Pilsberyhomeboy Posted January 1, 2016 ID:1010272 Share Posted January 1, 2016 Hello, I recently purchased a bitcoin miner so me and my friends can mine. The next day I woke up in the morning and turned on my PC and started a steam download for a game so it would download when I was at school. When I returned from school I saw chrome open with a fake adobe flash player website and at the bottom of chrome, the download bar was full of stuff I didn't download. I've done endless scans with Malware bytes (yes I have premium) and nothing has been detected. Also my PC crashes a lot, not from overheating because I have 4 case fans and a water cooler and the temperature never goes past 70•F. I don't know what other programs this one virus has downloaded but I'm afraid I might also have a keylogger so I haven't been signing into my steam account or my emails. Any help would be greatly appreciated. Also I have about 4 different MBAM services running. Thank you Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 1, 2016 ID:1010274 Share Posted January 1, 2016 Hello, Please follow this topic and attach required reports https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
Pilsberyhomeboy Posted January 1, 2016 Author ID:1010277 Share Posted January 1, 2016 Hello, Please follow this topic and attach required reports https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/Ok man I will be home in a few then I will do those scans Link to post Share on other sites More sharing options...
Pilsberyhomeboy Posted January 3, 2016 Author ID:1010524 Share Posted January 3, 2016 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015Ran by Joe (administrator) on JOE_GAMING_PC (02-01-2016 20:01:50)Running from C:\Users\Joe\DownloadsLoaded Profiles: Joe (Available Profiles: Joe)Platform: Windows 8.1 (X64) Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe() C:\Windows\SysWOW64\ASGT.exe() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe() C:\Windows\System32\PnkBstrA.exe(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe(NVIDIA Corporation) C:\Users\Joe\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coNatHst.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)HKLM\...\Run: [iSCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStartHKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [ASRock A-Tuning] => [X]HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [ASRockRuefi] => [X]HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1341192 2015-05-20] (Bogdan Sharkov)HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-27] (SUPERAntiSpyware)HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [spotify Web Helper] => C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-19] (Spotify Ltd)HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50515576 2015-11-30] (Skype Technologies S.A.)HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [spotify] => C:\Users\Joe\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-19] (Spotify Ltd)HKU\S-1-5-18\...\Run: [] => 0ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{5500B69B-CE55-4987-9FB7-28159B7F4EE7}: [DhcpNameServer] 192.168.1.1 Internet Explorer:==================BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)Toolbar: HKU\S-1-5-21-4290914269-1144193900-1776241538-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)FF Plugin HKU\S-1-5-21-4290914269-1144193900-1776241538-1001: @nsroblox.roblox.com/launcher -> C:\Users\Joe\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)FF Plugin HKU\S-1-5-21-4290914269-1144193900-1776241538-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Joe\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgnFF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-12-30] Chrome: =======CHR StartupUrls: Default -> "hxxps://www.google.com/"CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-08]CHR Extension: (BetterTTV) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-08-17]CHR Extension: (Google Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-08]CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]CHR Extension: (Google Sheets) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-08]CHR Extension: (Google Docs Offline) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]CHR Extension: (AdRemover for Google Chrome™) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2015-05-11]CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]CHR Extension: (Norton Security Toolbar) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-08-10]CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-08]CHR Extension: (Abstract-Blue) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2015-05-08]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crxCHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-22]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-22] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-07-25] () [File not signed]S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1257504 2015-12-28] ()R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [124120 2015-11-15] (altPUG LLC)R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [235744 2015-05-26] (EasyAntiCheat Ltd)R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)S2 iSCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-09] (Electronic Arts)R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-05-09] ()R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-09] ()R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-02-27] ()R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2015-05-09] (ASRock Incorporation)R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-02-03] (Intel Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [3791872 2014-05-21] (Intel Corporation) [File not signed]R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-02-19] (ASUSTeK Computer Inc.)R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-02] (Malwarebytes)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]U2 TMAgent; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-02 20:01 - 2016-01-02 20:02 - 00026618 _____ C:\Users\Joe\Downloads\FRST.txt2016-01-02 20:01 - 2016-01-02 20:01 - 02370560 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe2016-01-02 20:01 - 2016-01-02 20:01 - 00000000 ____D C:\FRST2016-01-02 19:55 - 2013-02-19 17:02 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys2015-12-31 19:31 - 2015-12-31 21:39 - 00000000 ____D C:\Users\Joe\AppData\Roaming\vlc2015-12-31 19:31 - 2015-12-31 19:31 - 00001086 _____ C:\Users\Public\Desktop\VLC media player.lnk2015-12-31 19:31 - 2015-12-31 19:31 - 00000000 ____D C:\Users\Joe\AppData\Roaming\dvdcss2015-12-31 19:31 - 2015-12-31 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN2015-12-31 19:30 - 2015-12-31 19:30 - 28849904 _____ C:\Users\Joe\Downloads\vlc-2.2.1-win32.exe2015-12-31 19:30 - 2015-12-31 19:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN2015-12-31 19:27 - 2015-12-31 19:27 - 00000000 ___HD C:\OneDriveTemp2015-12-31 19:26 - 2016-01-02 19:55 - 00000000 ___RD C:\Users\Joe\OneDrive2015-12-30 15:49 - 2015-12-30 15:49 - 00000947 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\TeamSpeak 3 Client.lnk2015-12-30 12:57 - 2016-01-02 19:55 - 00002972 _____ C:\Windows\System32\Tasks\AsrSP.exe2015-12-29 23:53 - 2015-12-29 23:53 - 00001988 _____ C:\Users\Joe\Desktop\mc acc.txt2015-12-28 20:13 - 2015-12-28 20:14 - 16920266 _____ C:\Users\Joe\Downloads\ets2mp_20510 (1).zip2015-12-28 19:34 - 2015-12-28 22:27 - 00000000 ____D C:\Program Files (x86)\A3Launcher2015-12-28 19:34 - 2015-12-28 19:34 - 00001047 _____ C:\Users\Public\Desktop\A3Launcher.lnk2015-12-28 19:34 - 2015-12-28 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A3Launcher2015-12-28 19:33 - 2015-12-28 19:33 - 14946192 _____ (Maca134 ) C:\Users\Joe\Downloads\setup_a3launcher.exe2015-12-28 18:41 - 2015-12-31 11:25 - 00000000 ____D C:\Users\Joe\AppData\Local\Arma 32015-12-28 18:41 - 2015-12-28 18:44 - 00000000 ____D C:\Users\Joe\Documents\Arma 32015-12-28 18:41 - 2015-12-28 18:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive2015-12-28 18:40 - 2015-12-28 18:42 - 00000000 ____D C:\Users\Joe\AppData\Local\Arma 3 Launcher2015-12-28 18:40 - 2015-12-28 18:40 - 00000000 ____D C:\Users\Joe\AppData\Local\Bohemia_Interactive2015-12-27 23:29 - 2015-12-27 23:29 - 00000222 _____ C:\Users\Joe\Desktop\Arma 3.url2015-12-27 22:31 - 2015-12-28 20:14 - 00001205 _____ C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk2015-12-27 22:29 - 2015-12-27 22:29 - 16920266 _____ C:\Users\Joe\Downloads\ets2mp_20510.zip2015-12-27 