13:33.0693 0x1274 [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:13:33.0702 0x1274 swenum - ok
20:13:33.0758 0x1274 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv C:\Windows\System32\swprv.dll
20:13:33.0791 0x1274 swprv - ok
20:13:33.0806 0x1274 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:13:33.0816 0x1274 Symc8xx - ok
20:13:33.0822 0x1274 [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:13:33.0831 0x1274 Sym_hi - ok
20:13:33.0838 0x1274 [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:13:33.0847 0x1274 Sym_u3 - ok
20:13:33.0889 0x1274 [ 92D7A8B0F87B036F17D25885937897A6, 6759BAB11E5FBB143BE13DF1611AE5D41D379DF423D881E92E910DF6A37CBA85 ] SysMain C:\Windows\system32\sysmain.dll
20:13:33.0952 0x1274 SysMain - ok
20:13:33.0979 0x1274 [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll
20:13:33.0996 0x1274 TabletInputService - ok
20:13:34.0029 0x1274 [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:13:34.0055 0x1274 TapiSrv - ok
20:13:34.0073 0x1274 [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS C:\Windows\System32\tbssvc.dll
20:13:34.0099 0x1274 TBS - ok
20:13:34.0334 0x1274 [ 89399663A2F0393AFFC79E8397ECA844, BA7D4DF5A2F5EB5328522D6136BB71F56263305B9396A437A8AFEF5A8C5C496C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:13:34.0386 0x1274 Tcpip - ok
20:13:34.0418 0x1274 [ 89399663A2F0393AFFC79E8397ECA844, BA7D4DF5A2F5EB5328522D6136BB71F56263305B9396A437A8AFEF5A8C5C496C ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:13:34.0459 0x1274 Tcpip6 - ok
20:13:34.0491 0x1274 [ A7FF25D9B9DA36797BD1EA48DB292DCE, D89C946633E77765923BD698F2665DC03C5CF1676EB2BAF4450A856B2E856997 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:13:34.0514 0x1274 tcpipreg - ok
20:13:34.0523 0x1274 [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:13:34.0546 0x1274 TDPIPE - ok
20:13:34.0560 0x1274 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:13:34.0584 0x1274 TDTCP - ok
20:13:34.0618 0x1274 [ A47CD175CF72CA5EEDB47C79532A7622, 1F682B002A64D2A8559005651F742DD3AFB50AE5D6DADAF4A75DD08410385FBF ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:13:34.0639 0x1274 tdx - ok
20:13:34.0653 0x1274 [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:13:34.0664 0x1274 TermDD - ok
20:13:34.0718 0x1274 [ 5A67A1108E347FCA6A64B74FFB108BDE, F9EC8932366FF4101C6F059567DDF099D895C90567C3E770DDDC71562434A821 ] TermService C:\Windows\System32\termsrv.dll
20:13:34.0748 0x1274 TermService - ok
20:13:34.0767 0x1274 [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes C:\Windows\system32\shsvcs.dll
20:13:34.0783 0x1274 Themes - ok
20:13:34.0812 0x1274 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER C:\Windows\system32\mmcss.dll
20:13:34.0836 0x1274 THREADORDER - ok
20:13:34.0860 0x1274 [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks C:\Windows\System32\trkwks.dll
20:13:34.0898 0x1274 TrkWks - ok
20:13:34.0964 0x1274 [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:13:34.0989 0x1274 TrustedInstaller - ok
20:13:35.0012 0x1274 [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:13:35.0026 0x1274 tssecsrv - ok