18:08 - 2015-12-27 18:14 - 00000000 ____D C:\Users\Joe\Documents\Project CARS2015-12-27 18:08 - 2015-12-27 18:08 - 00000000 ____D C:\Users\Joe\Documents\wmd_symbol_cache2015-12-27 14:36 - 2015-12-30 13:06 - 00000000 ____D C:\Users\Joe\Documents\Assetto Corsa2015-12-27 14:26 - 2015-12-27 14:26 - 00000222 _____ C:\Users\Joe\Desktop\Project CARS.url2015-12-27 13:30 - 2015-12-27 15:51 - 00000000 ____D C:\Users\Joe\AppData\Roaming\SpinTires2015-12-27 13:26 - 2015-12-27 13:26 - 00000222 _____ C:\Users\Joe\Desktop\Spintires.url2015-12-27 13:22 - 2015-12-27 13:22 - 00000000 ____D C:\Program Files\Logitech2015-12-27 13:22 - 2015-12-27 13:22 - 00000000 ____D C:\Program Files\Common Files\Logitech2015-12-27 13:21 - 2015-12-27 13:22 - 17276616 _____ (Logitech ) C:\Users\Joe\Downloads\lgs510_x64.exe2015-12-27 13:17 - 2015-12-27 13:17 - 00000222 _____ C:\Users\Joe\Desktop\Assetto Corsa.url2015-12-22 21:15 - 2015-12-27 13:39 - 00000000 ____D C:\Users\Joe\AppData\Local\Logitech2015-12-22 21:12 - 2015-12-27 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech2015-12-22 21:12 - 2015-12-22 21:13 - 00000000 ____D C:\Program Files\Logitech Gaming Software2015-12-22 21:11 - 2015-12-22 21:11 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Logitech2015-12-22 21:11 - 2015-12-22 21:11 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Logishrd2015-12-22 21:10 - 2015-12-22 21:11 - 97288008 _____ (Logitech Inc.) C:\Users\Joe\Downloads\LGS_8.76.155_x64_Logitech.exe2015-12-20 14:34 - 2015-11-24 13:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2015-12-20 14:33 - 2015-11-24 18:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll2015-12-20 14:33 - 2015-11-24 18:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll2015-12-20 14:33 - 2015-11-24 18:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2015-12-20 14:33 - 2015-11-24 18:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2015-12-20 14:33 - 2015-11-24 18:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2015-12-20 14:33 - 2015-11-24 18:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2015-12-20 14:33 - 2015-11-24 18:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2015-12-20 14:33 - 2015-11-24 18:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2015-12-20 14:33 - 2015-11-24 18:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2015-12-20 14:33 - 2015-11-24 18:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2015-12-20 14:33 - 2015-11-24 18:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2015-12-20 14:33 - 2015-11-24 18:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2015-12-20 14:33 - 2015-11-24 18:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll2015-12-20 14:33 - 2015-11-24 18:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00878816 _____ C:\Windows\system32\nvmcumd.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00501056 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00422056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2015-12-20 14:33 - 2015-11-24 18:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2015-12-20 14:33 - 2015-11-24 18:10 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2015-12-20 14:06 - 2015-12-08 20:51 - 00111520 _____ C:\Windows\system32\NvRtmpStreamer64.dll2015-12-20 10:07 - 2015-12-20 10:07 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk2015-12-20 10:07 - 2015-12-20 10:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer2015-12-20 10:06 - 2015-12-20 10:06 - 09616448 _____ (TeamViewer GmbH) C:\Users\Joe\Downloads\TeamViewer_Setup_en.exe2015-12-19 20:42 - 2015-12-19 20:42 - 00000000 ___HD C:\ProgramData\CanonBJ2015-12-19 20:42 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBB.DLL2015-12-08 14:48 - 2015-11-22 01:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-12-08 14:48 - 2015-11-22 01:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-12-08 14:48 - 2015-11-22 01:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi2015-12-08 14:48 - 2015-11-22 01:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe2015-12-08 14:48 - 2015-11-22 01:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi2015-12-08 14:48 - 2015-11-22 01:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe2015-12-08 14:48 - 2015-11-22 01:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-12-08 14:48 - 2015-11-21 13:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-12-08 14:48 - 2015-11-21 12:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-12-08 14:48 - 2015-11-21 11:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll2015-12-08 14:48 - 2015-11-21 11:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll2015-12-08 14:48 - 2015-11-21 11:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll2015-12-08 14:48 - 2015-11-21 11:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll2015-12-08 14:48 - 2015-11-20 17:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-12-08 14:48 - 2015-11-20 13:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-12-08 14:48 - 2015-11-20 11:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-12-08 14:48 - 2015-11-20 11:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-12-08 14:48 - 2015-11-20 11:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-12-08 14:48 - 2015-11-20 11:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2015-12-08 14:48 - 2015-11-20 11:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-12-08 14:48 - 2015-11-20 11:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-12-08 14:48 - 2015-11-20 11:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-12-08 14:48 - 2015-11-20 11:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-12-08 14:48 - 2015-11-20 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-12-08 14:48 - 2015-11-20 11:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-12-08 14:48 - 2015-11-20 11:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-12-08 14:48 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-12-08 14:48 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-12-08 14:48 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-12-08 14:48 - 2015-11-11 10:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-12-08 14:48 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-12-08 14:48 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-12-08 14:48 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-12-08 14:48 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-12-08 14:48 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-12-08 14:48 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2015-12-08 14:48 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-12-08 14:48 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-12-08 14:48 - 2015-11-09 18:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-12-08 14:48 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-12-08 14:48 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-12-08 14:48 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-12-08 14:48 - 2015-11-09 18:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2015-12-08 14:48 - 2015-11-09 18:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2015-12-08 14:48 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-12-08 14:48 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-12-08 14:48 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-12-08 14:48 - 2015-11-08 19:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll2015-12-08 14:48 - 2015-11-08 17:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-12-08 14:48 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-12-08 14:48 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-12-08 14:48 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-12-08 14:48 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2015-12-08 14:48 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-12-08 14:48 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-12-08 14:48 - 2015-11-08 16:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2015-12-08 14:48 - 2015-11-08 16:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-12-08 14:48 - 2015-11-08 16:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2015-12-08 14:48 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-12-08 14:48 - 2015-11-08 16:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-12-08 14:48 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-12-08 14:48 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-12-08 14:48 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-12-08 14:48 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-12-08 