20:13:35.0050 0x1274 [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:13:35.0061 0x1274 tunmp - ok
20:13:35.0098 0x1274 [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:13:35.0108 0x1274 tunnel - ok
20:13:35.0126 0x1274 [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:13:35.0136 0x1274 uagp35 - ok
20:13:35.0170 0x1274 [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:13:35.0204 0x1274 udfs - ok
20:13:35.0223 0x1274 [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:13:35.0247 0x1274 UI0Detect - ok
20:13:35.0257 0x1274 [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:13:35.0267 0x1274 uliagpkx - ok
20:13:35.0285 0x1274 [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:13:35.0300 0x1274 uliahci - ok
20:13:35.0310 0x1274 [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:13:35.0322 0x1274 UlSata - ok
20:13:35.0341 0x1274 [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:13:35.0353 0x1274 ulsata2 - ok
20:13:35.0368 0x1274 [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:13:35.0394 0x1274 umbus - ok
20:13:35.0421 0x1274 [ 01ABE05C401E70795B43A8933B44831E, FF41E2C37F2629C7D18ED448D5217076EB9A5D038D6EC026FC54E3EB41FDAC86 ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
20:13:35.0445 0x1274 UMPass - ok
20:13:35.0507 0x1274 [ 7093799FF80E9DECA0680D2E3535BE60, 1CBFCCA84CB9212176BF5A1D32334BD54E58A2668A4746252738800468AD4AD4 ] upnphost C:\Windows\System32\upnphost.dll
20:13:35.0556 0x1274 upnphost - ok
20:13:35.0597 0x1274 [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:13:35.0630 0x1274 USBAAPL64 - ok
20:13:35.0665 0x1274 [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:13:35.0689 0x1274 usbaudio - ok
20:13:35.0721 0x1274 [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:13:35.0745 0x1274 usbccgp - ok
20:13:35.0757 0x1274 [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:13:35.0795 0x1274 usbcir - ok
20:13:35.0839 0x1274 [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:13:35.0850 0x1274 usbehci - ok
20:13:35.0867 0x1274 [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:13:35.0884 0x1274 usbhub - ok
20:13:35.0893 0x1274 [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:13:35.0928 0x1274 usbohci - ok
20:13:35.0951 0x1274 [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:13:35.0980 0x1274 usbprint - ok
20:13:36.0004 0x1274 [ 2702146BBD36B2AF1514CCC1F914646C, 6943396692E64782F04EA2FE40D3C6B6B5CC4E6DD3CFCB5739015AB509EEB3AE ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:13:36.0030 0x1274 USBSTOR - ok
20:13:36.0052 0x1274 [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:13:36.0077 0x1274 usbuhci - ok
20:13:36.0114 0x1274 [ C690C8B45DB67DBA284B72D1FD649D2C, 52432616E19ADB450247D8A0FA75265BD74F1FACE6A063830F0E604C8E415CC0 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
20:13:36.0127 0x1274 usb_rndisx - ok
20:13:36.0151 0x1274 [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms C:\Windows\System32\uxsms.dll
20:13:36.0170 0x1274 UxSms - ok
20:13:36.0199 0x1274 [ 84BB306B7863883018D7F3EB0C453BD5, 0602C6987E42ADB3F98D200BA078363F80389941938E0611C3CCA6AD6A183DD0 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
20:13:36.0211 0x1274 VClone - ok
20:13:36.0262 0x1274 [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds C:\Windows\System32\vds.exe
20:13:36.0296 0x1274 vds - ok
20:13:36.0310 0x1274 [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:13:36.0333 0x1274 vga - ok
20:13:36.0344 0x1274 [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:13:36.0376 0x1274 VgaSave - ok
20:13:36.0409 0x1274 [ 1161ACFF728D97F75D74D2F1465F8A46, 8AB5DB3FA0AA5E049E1A9A17F93CF9B0281F8944AB0BBB8A78B18ED5B5C18E47 ] vhidmini C:\Windows\system32\DRIVERS\vHidDev.sys
20:13:36.0418 0x1274 vhidmini - ok
20:13:36.0425 0x1274 [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide C:\Windows\system32\drivers\viaide.sys
20:13:36.0434 0x1274 viaide - ok
20:13:36.0451 0x1274 [ 3B59BB6D10CF969DBE4DB93D9EAD7FB4, 8BD4648AAD460F276C79AF81D1479E781E62D292F3318D39B53703403E57E52F ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
20:13:36.0459 0x1274 VKbms - ok
20:13:36.0489 0x1274 [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:13:36.0500 0x1274 volmgr - ok
20:13:36.0538 0x1274 [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:13:36.0558 0x1274 volmgrx - ok
20:13:36.0590 0x1274 [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:13:36.0606 0x1274 volsnap - ok
20:13:36.0609 0x1274 vpnva - ok
20:13:36.0619 0x1274 [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:13:36.0633 0x1274 vsmraid - ok
20:13:36.0681 0x1274 [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS C:\Windows\system32\vssvc.exe
20:13:36.0747 0x1274 VSS - ok
20:13:36.0811 0x1274 [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time C:\Windows\system32\w32time.dll
20:13:36.0871 0x1274 W32Time - ok
20:13:36.0889 0x1274 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:13:36.0926 0x1274 WacomPen - ok
20:13:36.0959 0x1274 [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:13:36.0979 0x1274 Wanarp - ok
20:13:36.0984 0x1274 [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:13:37.0003 0x1274 Wanarpv6 - ok
20:13:37.0006 0x1274 wanatw - ok
20:13:37.0104 0x1274 [ 8BDA6DB43AA54E8BB5E0794541DDC209, 8753C507BE77B019A3403AF5252434A01DB9F9332E58AC3783ABCE3D21AD9DD4 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
20:13:37.0127 0x1274 WcesComm - ok
20:13:37.0152 0x1274 [ B4E4C37D0AA6100090A53213EE2BF1C1, 67107F542F3C937FA5D9B28BA2EBFE994FFE287F16C0BFCF79AD20B95C13F78B ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:13:37.0180 0x1274 wcncsvc - ok
20:13:37.0200 0x1274 [ EA4B369560E986F19D93F45A881484AC, B61411D64901C9CB8C80402CD1E8808F5A0FACA38206C8D584C7C1019F5ADF5A ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:13:37.0219 0x1274 WcsPlugInService - ok
20:13:37.0228 0x1274 [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd C:\Windows\system32\drivers\wd.sys
20:13:37.0238 0x1274 Wd - ok
20:13:37.0259 0x1274 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
20:13:37.0271 0x1274 WDC_SAM - ok
20:13:37.0318 0x1274 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:13:37.0350 0x1274 Wdf01000 - ok
20:13:37.0361 0x1274 [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost C:\Windows\system32\wdi.dll