14:48 - 2015-11-08 16:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2015-12-08 14:48 - 2015-11-08 16:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll2015-12-08 14:48 - 2015-11-08 15:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-12-08 14:48 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-12-08 14:48 - 2015-11-08 15:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2015-12-08 14:48 - 2015-11-08 15:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll2015-12-08 14:48 - 2015-11-08 15:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll2015-12-08 14:48 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-12-08 14:48 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-12-08 14:48 - 2015-11-05 03:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys2015-12-08 14:48 - 2015-10-28 10:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-12-08 14:48 - 2015-10-28 10:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-12-08 14:48 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll2015-12-08 14:48 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL2015-12-08 14:48 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL2015-12-08 14:48 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL2015-12-08 14:48 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll2015-12-08 14:48 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL2015-12-08 14:48 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL2015-12-08 14:48 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL2015-12-08 14:48 - 2015-10-22 11:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll2015-12-08 14:48 - 2015-10-22 11:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll2015-12-08 14:48 - 2015-10-22 10:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll2015-12-08 14:48 - 2015-10-22 10:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll2015-12-08 14:48 - 2015-10-22 09:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls2015-12-08 14:48 - 2015-10-22 09:08 - 00513456 _____ C:\Windows\system32\locale.nls2015-12-08 14:48 - 2015-10-11 01:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS2015-12-08 14:48 - 2015-10-11 01:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2015-12-08 14:48 - 2015-10-11 01:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2015-12-08 14:48 - 2015-10-11 01:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2015-12-08 14:48 - 2015-10-11 01:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2015-12-08 14:48 - 2015-10-10 13:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2015-12-08 14:48 - 2015-10-10 13:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2015-12-08 14:48 - 2015-10-10 13:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys2015-12-08 14:48 - 2015-10-10 12:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll2015-12-08 14:48 - 2015-10-08 11:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll2015-12-08 14:48 - 2015-10-08 10:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll2015-12-08 14:48 - 2015-10-03 14:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll2015-12-08 14:48 - 2015-10-03 14:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll2015-12-08 14:47 - 2015-10-05 13:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe2015-12-08 14:47 - 2015-10-05 13:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2015-12-03 20:38 - 2015-12-03 20:43 - 00000000 ____D C:\ProgramData\TEMP2015-12-03 20:38 - 2015-12-03 20:38 - 00000000 ____D C:\Users\Joe\Documents\Forward Development2015-12-03 20:38 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll2015-12-03 20:38 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll2015-12-03 20:38 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll2015-12-03 20:38 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll2015-12-03 20:38 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll2015-12-03 20:38 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll2015-12-03 20:38 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll2015-12-03 20:38 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll2015-12-03 20:38 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll2015-12-03 20:38 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll2015-12-03 20:38 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll2015-12-03 20:38 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll2015-12-03 20:38 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll2015-12-03 20:38 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll2015-12-03 20:38 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll2015-12-03 20:38 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll2015-12-03 20:38 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll2015-12-03 20:38 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll2015-12-03 20:38 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll2015-12-03 20:38 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll2015-12-03 20:38 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll2015-12-03 20:38 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll2015-12-03 20:38 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll2015-12-03 20:38 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll2015-12-03 20:38 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll2015-12-03 20:38 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll2015-12-03 20:38 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll2015-12-03 20:38 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll2015-12-03 20:38 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll2015-12-03 20:38 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll2015-12-03 20:38 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll2015-12-03 20:38 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll2015-12-03 20:38 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll2015-12-03 20:38 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll2015-12-03 20:38 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll2015-12-03 20:38 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll2015-12-03 20:38 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll2015-12-03 20:38 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll2015-12-03 20:38 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll2015-12-03 20:38 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll2015-12-03 20:38 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll2015-12-03 20:38 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll2015-12-03 20:38 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll2015-12-03 20:38 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll2015-12-03 20:38 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll2015-12-03 20:38 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll2015-12-03 20:38 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll2015-12-03 20:38 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll2015-12-03 20:38 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll2015-12-03 20:38 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll2015-12-03 20:38 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll2015-12-03 20:38 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll2015-12-03 20:38 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll2015-12-03 20:38 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll2015-12-03 20:38 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll2015-12-03 20:38 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll2015-12-03 20:38 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll2015-12-03 20:38 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll2015-12-03 20:38 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll2015-12-03 20:38 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll2015-12-03 20:38 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll2015-12-03 20:38 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll2015-12-03 20:38 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll2015-12-03 20:38 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll2015-12-03 20:38 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll2015-12-03 20:38 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll2015-12-03 20:38 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll2015-12-03 20:38 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll2015-12-03 20:38 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll2015-12-03 20:38 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll2015-12-03 