20:13:37.0387 0x1274 WdiServiceHost - ok
20:13:37.0393 0x1274 [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost C:\Windows\system32\wdi.dll
20:13:37.0419 0x1274 WdiSystemHost - ok
20:13:37.0450 0x1274 [ 5B8CAF0FE216A57C95E8471A3BE051D6, DB1AB99FCB6B9FD1B22A052DE533D80B3826AD4D0D4890105EF09479FD9A04AB ] WebClient C:\Windows\System32\webclnt.dll
20:13:37.0479 0x1274 WebClient - ok
20:13:37.0500 0x1274 [ 8D40BC587993F876658BF9FB0F7D3462, 23748E11F5CCE3D4978D748780283FA5A1154F53FF70D924CB2128FF8A4705F7 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:13:37.0520 0x1274 Wecsvc - ok
20:13:37.0530 0x1274 [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:13:37.0551 0x1274 wercplsupport - ok
20:13:37.0559 0x1274 [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc C:\Windows\System32\WerSvc.dll
20:13:37.0580 0x1274 WerSvc - ok
20:13:37.0612 0x1274 WinDefend - ok
20:13:37.0621 0x1274 WinHttpAutoProxySvc - ok
20:13:37.0696 0x1274 [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:13:37.0726 0x1274 Winmgmt - ok
20:13:37.0790 0x1274 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869, 22D53818F4A4ACE441E121151CFD7CB1EDF5E8303DF9E113C9BB304B418A96EF ] WinRM C:\Windows\system32\WsmSvc.dll
20:13:37.0869 0x1274 WinRM - ok
20:13:37.0915 0x1274 [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc C:\Windows\System32\wlansvc.dll
20:13:37.0947 0x1274 Wlansvc - ok
20:13:38.0356 0x1274 [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:13:38.0458 0x1274 wlidsvc - ok
20:13:38.0483 0x1274 [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:13:38.0501 0x1274 WmiAcpi - ok
20:13:38.0535 0x1274 [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:13:38.0558 0x1274 wmiApSrv - ok
20:13:38.0567 0x1274 WMPNetworkSvc - ok
20:13:38.0589 0x1274 [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:13:38.0607 0x1274 WPCSvc - ok
20:13:38.0628 0x1274 [ 490A18B4E4D53DC10879DEAA8E8B70D9, D069D8C22CF78A0970E85C0B9879E08FF19458FAA75AE447BCF9236731F64252 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:13:38.0645 0x1274 WPDBusEnum - ok
20:13:38.0673 0x1274 [ 5E2401B3FC1089C90E081291357371A9, 224D378EEBFB721CBC24896CAE01B31DC54B6ED82C19C5B954E96D5E98B83C59 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:13:38.0683 0x1274 WpdUsb - ok
20:13:39.0025 0x1274 [ 4CF27ED8D93A30BAA6F4DF50E62B7675, BDD0BD5C8DF13E0617429775F717E7078537C85921750BD3FE8401D7302166FD ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:13:39.0062 0x1274 WPFFontCache_v0400 - ok
20:13:39.0094 0x1274 [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:13:39.0117 0x1274 ws2ifsl - ok
20:13:39.0139 0x1274 [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc C:\Windows\system32\wscsvc.dll
20:13:39.0153 0x1274 wscsvc - ok
20:13:39.0155 0x1274 WSearch - ok
20:13:39.0314 0x1274 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll
20:13:39.0407 0x1274 wuauserv - ok
20:13:39.0441 0x1274 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:13:39.0455 0x1274 WudfPf - ok
20:13:39.0466 0x1274 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:13:39.0481 0x1274 WUDFRd - ok
20:13:39.0507 0x1274 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:13:39.0520 0x1274 wudfsvc - ok
20:13:39.0536 0x1274 ================ Scan global ===============================
20:13:39.0559 0x1274 [ 0CF5A36772FCACDA29DE19E3B6843BBB, BB179387AC1F9A20ED6B2418CEF593BE26C2DDD3536B0C9C155F014F40C4BD25 ] C:\Windows\system32\basesrv.dll
20:13:39.0586 0x1274 [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
20:13:39.0610 0x1274 [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll
20:13:39.0642 0x1274 [ E8E05C05FBFEBD47FB7DBF7233F15302, 3099E64022E0E5347F7C8EFAD6D6E577157FC6B49386F3203E5438B38AE1EE36 ] C:\Windows\system32\services.exe
20:13:39.0650 0x1274 [ Global ] - ok
20:13:39.0650 0x1274 ================ Scan MBR ==================================
20:13:39.0657 0x1274 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:13:41.0720 0x1274 \Device\Harddisk0\DR0 - ok
20:13:41.0720 0x1274 ================ Scan VBR ==================================
20:13:41.0732 0x1274 [ 30F399E457E7E178781C7F5E994E4B0A ] \Device\Harddisk0\DR0\Partition1
20:13:41.0734 0x1274 \Device\Harddisk0\DR0\Partition1 - ok
20:13:41.0749 0x1274 [ 020FBFE9B55100A249106E83960F4926 ] \Device\Harddisk0\DR0\Partition2
20:13:41.0751 0x1274 \Device\Harddisk0\DR0\Partition2 - ok
20:13:41.0774 0x1274 [ E3528EEF4D379E638676EFC968276A1D ] \Device\Harddisk0\DR0\Partition3
20:13:41.0793 0x1274 \Device\Harddisk0\DR0\Partition3 - ok
20:13:41.0793 0x1274 ================ Scan generic autorun ======================
20:13:41.0953 0x1274 [ DD7B4F9E6B71A599FEF4BD9DA0AE57C2, 6B22356F74F7ED069A3FC39C62326AA98A70D0E860A2EB29A6C46F4077FB567A ] C:\Program Files\Microsoft Security Client\msseces.exe
20:13:42.0064 0x1274 MSC - ok
20:13:42.0146 0x1274 [ 21D9910EF7EA9C58C8E31EE2C29D5F49, 7F68C168AA029B61810297F21D340B6756F4140642DAD0E3F2CA22AF525312EB ] C:\Program Files\iTunes\iTunesHelper.exe
20:13:42.0164 0x1274 iTunesHelper - ok
20:13:42.0439 0x1274 [ 16598A9758F386F82D2C447C70C95D10, 0A698135EFC195C359702AA76897B9C67712FDE0A54B51587134B65510B154ED ] d:\Program Files\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
20:13:42.0501 0x1274 StartCCC - ok
20:13:42.0504 0x1274 CTxfiHlp - ok
20:13:42.0553 0x1274 [ C98F79A726A1505812969CC4F3ECFA3F, BD7A2DB04DBFDF2BEC9D7A6B0F62A141E935A799F1C47417A11B7DE4D6B69BAC ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
20:13:42.0565 0x1274 HydraVisionDesktopManager - detected UnsignedFile.Multi.Generic ( 1 )
20:13:42.0676 0x1274 Detect skipped due to KSN trusted
20:13:42.0676 0x1274 HydraVisionDesktopManager - ok
20:13:42.0677 0x1274 Waiting for KSN requests completion. In queue: 55
20:13:43.0686 0x1274 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( ), 0x61000 ( enabled : updated )
20:13:43.0707 0x1274 Win FW state via NFP2: enabled ( trusted )
20:13:43.0886 0x1274 ============================================================
20:13:43.0886 0x1274 Scan finished
20:13:43.0886 0x1274 ============================================================
20:13:43.0904 0x0fb0 Detected object count: 0
20:13:43.0904 0x0fb0 Actual detected object count: 0
 