20:38 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll2015-12-03 20:38 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll2015-12-03 20:38 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll2015-12-03 20:38 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll2015-12-03 20:38 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll2015-12-03 20:38 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll2015-12-03 20:38 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll2015-12-03 20:38 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll2015-12-03 20:38 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll2015-12-03 20:38 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll2015-12-03 20:38 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll2015-12-03 20:38 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll2015-12-03 20:38 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll2015-12-03 20:38 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll2015-12-03 20:38 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll2015-12-03 20:38 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll2015-12-03 20:38 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll2015-12-03 20:38 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll2015-12-03 20:38 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll2015-12-03 20:38 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll2015-12-03 20:38 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll2015-12-03 20:38 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll2015-12-03 20:38 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll2015-12-03 20:38 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll2015-12-03 20:38 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll2015-12-03 20:38 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll2015-12-03 20:38 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll2015-12-03 20:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll2015-12-03 20:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll2015-12-03 20:38 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll2015-12-03 20:38 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll2015-12-03 20:38 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll2015-12-03 20:38 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll2015-12-03 20:38 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll2015-12-03 20:38 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll2015-12-03 20:38 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll2015-12-03 20:38 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll2015-12-03 20:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll2015-12-03 20:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll2015-12-03 20:38 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll2015-12-03 20:38 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll2015-12-03 20:38 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll2015-12-03 20:38 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll2015-12-03 20:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll2015-12-03 20:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll2015-12-03 20:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll2015-12-03 20:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll2015-12-03 20:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll2015-12-03 20:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll2015-12-03 20:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll2015-12-03 20:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll2015-12-03 20:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll2015-12-03 20:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll2015-12-03 20:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll2015-12-03 20:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll2015-12-03 20:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll2015-12-03 20:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll2015-12-03 20:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll2015-12-03 20:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll2015-12-03 20:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll2015-12-03 20:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll2015-12-03 20:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll2015-12-03 20:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll2015-12-03 20:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll2015-12-03 20:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll2015-12-03 20:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll2015-12-03 20:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll2015-12-03 20:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll2015-12-03 20:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll2015-12-03 20:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll2015-12-03 20:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll2015-12-03 20:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll2015-12-03 20:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll2015-12-03 20:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll2015-12-03 20:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll2015-12-03 20:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll2015-12-03 20:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll2015-12-03 20:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll2015-12-03 20:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll2015-12-03 20:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll2015-12-03 20:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll2015-12-03 20:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll2015-12-03 20:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll2015-12-03 20:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll2015-12-03 20:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll2015-12-03 20:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll2015-12-03 20:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll2015-12-03 20:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll2015-12-03 20:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll2015-12-03 20:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll2015-12-03 20:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll2015-12-03 20:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll2015-12-03 20:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll2015-12-03 20:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll2015-12-03 20:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll2015-12-03 20:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll2015-12-03 20:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll2015-12-03 20:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll2015-12-03 20:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll2015-12-03 20:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll2015-12-03 20:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll2015-12-03 20:36 - 2015-12-03 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forward Development2015-12-03 19:51 - 2015-12-03 20:30 - 1222067228 _____ (Forward Development ) C:\Users\Joe\Downloads\CityCarDriving_En.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-01-02 20:01 - 2013-08-22 08:36 - 00000000 ____D C:\Windows2016-01-02 20:00 - 2015-05-08 07:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-01-02 19:59 - 2015-05-09 05:23 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-01-02 19:56 - 2015-05-08 03:56 - 00000000 ____D C:\Program Files (x86)\Steam2016-01-02 19:55 - 2015-06-11 18:46 - 00000000 ____D C:\Users\Joe\AppData\Local\TSVNCache2016-01-02 19:55 - 2015-05-09 05:23 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-01-02 19:33 - 2015-08-17 20:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2016-01-01 00:32 - 2015-05-08 08:17 - 00000000 ____D C:\Users\Joe\AppData\Local\ClassicShell2016-01-01 00:32 - 2015-05-08 03:48 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Skype2016-01-01 00:26 - 2015-05-09 04:31 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4EDBDB83-C58F-4071-BC1C-F9FACF4F0250}2015-12-31 22:33 - 2015-06-21 11:42 - 00000080 _____ C:\Users\Joe\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦2015-12-31 22:23 - 2015-05-22 17:36 - 00000000 ____D C:\Users\Joe\AppData\Roaming\.minecraft2015-12-31 22:20 - 2015-05-22 17:35 - 00000000 ____D C:\Program Files (x86)\Minecraft2015-12-31 21:44 - 2015-05-09 04:31 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4290914269-1144193900-1776241538-10012015-12-31 19:32 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness2015-12-31 19:27 - 2015-05-09 04:26 - 00000000 ____D C:\Users\Joe\AppData\Local\Packages2015-12-31 19:27 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps2015-12-31 19:26 - 2015-05-09 04:26 - 00000000 ____D C:\Users\Joe2015-12-30 17:52 - 2015-07-22 19:31 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Spotify2015-12-30 17:43 - 2015-07-22 19:32 - 00000000 ____D C:\Users\Joe\AppData\Local\Spotify2015-12-30 16:33 - 2015-05-25 11:48 - 00000000 ____D C:\Users\Joe\AppData\Roaming\TS3Client2015-12-30 15:52 - 2015-10-11 09:21 - 00000166 _____ C:\Users\Joe\Documents\ClownfishForTeamspeak.ini2015-12-30 13:27 - 2014-11-21 03:44 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI2015-12-30 13:27 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf2015-12-30 13:21 - 2015-05-15 19:06 - 00000000 ____D C:\ProgramData\NVIDIA2015-12-30 13:21 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT2015-12-30 12:17 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp2015-12-30 12:17 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI2015-12-30 12:08 - 2015-07-01 13:48 - 00000000 ____D C:\Users\Joe\AppData\Local\CrashDumps2015-12-28 21:34 - 2015-09-24 16:19 - 00000000 ____D C:\Users\Joe\Documents\Euro Truck Simulator 22015-12-28 20:14 - 2015-09-22 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer2015-12-28 20:14 - 2015-09-22 15:41 - 00000000 ____D C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer2015-12-28 14:33 - 2015-08-17 20:42 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-12-27 23:29 - 2015-05-08 04:05 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2015-12-26 03:48 - 2014-11-21 11:03 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-12-26 03:48 - 2014-11-21 11:03 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-12-23 19:32 - 2015-07-16 11:05 - 00000000 ___RD C:\Users\Joe\Desktop\Sheeeeeit2015-12-23 19:32 - 2015-05-13 19:02 - 00000000 ____D C:\Users\Joe\AppData\Roaming\OBS2015-12-23 19:11 - 2015-09-15 10:06 - 00000000 ____D C:\Users\Joe\.gimp-2.82015-12-22 21:14 - 2013-08-22 09:44 - 00337864 _____ C:\Windows\system32\FNTCACHE.DAT2015-12-22 18:43 - 2015-05-13 19:02 - 00000000 ____D C:\Program Files\OBS2015-12-21 15:38 - 2015-10-10 18:59 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client2015-12-20 14:34 - 2015-05-15 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2015-12-20 14:34 - 2015-05-15 19:05 - 00000000 ____D C:\ProgramData\NVIDIA Corporation2015-12-20 14:05 - 2015-05-20 18:46 - 00000000 ____D C:\Users\Joe\Downloads\LiveSetup2015-12-20 12:33 - 2015-06-27 14:01 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox2015-12-20 11:44 - 2015-06-13 19:41 - 00000000 ____D C:\Users\Joe\AppData\Roaming\TeamViewer2015-12-19 20:43 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp2015-12-19 20:30 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF2015-12-18 17:45 - 2015-05-09 14:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX2015-12-18 17:45 - 2015-05-09 14:52 - 00000000 ___SD C:\Windows\system32\GWX2015-12-16 15:04 - 2015-06-21 11:41 - 00000000 ____D C:\Program Files\Rockstar Games2015-12-16 15:04 - 2015-06-21 11:41 - 00000000 ____D C:\Program Files (x86)\Rockstar Games2015-12-12 17:06 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache2015-12-11 21:41 - 2015-06-23 17:54 - 00000000 ____D C:\Users\Joe\AppData\Local\DayZ2015-12-08 22:39 - 2015-07-23 16:01 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2015-12-08 20:51 - 2015-05-15 19:20 - 01846016 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll2015-12-08 20:51 - 2015-05-15 19:20 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll2015-12-08 20:51 - 2015-05-15 19:20 - 01530240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll2015-12-08 20:51 - 2015-05-15 19:20 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll2015-12-08 16:10 - 2015-05-09 10:38 - 00000000 ____D C:\Windows\system32\MRT2015-12-08 16:06 - 2015-05-09 10:38 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-12-03 15:03 - 2015-05-08 03:48 - 00000000 ____D C:\ProgramData\Skype2015-12-03 14:54 - 2015-05-09 05:23 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-12-03 14:54 - 2015-05-09 05:23 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore ==================== Files in the root of some directories ======= 2015-10-21 16:04 - 2015-10-21 16:04 - 0003806 _____ () C:\Users\Joe\AppData\Local\recently-used.xbel Some files in TEMP:====================C:\Users\Joe\AppData\Local\Temp\nvSCPAPI.dllC:\Users\Joe\AppData\Local\Temp\nvSCPAPI64.dllC:\Users\Joe\AppData\Local\Temp\nvSCPAPISvr.exeC:\Users\Joe\AppData\Local\Temp\nvStInst.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\dnsapi.dll => File is digitally signedC:\Windows\SysWOW64\dnsapi.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-12-30 16:10 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Pilsberyhomeboy Posted January 3, 2016 Author ID:1010526 Share Posted January 3, 2016 Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015Ran by Joe (2016-01-02 20:02:27)Running from C:\Users\Joe\DownloadsWindows 8.1 (X64) (2015-05-09 09:26:16)Boot Mode: Normal========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-4290914269-1144193900-1776241538-500 - Administrator - Disabled)Guest (S-1-5-21-4290914269-1144193900-1776241538-501 - Limited - Disabled)Joe (S-1-5-21-4290914269-1144193900-1776241538-1001 - Administrator - Enabled) => C:\Users\Joe ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) «City Car Driving» version 1.5.0 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: 1.5.0 - Forward Development)7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)A3Launcher version 0.0.1.5 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.1.5 - Maca134)Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)APP Shop v1.0.13 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.13 - ASRock Inc.)Arma 3 (HKLM-x32\...\Steam App 107410) (Version: - Bohemia Interactive)ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)ASRock Restart to UEFI v1.0.3 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version: - )ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version: - ASRock Inc.)ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni)ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.8.2.0 - ASUSTek COMPUTER INC.)ASUS GPU Tweak (x32 Version: 2.8.2.0 - ASUSTek COMPUTER INC.) HiddenASUS UEFI (HKLM-x32\...\InstallShield_{926C75FA-31A5-45B9-A26D-33EF1097D569}) (Version: 1.1.1.0 - ASUSTek COMPUTER INC.)ASUS UEFI (x32 Version: 1.1.1.0 - ASUSTek COMPUTER INC.) HiddenA-Tuning v2.0.119.5 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.119.5 - )Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)Classroom Aquatic Demo (HKLM-x32\...\Steam App 317560) (Version: - Sunken Places)Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)Dev Guy (HKLM-x32\...\Steam App 351800) (Version: - )Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version: - Splash Damage®)Epic Games Launcher (HKLM\...\{7C8ED4CE-7D28-442D-AD14-C95C18A7CB1A}) (Version: 1.1.35.0 - Epic Games, Inc.)Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version: - SCS Software)Euro Truck Simulator 2 Multiplayer 0.2.0.5.1 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.5.1 Alpha - ETS2MP Team)FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)Fishing Planet (HKLM-x32\...\Steam App 380600) (Version: - Fishing Planet LLC)Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version: - Fistful of Frags Team)Fuse (HKLM-x32\...\Steam App 257400) (Version: - Mixamo)Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.29.1 - Google Inc.) HiddenGrand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version: - Rockstar North)Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version: - Reto-Moto)Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - OP Productions LLC)Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) HiddenIntel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)Intel® Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version: - Avalanche Studios)Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version: - Avalanche Studios)Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) HiddenMSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)NVIDIA Miracast Virtual Audio 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 359.06 - NVIDIA Corporation)NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version: - Running With Scissors)Project CARS (HKLM-x32\...