#23 ·
Hello rcoops72 :)

Things are looking pretty good. There doesn't appear to be anything malicious going on with your shortcuts. Let's try reenabling the things that you have disabled with MSConfig and see what happens. MSConfig is actually meant to be used for troubleshooting, not as a permanent startup management solution. We can talk a bit about some better options later.

Besides the icons, how is your computer behaving? Are the browsers still doing OK?

There's also a few things to clean up that the last scan found and I'd like to run one more comprehensive scan to see if there's anything we missed.

Step one...

Reenable Items With MSConfig
  • Click Start
  • Type msconfig.exe into the Start Search box and press Enter.
  • Check Normal startup and click OK.
  • You will be prompted to restart your computer. Click Restart.

Step two...

FRST Fix
  • You should still have FRST64.exe on your Desktop. If not please download it HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
  • Copy and Paste the following script into Notepad, Do not include the word Code:.
    Code:
    CreateRestorePoint:
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{342224AC-1149-663A-05A3-E67C2C0D485B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
    [-HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0]
    
    C:\Users\Coop\AppData\Roaming\.acestream
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.
Step three...

ESET Online Scanner
NOTE: This scan can take a long time to run. Some people find it best to let it run overnight.
  • Go to the ESET Online Scanner site.
  • Click on the Scan Now button.
  • You will be prompted to download a small utility.
  • Next please disable any antivirus you have active, as shown in this topic.
  • Right click esetsmartinstaller_enu.exe and select Run as administrator.
  • Check the box to agree to the terms of use and click Accept.
  • Check Enable detection of of potentially unwanted applications.
  • Click Advanced settings.
  • Ensure the following are checked:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth technology
  • Ensure Clean threats automatically is UNCHECKED.
  • Click Scan.
  • ESET Online Scanner will download its virus signature database then automatically start the scan.
    The scan will take a while. Please be patient and do not use your computer during the scan.
  • When the scan completes click Copy to clipboard. Paste the results into your reply.
  • You can now exit the program using the X in the top-right.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
IMPORTANT: Do not forget to re-enable your antivirus software.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Fixlog.txt
  • The ESET log
  • How are the icons after reenabling MSConfig items?
  • How are your browsers behaving?
  • Are there any changes in computer behavior?
 
#24 ·
Hello! Thanks for the help!

Icons were better after restart. Did the MSCONFIG thing and a lot of stuff started to load which I do not use so I will uninstall them?
I did the Fixlog process and the shutdown took 5 1/2 mins I assume that is normal?

Below is the log

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-10-2016
Ran by Coop (06-10-2016 19:41:50) Run:3
Running from C:\Users\Coop\Desktop
Loaded Profiles: Coop (Available Profiles: Coop)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{342224AC-1149-663A-05A3-E67C2C0D485B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}]
[-HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0]

C:\Users\Coop\AppData\Roaming\.acestream
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{342224AC-1149-663A-05A3-E67C2C0D485B} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9DBB28CD-1925-11D3-A498-00104B6EB52E} => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} => key removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} => key removed successfully
HKEY_USERS\S-1-5-21-2800502796-835880612-2508068223-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.0 => key removed successfully
C:\Users\Coop\AppData\Roaming\.acestream => moved successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5939223 B
Java, Flash, Steam htmlcache => 1850 B
Windows/system/drivers => 9965485 B
Edge => 0 B
Chrome => 95641171 B
Firefox => 377285738 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 66228 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 4210182 B
NetworkService => 0 B
Coop => 9813649 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 487.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 19:46:36 ====
 
#25 ·
OK I have another update for you. This happened in the past as well to me. I ran this step

ESET Online Scanner
NOTE: This scan can take a long time to run. Some people find it best to let it run overnight.

I started it around 1 hour ago. I came back to see how it was doing and it was at like 98% done based on the progress bar. It said it found 20 threats but the font and screen turned solid black and I could not even click stop it was like locked up...I let it sit for 20 more minutes no additional progress and had to alt cnt del close it out with task manager....Thoughts?
 
#26 ·
Hello rcoops72 :)

RE: MSConfig. Ideally, if you don't use something you should uninstall it (please wait until we are done to do so though). If you do use something but it doesn't need to starting on boot there are better ways to disable it than MSConfig. We can talk about once we are done with the malware stuff.

I noticed some services were also disabled with MSConfig. I generally recommend that people not mess with services, you can break things pretty badly doing that. However, if you want to services it should be done through Services.msc. If you'd like that's another thing we can talk about later.

RE: ESET. Strange. I think that probably all or most of the detections were files that one of the other tools already quarantined. You're not the first person to have that happen with ESET either. They recently (past several months) made some changes, I wonder if they broke something. Let's try an alternative.

Sophos Virus Removal Tool Install
  • Please download the Sophos Virus Removal Tool and save it to your Desktop.
  • Right click on Sophos Virus Removal Tool.exe and select Run as administrator.
  • Click Next.
  • Select I accept the terms in the license agreement to accept the EULA and click Next.
  • Click Next then Install. Once the install finishes click Finish.

Sophos Virus Removal Tool Scan and Clean
  • Click Start.
  • Type Sophos Virus Removal Tool into the search box and select it from the results.
  • Once the tool finishes updating click Start scanning.
  • If any threats are found click Start cleanup.
    • If prompted to allow a reboot please do so.
    • After the cleanup is finished and the computer is rebooted (if required) click Details then View log file....
    • Copy and paste the contents in your reply.
  • If no threats were found just let me know.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • The Sophos log
  • Are there any changes in computer behavior?
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top