\Steam App 234630) (Version: - Slightly Mad Studios)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)ROBLOX Player for Joe (HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)Robocraft (HKLM-x32\...\Steam App 301520) (Version: - Freejam)Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) HiddenSHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.)Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)Spintires (HKLM-x32\...\Steam App 263280) (Version: - Oovee® Game Studios)Spotify (HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.3.51560 - Electronic Arts)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)Supraball (closed beta) (HKLM-x32\...\Steam App 321400) (Version: - )TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)TortoiseSVN 1.8.11.26392 (64 bit) (HKLM\...\{11309CA9-9118-44D6-B345-83C86A5111D5}) (Version: 1.8.26392 - TortoiseSVN)Trove (HKLM-x32\...\Steam App 304050) (Version: - Trion Worlds)Unreal Development Kit: 2012-10 (HKLM\...\UDK-9557cda4-3ad9-4792-bd8e-9d00f23625ee) (Version: - Epic Games, Inc.)Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)Wireshark 1.12.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.6 - The Wireshark developer community, hxxp://www.wireshark.org)XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4290914269-1144193900-1776241538-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)CustomCLSID: HKU\S-1-5-21-4290914269-1144193900-1776241538-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Joe\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\RobloxProxy64.dll (ROBLOX Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {2118B824-5D2A-4919-AB31-DD204AB1844F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)Task: {2ADCCC17-A790-4812-9136-8F37F6097A4C} - System32\Tasks\ASUS UEFI => C:\Program Files (x86)\ASUS\UEFI\ASUS UEFI.exe [2013-06-08] (ASUS VGA)Task: {2BC2EADE-CE48-4AF3-B359-900BFC1E7BAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)Task: {51B482B3-F929-4CF0-98A8-CCB739EA4D09} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {55EDE168-9C0E-4949-BF13-9A39030399CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)Task: {6722F04B-4D25-4121-9441-53BD026AA067} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)Task: {8E33EED0-5222-48CB-A9F2-DD5212A9A01B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {9B6AB864-B736-4031-863A-84F6CB3F8B47} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {9F1BDC2B-CA9C-4FB9-86C3-1B653FE9723F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= autoTask: {C81C6327-0669-4FC3-9C89-07C5BA9D627B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)Task: {DC4DD1D5-A60F-4DC0-A59D-2EC55DC9023D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)Task: {EEE04919-C288-494A-949F-4ECF5D60A3A1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)Task: {FA3DBFA3-9C50-463E-981E-C0050A4CDE04} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-04-18] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2012-01-17 10:24 - 2012-01-17 10:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe2015-05-09 05:24 - 2013-07-25 17:04 - 00454656 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe2015-12-20 14:06 - 2015-12-08 20:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll2015-05-09 15:36 - 2015-05-09 15:36 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe2015-05-15 19:05 - 2015-11-24 13:40 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2015-10-16 05:02 - 2015-10-16 05:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll2015-03-19 18:55 - 2015-03-19 18:55 - 00088960 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll2015-10-16 05:02 - 2015-10-16 05:02 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll2014-03-20 13:43 - 2014-03-20 13:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll2015-03-19 18:29 - 2015-03-19 18:29 - 00072064 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll2015-05-15 19:20 - 2015-12-08 20:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll2015-05-08 03:57 - 2015-11-10 14:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-05-08 03:57 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll2015-05-08 03:57 - 2015-12-14 15:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll2015-05-08 03:57 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-05-08 03:57 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll2015-05-08 03:57 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2015-05-08 03:57 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2015-05-08 03:57 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2015-05-08 03:57 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2015-05-08 03:57 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2015-05-08 03:57 - 2015-12-14 15:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2015-07-21 19:14 - 2015-11-03 17:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll2015-05-08 03:57 - 2015-11-16 19:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2015-05-08 03:57 - 2015-09-24 18:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll2015-12-16 15:02 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll2015-12-16 15:02 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\Joe:Heroes & GeneralsAlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperDNS Servers: 192.168.1.1HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "XFast LAN"HKLM\...\StartupApproved\Run: => "ISCT Tray"HKLM\...\StartupApproved\Run: => "Launch LCore"HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "Skype"HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "Clownfish"HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "ooVoo.exe"HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "Spotify"HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "Spotify Web Helper"HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139FirewallRules: [{EAE21093-1E49-4A7E-8605-DE60F15B109C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{DA343498-AB2C-411B-B683-B75CF29534E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exeFirewallRules: [{C7D9A17E-595F-420E-8360-2B0DA5A122F0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{31613C54-0BEB-4183-8C1B-106B2EBF74F1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exeFirewallRules: [{AE21E921-3B2B-4DED-9077-E7FD6612E252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exeFirewallRules: [{22C12AD7-DFA6-4C27-BD28-FE80B4667052}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exeFirewallRules: [{0F21A06D-00F3-417C-A5A9-929B4F181ABD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [{DBD8EEC7-6289-4707-A88F-159D1CB8F3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeFirewallRules: [TCP Query User{8D0648D6-1A23-4DD3-8B39-BE94D52EAC48}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{A18672DC-5547-48C8-A181-AB90E6A58C56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [{61EE8DD3-B6A6-4711-B099-FB7BC8CD9D2F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exeFirewallRules: [{D41D9144-8492-453A-8F6A-E9260C3BC86C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exeFirewallRules: [{CC888242-7E11-4351-9C62-A1860EFEBC3F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exeFirewallRules: [{89E8BEAD-32FB-4239-BDE4-C6F4C569BBD1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exeFirewallRules: [{02BB9ADE-AF3E-4298-80B7-EB30997136D5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exeFirewallRules: [{5055A414-EAC6-43CA-B3EF-4AD666F7C413}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exeFirewallRules: [{B90364A3-67FD-4B90-8FAE-3C47F0A7B5D5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeFirewallRules: [{A5D59F75-8452-4957-9668-B575978E2DE1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exeFirewallRules: [{AF103D71-759A-4DB0-86B7-E5311E1FC68B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{C8C5F66D-4D96-4302-A25A-E933491A95D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeFirewallRules: [{D07A8190-EB8B-4D7B-9E86-E33EAFB6A710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeFirewallRules: [{806FBCD5-88B9-418A-850B-F79D498A7A81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exeFirewallRules: [{A65D6B1B-ECC6-4FC5-8DBD-522AC00D2202}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exeFirewallRules: [{34B6FCF1-7B47-406B-956E-AC55DDD52D47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exeFirewallRules: [{C7453CE8-8085-41F5-BE2F-642B38598B4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exeFirewallRules: [{B100320A-56CE-412B-AF21-E86EC24F8D85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exeFirewallRules: [{C60FFB81-3CB4-479D-8C6B-15B6F41A4F99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exeFirewallRules: [{D154CEE5-8202-4589-A2FF-5E415F6BF927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exeFirewallRules: [{973A92C5-1BE4-4E75-A581-A71387F9F44A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exeFirewallRules: [{11048E4E-9708-4CC0-89E7-AF99324463D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exeFirewallRules: [{ED94280A-932F-491E-904F-DFFEAF235A93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exeFirewallRules: [{254F20A8-629F-4849-9A7E-CAB66EE318BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exeFirewallRules: [{0DCB6333-EE97-4417-B033-933635381883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exeFirewallRules: [{6E071A23-9C3C-4554-A3DA-9ECE3B74E3CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exeFirewallRules: [{E2468351-AAA4-4347-A6F1-7A4589D56533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exeFirewallRules: [{E81CC901-497F-418D-AC49-9087E8688535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exeFirewallRules: [{FE848C39-2F4B-4385-BE9C-BBE89AC3AB62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exeFirewallRules: [{55163AE8-85DA-4BD2-85D3-8D70CE8243BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exeFirewallRules: [{AF763021-AD00-4B37-86B0-525129A5F488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dev Guy\Binaries\Win64\Dev Guy.exeFirewallRules: [{62A6A8F5-58F0-4427-865E-8CA635C9CEE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dev Guy\Binaries\Win64\Dev Guy.exeFirewallRules: [{090C8219-2C8A-4544-BDE5-F857EE6AE942}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supraball\launcher\supraball-launcher.exeFirewallRules: [{7EBC6276-6739-4D1C-A00A-C0E164446D7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supraball\launcher\supraball-launcher.exeFirewallRules: [{C023F3A1-7683-4DAD-B003-6727C388947B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exeFirewallRules: [{1F935250-D639-4E63-A36E-FB1F1C6651C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exeFirewallRules: [{90EADEDE-9D25-437E-9211-9F358F1F5929}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exeFirewallRules: [{A4B0996C-D28E-4492-AF0D-B600778B7924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exeFirewallRules: [{AD7CE437-CE0F-4A81-8F27-1FF9D8585EB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exeFirewallRules: [{B9406DB7-3871-429D-9511-63D79119B148}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exeFirewallRules: [{386C10FF-ED40-422F-8D12-F1271E06BAC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exeFirewallRules: [{292BF04B-9AEE-46A9-BF2A-EF81EDA178E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exeFirewallRules: [{C1B1F126-6030-45F9-AC6D-1E43EF7489CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exeFirewallRules: [{CE797326-64E9-4F1B-A005-BD3C62174461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exeFirewallRules: [TCP Query User{1C5C6B3D-A4BD-4AAE-9067-FBECFAA823CE}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{43BDCE5E-705C-4946-A8E9-3EC645A99ADE}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exeFirewallRules: [TCP Query User{3B0E138E-6A6F-4239-B6B5-2FE9C948EEC7}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exeFirewallRules: [uDP Query User{F44D20B2-A764-4855-B93A-2CDF613E362E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exeFirewallRules: [{F94879BE-B715-467E-B701-40033FCFE4AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeFirewallRules: [{91AD5BA0-FC3D-485C-9772-D73904082236}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exeFirewallRules: [{D74AB4CD-7564-4796-BDD6-0FA6A5793227}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exeFirewallRules: [{0760AEF2-F323-4526-9CC5-9CC2DA45E555}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{E35349BC-A9FD-4D8B-80DC-94C432784623}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exeFirewallRules: [{2B1572CE-EBCB-4AB8-B246-48883E7AA83A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exeFirewallRules: [{750C429C-E38D-460B-934C-676D2BBDCBE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exeFirewallRules: [{CCD6F18C-8654-4889-AB28-BC60596390BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Classroom Aquatic Demo\game.exeFirewallRules: [{393FDFF1-A405-46F1-A818-D6A8052A1078}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Classroom Aquatic Demo\game.exeFirewallRules: [{9DEB9FD7-1A40-4DB0-8F79-38AB26F1BE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The War Z\WarZlauncher.exeFirewallRules: [{F347E68F-B1D7-40A4-9F86-0F38A14E6535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The War Z\WarZlauncher.exeFirewallRules: [TCP Query User{D35E6945-EB6D-42C6-BAA9-5A8F8E6E3ADD}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exeFirewallRules: [uDP Query User{907490F8-7518-422C-B92E-90DBDCD7777C}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exeFirewallRules: [TCP Query User{15D7515F-323F-4A41-9EC3-6146D0C152E7}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exeFirewallRules: [uDP Query User{B9F67C99-A4F3-44B3-B1CD-1554C661456C}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exeFirewallRules: [TCP Query User{92441597-8317-4E3B-833F-A4FAF5CF4FFD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [uDP Query User{D73D0EB1-81E9-4DCE-ABFB-50B7B379B12D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exeFirewallRules: [TCP Query User{86280866-AB8B-450D-B5F4-71FE3AFBC80D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [uDP Query User{AC62CB7C-90B6-4691-B0F0-6A3280D119A1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exeFirewallRules: [{BD4C2244-8DBB-41E3-B754-3BF0CD246669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exeFirewallRules: [{6F355B88-EABF-478F-9DD2-40869EB9FF2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exeFirewallRules: [TCP Query User{863C5E16-E8ED-48AA-AB1A-E713ABF6BE03}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exeFirewallRules: [uDP Query User{D2E2F008-8EA3-42A5-B487-FB7809BFBA65}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exeFirewallRules: [{C52F5F1E-BF33-4BF2-B57D-5375D38C0DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exeFirewallRules: [{25931B09-EE94-4076-A9B4-BB5E71D4C3AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exeFirewallRules: [{5D84E4BC-FC31-4E56-8A8D-99CF8B64569C}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exeFirewallRules: [{2CF3E978-6AA3-49F1-BA87-9F8E6666D897}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exeFirewallRules: [TCP Query User{A206236D-E01C-4040-B34F-DA10341BFD0C}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exeFirewallRules: [uDP Query User{93814377-F05D-46FA-9D7A-30861C5121CB}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exeFirewallRules: [{94FBA8C9-96BB-4140-A9B5-F8CE6ACB93DB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exeFirewallRules: [{B936FE67-DA4D-4561-AA2B-26A2A045A079}] => (Allow) LPort=2869FirewallRules: [{F751DA71-2EF1-4482-B0FC-B50D126BBE1D}] => (Allow) LPort=1900FirewallRules: [{4BB970F7-19D5-4339-B797-AACEB6049107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exeFirewallRules: [{3ED81FA4-3486-4955-BF91-349712553633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exeFirewallRules: [TCP Query User{B7E1D5EC-6719-400F-A6C2-46E317B45A8C}C:\darkrp\srcds.exe] => (Allow) C:\darkrp\srcds.exeFirewallRules: [uDP Query User{EFB3FCFB-3439-472F-98EE-23C4D5F3C9C9}C:\darkrp\srcds.exe] => (Allow) C:\darkrp\srcds.exeFirewallRules: [{DD75CD25-B2AE-485C-8241-2A0B883D6BA0}] => (Allow) C:\Program Files (x86)\Forward Development\City Car Driving Home Edition\bin\win32\starter.exeFirewallRules: [{3FED0629-D666-47D3-B87C-2CC1D4757995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exeFirewallRules: [{24AC2EBE-524B-490E-96B4-E0A7D0CB8A65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exeFirewallRules: [{73778357-AE5A-4547-A48D-5925FAF3DF12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exeFirewallRules: [TCP Query User{170F9183-2295-4A92-A495-E62C4B52B21C}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exeFirewallRules: [uDP Query User{3D3BD0A8-4925-4738-B28F-6D2A467AD784}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exeFirewallRules: [{89232FCC-D6EA-4616-BF80-F313E105DECC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exeFirewallRules: [{03B53CE2-3290-4F60-8C1B-914F56915CCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exeFirewallRules: [{44AA64EF-1564-4AB6-8C8C-CE9C9FBFCC8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeFirewallRules: [{81010B5F-77EA-4C1C-8813-283FAD0F714E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeFirewallRules: [TCP Query User{20DDA456-9285-4828-9FAA-687358C6920A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exeFirewallRules: [uDP Query User{9EA7F6E2-8AD8-49D3-9F58-B9ABA00DF16D}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exeFirewallRules: [{42B047CF-CA04-42D3-A927-4454EC38364E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exeFirewallRules: [{3B56A04D-1EED-4C2D-9B69-984A8C89088C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exeFirewallRules: [{F44E637F-59EA-4024-9E2B-73AACF4A38B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exeFirewallRules: [{19C2C2B7-9D11-47CF-83A8-218616629B24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exeFirewallRules: [{AA7FFCF0-0661-4920-9AF2-CDF85B171233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exeFirewallRules: [{AAEC2406-C09A-4B31-B8DB-A8317225EE5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exeFirewallRules: [{7C4376AB-2E7E-44AC-BE26-A2133977CD90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exeFirewallRules: [{DBF266EA-841F-496F-9B08-F2E474905D34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exeFirewallRules: [TCP Query User{201F76B4-33DE-44E2-BB61-F038585555DC}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exeFirewallRules: [uDP Query User{FD9DF36D-AC18-4824-A585-08F07A60D0FA}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exeFirewallRules: [{ECE95086-583D-4011-8E58-91500794F6BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\pCars\pCARS64.exeFirewallRules: [{5587E2BA-55A5-4CAE-B6DF-4AF8185C8FB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\pCars\pCARS64.exeFirewallRules: [{008EA107-3B0D-4534-B680-D0EE36B1B243}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exeFirewallRules: [{58EDC81E-B172-4356-B251-3AD402E77E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exeFirewallRules: [TCP Query User{1A060E19-5B86-4F1B-8706-268885159C53}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exeFirewallRules: [uDP Query User{13BACE4D-78C8-4306-84B9-78CF631860D5}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exeFirewallRules: [TCP Query User{C2FC6A23-AE7C-436E-B987-49183D9416AD}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exeFirewallRules: [uDP Query User{CA547064-6D64-4438-B444-7019C0C0EE45}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe ==================== Restore Points ========================= 28-12-2015 22:01:17 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (12/31/2015 07:27:39 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: JOE_GAMING_PC)Description: windows_ie_ac_0013 Error: (12/31/2015 07:23:58 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider database Error: (12/30/2015 12:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: ASUS UEFI.exe, version: 1.1.1.0, time stamp: 0x51b2d9e3Faulting module name: Exeio.dll, version: 1.0.4.0, time stamp: 0x513ec0adException code: 0xc0000005Fault offset: 0x00004df8Faulting process id: 0xd1cFaulting application start time: 0xASUS UEFI.exe0Faulting application path: ASUS UEFI.exe1Faulting module path: ASUS UEFI.exe2Report Id: ASUS UEFI.exe3Faulting package full name: ASUS UEFI.exe4Faulting package-relative application ID: ASUS UEFI.exe5 Error: (12/29/2015 01:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: ASUS UEFI.exe, version: 1.1.1.0, time stamp: 0x51b2d9e3Faulting module name: Exeio.dll, version: 1.0.4.0, time stamp: 0x513ec0adException code: 0xc0000005Fault offset: 0x00004df8Faulting process id: 0x11acFaulting application start time: 0xASUS UEFI.exe0Faulting application path: ASUS UEFI.exe1Faulting module path: ASUS UEFI.exe2Report Id: ASUS UEFI.exe3Faulting package full name: ASUS UEFI.exe4Faulting package-relative application ID: ASUS UEFI.exe5 Error: (12/29/2015 10:40:20 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: ASUS UEFI.exe, version: 1.1.1.0, time stamp: 0x51b2d9e3Faulting module name: Exeio.dll, version: 1.0.4.0, time stamp: 0x513ec0adException code: 0xc0000005Fault offset: 0x00004df8Faulting process id: 0x1140Faulting application start time: 0xASUS UEFI.exe0Faulting application path: ASUS UEFI.exe1Faulting module path: ASUS UEFI.exe2Report Id: ASUS UEFI.exe3Faulting package full name: ASUS UEFI.exe4Faulting package-relative application ID: ASUS UEFI.exe5 Error: (12/28/2015 11:58:21 AM) (Source: Perflib) (EventID: 1008) (User: )Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4 Error: (12/28/2015 11:58:20 AM) (Source: Perflib) (EventID: 1023) (User: )Description: rdyboost4 Error: (12/28/2015 11:58:20 AM) (Source: PerfNet) (EventID: 2004) (User: )Description: Error: (12/28/2015 11:58:20 AM) (Source: Perflib) (EventID: 1008) (User: )Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4 Error: (12/28/2015 11:58:20 AM) (Source: Perflib) (EventID: 1008) (User: )Description: LsaC:\Windows\System32\Secur32.dll4 System errors:=============Error: (12/31/2015 04:15:20 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/31/2015 04:14:50 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/31/2015 10:31:22 AM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/31/2015 10:30:52 AM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/30/2015 04:22:19 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/30/2015 04:11:03 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (12/30/2015 04:10:33 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (12/30/2015 01:21:31 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 12:56:22 PM on 12/30/2015 was unexpected. Error: (12/30/2015 12:05:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The IOMap service failed to start due to the following error: %%2 Error: (12/30/2015 12:05:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The IOMap service failed to start due to the following error: %%2 ==================== Memory info =========================== Processor: Intel® Core i5-4690K CPU @ 3.50GHzPercentage of memory in use: 27%Total physical RAM: 8149.57 MBAvailable physical RAM: 5868.15 MBTotal Virtual: 10402.54 MBAvailable Virtual: 7414.19 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:577.34 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D79A418)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 3, 2016 ID:1010562 Share Posted January 3, 2016 Can you please attach not paste both reports? Thanks Link to post Share on other sites More sharing options...
Pilsberyhomeboy Posted January 3, 2016 Author ID:1010660 Share Posted January 3, 2016 Oh sorry man hereFRST.txtAddition.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 3, 2016 ID:1010690 Share Posted January 3, 2016 Your PC isn't infected. Link to post Share on other sites More sharing options...
Pilsberyhomeboy Posted January 4, 2016 Author ID:1010696 Share Posted January 4, 2016 Your PC isn't infected.Then how do you explain me coming home with all these downloads at the bottom of my screen, it wasn't me and nobody was home Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 4, 2016 ID:1010802 Share Posted January 4, 2016 Do you have any problems now with your PC? Link to post Share on other sites More sharing options...
Pilsberyhomeboy Posted January 5, 2016 Author ID:1010907 Share Posted January 5, 2016 I am almost 90% sure there is an infection on my PC, it crashes sometimes and was able to open Google chrome and download files without my permission or awareness. I would really like to run some more scans or flush my DNS just to be 100% sure that my computer is clean. If you can show me some more scans/tests I can do for my PC, your help is greatly appreciated, thank you. Link to post Share on other sites More sharing options...
Pilsberyhomeboy Posted January 5, 2016 Author ID:1010910 Share Posted January 5, 2016 Do you have any problems now with your PC?I was just looking at my FRST scans and found this: 2015-12-31 22:33 - 2015-06-21 11:42 - 00000080 _____ C:\Users\Joe\AppData\Local剜捯獫慴慇敭屳呇⁁屖湥楴汴浥湥湩潦 I really don't know what this is because I don't think i should be seeing Japanese characters. I think more scans would be appropriate. Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 6, 2016 ID:1011023 Share Posted January 6, 2016 This file is okay, I have it too on my PC. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 12, 2016 Root Admin ID:1012111 Share Posted January 12, 2016 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts