Jump to content

Help with Trojan Backdoor (From Bitcoin Miner)


Recommended Posts

Hello, I recently purchased a bitcoin miner so me and my friends can mine. The next day I woke up in the morning and turned on my PC and started a steam download for a game so it would download when I was at school. When I returned from school I saw chrome open with a fake adobe flash player website and at the bottom of chrome, the download bar was full of stuff I didn't download. I've done endless scans with Malware bytes (yes I have premium) and nothing has been detected. Also my PC crashes a lot, not from overheating because I have 4 case fans and a water cooler and the temperature never goes past 70•F. I don't know what other programs this one virus has downloaded but I'm afraid I might also have a keylogger so I haven't been signing into my steam account or my emails. Any help would be greatly appreciated. Also I have about 4 different MBAM services running. Thank you :)

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015

Ran by Joe (administrator) on JOE_GAMING_PC (02-01-2016 20:01:50)

Running from C:\Users\Joe\Downloads

Loaded Profiles: Joe (Available Profiles: Joe)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe

() C:\Windows\SysWOW64\ASGT.exe

() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe

() C:\Windows\System32\PnkBstrA.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

(NVIDIA Corporation) C:\Users\Joe\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coNatHst.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)

HKLM\...\Run: [XFast LAN] => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe [2009952 2013-05-31] (cFos Software GmbH)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)

HKLM\...\Run: [iSCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-08-25] (Intel Corporation)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)

HKLM\...\Run: [shadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)

HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [ASRock A-Tuning] => [X]

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [ASRockRuefi] => [X]

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [3013712 2015-12-14] (Valve Corporation)

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1341192 2015-05-20] (Bogdan Sharkov)

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-27] (SUPERAntiSpyware)

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [spotify Web Helper] => C:\Users\Joe\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-19] (Spotify Ltd)

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-19] (Piriform Ltd)

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50515576 2015-11-30] (Skype Technologies S.A.)

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Run: [spotify] => C:\Users\Joe\AppData\Roaming\Spotify\Spotify.exe [8387696 2015-12-19] (Spotify Ltd)

HKU\S-1-5-18\...\Run: [] => 0

ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{5500B69B-CE55-4987-9FB7-28159B7F4EE7}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)

Toolbar: HKU\S-1-5-21-4290914269-1144193900-1776241538-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-28] ()

FF Plugin: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelogx64.dll [2015-04-23] (EA Digital Illusions CE AB)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-28] ()

FF Plugin-x32: @esn/npbattlelog,version=2.7.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.0\npbattlelog.dll [2015-04-23] (EA Digital Illusions CE AB)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-24] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-24] (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin HKU\S-1-5-21-4290914269-1144193900-1776241538-1001: @nsroblox.roblox.com/launcher -> C:\Users\Joe\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)

FF Plugin HKU\S-1-5-21-4290914269-1144193900-1776241538-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Joe\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)

FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn

FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.11.42\coFFPlgn [2015-12-30]

 

Chrome: 

=======

CHR StartupUrls: Default -> "hxxps://www.google.com/"

CHR Profile: C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-08]

CHR Extension: (BetterTTV) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2015-08-17]

CHR Extension: (Google Docs) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-08]

CHR Extension: (Google Drive) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]

CHR Extension: (Google Search) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Google Sheets) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-08]

CHR Extension: (Google Docs Offline) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]

CHR Extension: (AdRemover for Google Chrome™) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2015-05-11]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]

CHR Extension: (Norton Security Toolbar) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-08-10]

CHR Extension: (Gmail) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-08]

CHR Extension: (Abstract-Blue) - C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2015-05-08]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-22]

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-07-22]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)

R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]

R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [454656 2013-07-25] () [File not signed]

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1257504 2015-12-28] ()

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)

S3 celavimushost; C:\Program Files (x86)\CEVO\CSGO Client Beta\CelavimusClientHelper.exe [124120 2015-11-15] (altPUG LLC)

R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [652640 2013-05-31] (cFos Software GmbH)

S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [235744 2015-05-26] (EasyAntiCheat Ltd)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-05-21] (Intel Corporation)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-03-20] (Intel Corporation)

S2 iSCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-08-25] ()

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)

R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)

R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)

R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)

R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2078216 2015-10-09] (Electronic Arts)

R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-05-09] ()

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-05-09] ()

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-02-27] ()

R3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2015-05-09] (ASRock Incorporation)

R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)

R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)

R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-02-03] (Intel Corporation)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [44296 2015-03-30] (LogMeIn Inc.)

S3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [3791872 2014-05-21] (Intel Corporation) [File not signed]

R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()

R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [22728 2014-05-27] ()

S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()

R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2013-02-19] (ASUSTeK Computer Inc.)

R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()

R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)

R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-02] (Malwarebytes)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)

R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)

R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-07-09] (Oracle Corporation)

R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146072 2015-07-09] (Oracle Corporation)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]

S3 iwdbus; \SystemRoot\System32\drivers\iwdbus.sys [X]

U2 TMAgent; no ImagePath

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-02 20:01 - 2016-01-02 20:02 - 00026618 _____ C:\Users\Joe\Downloads\FRST.txt

2016-01-02 20:01 - 2016-01-02 20:01 - 02370560 _____ (Farbar) C:\Users\Joe\Downloads\FRST64.exe

2016-01-02 20:01 - 2016-01-02 20:01 - 00000000 ____D C:\FRST

2016-01-02 19:55 - 2013-02-19 17:02 - 00024824 _____ (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys

2015-12-31 19:31 - 2015-12-31 21:39 - 00000000 ____D C:\Users\Joe\AppData\Roaming\vlc

2015-12-31 19:31 - 2015-12-31 19:31 - 00001086 _____ C:\Users\Public\Desktop\VLC media player.lnk

2015-12-31 19:31 - 2015-12-31 19:31 - 00000000 ____D C:\Users\Joe\AppData\Roaming\dvdcss

2015-12-31 19:31 - 2015-12-31 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2015-12-31 19:30 - 2015-12-31 19:30 - 28849904 _____ C:\Users\Joe\Downloads\vlc-2.2.1-win32.exe

2015-12-31 19:30 - 2015-12-31 19:30 - 00000000 ____D C:\Program Files (x86)\VideoLAN

2015-12-31 19:27 - 2015-12-31 19:27 - 00000000 ___HD C:\OneDriveTemp

2015-12-31 19:26 - 2016-01-02 19:55 - 00000000 ___RD C:\Users\Joe\OneDrive

2015-12-30 15:49 - 2015-12-30 15:49 - 00000947 _____ C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\TeamSpeak 3 Client.lnk

2015-12-30 12:57 - 2016-01-02 19:55 - 00002972 _____ C:\Windows\System32\Tasks\AsrSP.exe

2015-12-29 23:53 - 2015-12-29 23:53 - 00001988 _____ C:\Users\Joe\Desktop\mc acc.txt

2015-12-28 20:13 - 2015-12-28 20:14 - 16920266 _____ C:\Users\Joe\Downloads\ets2mp_20510 (1).zip

2015-12-28 19:34 - 2015-12-28 22:27 - 00000000 ____D C:\Program Files (x86)\A3Launcher

2015-12-28 19:34 - 2015-12-28 19:34 - 00001047 _____ C:\Users\Public\Desktop\A3Launcher.lnk

2015-12-28 19:34 - 2015-12-28 19:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A3Launcher

2015-12-28 19:33 - 2015-12-28 19:33 - 14946192 _____ (Maca134 ) C:\Users\Joe\Downloads\setup_a3launcher.exe

2015-12-28 18:41 - 2015-12-31 11:25 - 00000000 ____D C:\Users\Joe\AppData\Local\Arma 3

2015-12-28 18:41 - 2015-12-28 18:44 - 00000000 ____D C:\Users\Joe\Documents\Arma 3

2015-12-28 18:41 - 2015-12-28 18:41 - 00000000 ____D C:\ProgramData\Bohemia Interactive

2015-12-28 18:40 - 2015-12-28 18:42 - 00000000 ____D C:\Users\Joe\AppData\Local\Arma 3 Launcher

2015-12-28 18:40 - 2015-12-28 18:40 - 00000000 ____D C:\Users\Joe\AppData\Local\Bohemia_Interactive

2015-12-27 23:29 - 2015-12-27 23:29 - 00000222 _____ C:\Users\Joe\Desktop\Arma 3.url

2015-12-27 22:31 - 2015-12-28 20:14 - 00001205 _____ C:\Users\Public\Desktop\Play Euro Truck Simulator 2 Multiplayer.lnk

2015-12-27 22:29 - 2015-12-27 22:29 - 16920266 _____ C:\Users\Joe\Downloads\ets2mp_20510.zip

2015-12-27 18:08 - 2015-12-27 18:14 - 00000000 ____D C:\Users\Joe\Documents\Project CARS

2015-12-27 18:08 - 2015-12-27 18:08 - 00000000 ____D C:\Users\Joe\Documents\wmd_symbol_cache

2015-12-27 14:36 - 2015-12-30 13:06 - 00000000 ____D C:\Users\Joe\Documents\Assetto Corsa

2015-12-27 14:26 - 2015-12-27 14:26 - 00000222 _____ C:\Users\Joe\Desktop\Project CARS.url

2015-12-27 13:30 - 2015-12-27 15:51 - 00000000 ____D C:\Users\Joe\AppData\Roaming\SpinTires

2015-12-27 13:26 - 2015-12-27 13:26 - 00000222 _____ C:\Users\Joe\Desktop\Spintires.url

2015-12-27 13:22 - 2015-12-27 13:22 - 00000000 ____D C:\Program Files\Logitech

2015-12-27 13:22 - 2015-12-27 13:22 - 00000000 ____D C:\Program Files\Common Files\Logitech

2015-12-27 13:21 - 2015-12-27 13:22 - 17276616 _____ (Logitech ) C:\Users\Joe\Downloads\lgs510_x64.exe

2015-12-27 13:17 - 2015-12-27 13:17 - 00000222 _____ C:\Users\Joe\Desktop\Assetto Corsa.url

2015-12-22 21:15 - 2015-12-27 13:39 - 00000000 ____D C:\Users\Joe\AppData\Local\Logitech

2015-12-22 21:12 - 2015-12-27 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2015-12-22 21:12 - 2015-12-22 21:13 - 00000000 ____D C:\Program Files\Logitech Gaming Software

2015-12-22 21:11 - 2015-12-22 21:11 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Logitech

2015-12-22 21:11 - 2015-12-22 21:11 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Logishrd

2015-12-22 21:10 - 2015-12-22 21:11 - 97288008 _____ (Logitech Inc.) C:\Users\Joe\Downloads\LGS_8.76.155_x64_Logitech.exe

2015-12-20 14:34 - 2015-11-24 13:29 - 00102704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2015-12-20 14:33 - 2015-11-24 18:10 - 42913912 _____ C:\Windows\system32\nvcompiler.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 37882488 _____ C:\Windows\SysWOW64\nvcompiler.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 22310008 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 16553568 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 15717672 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 15122296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 14835872 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 13527248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 12034248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 11131184 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2015-12-20 14:33 - 2015-11-24 18:10 - 02870392 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 02490488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435906.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435906.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00878816 _____ C:\Windows\system32\nvmcumd.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00877360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00861816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00689272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00673912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00501056 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00467912 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00422056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00413816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00388024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00369272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2015-12-20 14:33 - 2015-11-24 18:10 - 00177600 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00155792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll

2015-12-20 14:33 - 2015-11-24 18:10 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2015-12-20 14:06 - 2015-12-08 20:51 - 00111520 _____ C:\Windows\system32\NvRtmpStreamer64.dll

2015-12-20 10:07 - 2015-12-20 10:07 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk

2015-12-20 10:07 - 2015-12-20 10:07 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2015-12-20 10:06 - 2015-12-20 10:06 - 09616448 _____ (TeamViewer GmbH) C:\Users\Joe\Downloads\TeamViewer_Setup_en.exe

2015-12-19 20:42 - 2015-12-19 20:42 - 00000000 ___HD C:\ProgramData\CanonBJ

2015-12-19 20:42 - 2012-04-16 05:00 - 00389120 _____ (CANON INC.) C:\Windows\system32\CNMLMBB.DLL

2015-12-08 14:48 - 2015-11-22 01:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-12-08 14:48 - 2015-11-22 01:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-12-08 14:48 - 2015-11-22 01:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi

2015-12-08 14:48 - 2015-11-22 01:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe

2015-12-08 14:48 - 2015-11-22 01:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi

2015-12-08 14:48 - 2015-11-22 01:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe

2015-12-08 14:48 - 2015-11-22 01:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-12-08 14:48 - 2015-11-21 13:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2015-12-08 14:48 - 2015-11-21 12:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2015-12-08 14:48 - 2015-11-21 11:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll

2015-12-08 14:48 - 2015-11-21 11:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll

2015-12-08 14:48 - 2015-11-21 11:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll

2015-12-08 14:48 - 2015-11-21 11:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll

2015-12-08 14:48 - 2015-11-20 17:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-12-08 14:48 - 2015-11-20 13:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-12-08 14:48 - 2015-11-20 11:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-12-08 14:48 - 2015-11-20 11:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-12-08 14:48 - 2015-11-20 11:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-12-08 14:48 - 2015-11-20 11:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2015-12-08 14:48 - 2015-11-20 11:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-12-08 14:48 - 2015-11-20 11:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-12-08 14:48 - 2015-11-20 11:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-12-08 14:48 - 2015-11-20 11:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-12-08 14:48 - 2015-11-20 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-12-08 14:48 - 2015-11-20 11:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-12-08 14:48 - 2015-11-20 11:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-12-08 14:48 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-12-08 14:48 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-12-08 14:48 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2015-12-08 14:48 - 2015-11-11 10:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2015-12-08 14:48 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-12-08 14:48 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-12-08 14:48 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-12-08 14:48 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2015-12-08 14:48 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-12-08 14:48 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2015-12-08 14:48 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-12-08 14:48 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-12-08 14:48 - 2015-11-09 18:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-12-08 14:48 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2015-12-08 14:48 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2015-12-08 14:48 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-12-08 14:48 - 2015-11-09 18:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2015-12-08 14:48 - 2015-11-09 18:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2015-12-08 14:48 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-12-08 14:48 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-12-08 14:48 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-12-08 14:48 - 2015-11-08 19:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2015-12-08 14:48 - 2015-11-08 17:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-12-08 14:48 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-12-08 14:48 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-12-08 14:48 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-12-08 14:48 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-12-08 14:48 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-12-08 14:48 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-12-08 14:48 - 2015-11-08 16:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2015-12-08 14:48 - 2015-11-08 16:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-12-08 14:48 - 2015-11-08 16:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2015-12-08 14:48 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2015-12-08 14:48 - 2015-11-08 16:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-12-08 14:48 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-12-08 14:48 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-12-08 14:48 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-12-08 14:48 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-12-08 14:48 - 2015-11-08 16:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2015-12-08 14:48 - 2015-11-08 16:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll

2015-12-08 14:48 - 2015-11-08 15:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2015-12-08 14:48 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-12-08 14:48 - 2015-11-08 15:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll

2015-12-08 14:48 - 2015-11-08 15:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2015-12-08 14:48 - 2015-11-08 15:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2015-12-08 14:48 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-12-08 14:48 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-12-08 14:48 - 2015-11-05 03:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys

2015-12-08 14:48 - 2015-10-28 10:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2015-12-08 14:48 - 2015-10-28 10:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2015-12-08 14:48 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll

2015-12-08 14:48 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL

2015-12-08 14:48 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL

2015-12-08 14:48 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL

2015-12-08 14:48 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll

2015-12-08 14:48 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL

2015-12-08 14:48 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL

2015-12-08 14:48 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL

2015-12-08 14:48 - 2015-10-22 11:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll

2015-12-08 14:48 - 2015-10-22 11:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll

2015-12-08 14:48 - 2015-10-22 10:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll

2015-12-08 14:48 - 2015-10-22 10:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll

2015-12-08 14:48 - 2015-10-22 09:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls

2015-12-08 14:48 - 2015-10-22 09:08 - 00513456 _____ C:\Windows\system32\locale.nls

2015-12-08 14:48 - 2015-10-11 01:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS

2015-12-08 14:48 - 2015-10-11 01:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2015-12-08 14:48 - 2015-10-11 01:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2015-12-08 14:48 - 2015-10-11 01:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2015-12-08 14:48 - 2015-10-11 01:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2015-12-08 14:48 - 2015-10-10 13:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2015-12-08 14:48 - 2015-10-10 13:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys

2015-12-08 14:48 - 2015-10-10 13:40 - 00078848 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\winusb.sys

2015-12-08 14:48 - 2015-10-10 12:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll

2015-12-08 14:48 - 2015-10-08 11:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll

2015-12-08 14:48 - 2015-10-08 10:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll

2015-12-08 14:48 - 2015-10-03 14:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-12-08 14:48 - 2015-10-03 14:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-12-08 14:47 - 2015-10-05 13:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe

2015-12-08 14:47 - 2015-10-05 13:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2015-12-03 20:38 - 2015-12-03 20:43 - 00000000 ____D C:\ProgramData\TEMP

2015-12-03 20:38 - 2015-12-03 20:38 - 00000000 ____D C:\Users\Joe\Documents\Forward Development

2015-12-03 20:38 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll

2015-12-03 20:38 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll

2015-12-03 20:38 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll

2015-12-03 20:38 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll

2015-12-03 20:38 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll

2015-12-03 20:38 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll

2015-12-03 20:38 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll

2015-12-03 20:38 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll

2015-12-03 20:38 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll

2015-12-03 20:38 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll

2015-12-03 20:38 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2015-12-03 20:38 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2015-12-03 20:38 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll

2015-12-03 20:38 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll

2015-12-03 20:38 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2015-12-03 20:38 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll

2015-12-03 20:38 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2015-12-03 20:38 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll

2015-12-03 20:38 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2015-12-03 20:38 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2015-12-03 20:38 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll

2015-12-03 20:38 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll

2015-12-03 20:38 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2015-12-03 20:38 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll

2015-12-03 20:38 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2015-12-03 20:38 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll

2015-12-03 20:38 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll

2015-12-03 20:38 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2015-12-03 20:38 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2015-12-03 20:38 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll

2015-12-03 20:38 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2015-12-03 20:38 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll

2015-12-03 20:38 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2015-12-03 20:38 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2015-12-03 20:38 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll

2015-12-03 20:38 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll

2015-12-03 20:38 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2015-12-03 20:38 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll

2015-12-03 20:38 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2015-12-03 20:38 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll

2015-12-03 20:38 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll

2015-12-03 20:38 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll

2015-12-03 20:38 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll

2015-12-03 20:38 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll

2015-12-03 20:38 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2015-12-03 20:38 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2015-12-03 20:38 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll

2015-12-03 20:38 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll

2015-12-03 20:38 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2015-12-03 20:38 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll

2015-12-03 20:38 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2015-12-03 20:38 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll

2015-12-03 20:38 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2015-12-03 20:38 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll

2015-12-03 20:38 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2015-12-03 20:38 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll

2015-12-03 20:38 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2015-12-03 20:38 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2015-12-03 20:38 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll

2015-12-03 20:38 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll

2015-12-03 20:38 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2015-12-03 20:38 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll

2015-12-03 20:38 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2015-12-03 20:38 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2015-12-03 20:38 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll

2015-12-03 20:38 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2015-12-03 20:38 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll

2015-12-03 20:38 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2015-12-03 20:38 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll

2015-12-03 20:38 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll

2015-12-03 20:38 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2015-12-03 20:38 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2015-12-03 20:38 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll

2015-12-03 20:38 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll

2015-12-03 20:38 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2015-12-03 20:38 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2015-12-03 20:38 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll

2015-12-03 20:38 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll

2015-12-03 20:38 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2015-12-03 20:38 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll

2015-12-03 20:38 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2015-12-03 20:38 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll

2015-12-03 20:38 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2015-12-03 20:38 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll

2015-12-03 20:38 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2015-12-03 20:38 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2015-12-03 20:38 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll

2015-12-03 20:38 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll

2015-12-03 20:38 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2015-12-03 20:38 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll

2015-12-03 20:38 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2015-12-03 20:38 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll

2015-12-03 20:38 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2015-12-03 20:38 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll

2015-12-03 20:38 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2015-12-03 20:38 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll

2015-12-03 20:38 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2015-12-03 20:38 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll

2015-12-03 20:38 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2015-12-03 20:38 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll

2015-12-03 20:38 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2015-12-03 20:38 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll

2015-12-03 20:38 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2015-12-03 20:38 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll

2015-12-03 20:38 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2015-12-03 20:38 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll

2015-12-03 20:38 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2015-12-03 20:38 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll

2015-12-03 20:38 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2015-12-03 20:38 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll

2015-12-03 20:38 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2015-12-03 20:38 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll

2015-12-03 20:38 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2015-12-03 20:38 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll

2015-12-03 20:38 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2015-12-03 20:38 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll

2015-12-03 20:38 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2015-12-03 20:38 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll

2015-12-03 20:38 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2015-12-03 20:38 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll

2015-12-03 20:38 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2015-12-03 20:38 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll

2015-12-03 20:38 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2015-12-03 20:38 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll

2015-12-03 20:38 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2015-12-03 20:38 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll

2015-12-03 20:38 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2015-12-03 20:38 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll

2015-12-03 20:38 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2015-12-03 20:38 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll

2015-12-03 20:38 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2015-12-03 20:38 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll

2015-12-03 20:38 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2015-12-03 20:38 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll

2015-12-03 20:38 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2015-12-03 20:38 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2015-12-03 20:38 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll

2015-12-03 20:38 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll

2015-12-03 20:38 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2015-12-03 20:38 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll

2015-12-03 20:38 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2015-12-03 20:38 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2015-12-03 20:38 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll

2015-12-03 20:38 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll

2015-12-03 20:38 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll

2015-12-03 20:38 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2015-12-03 20:38 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2015-12-03 20:38 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2015-12-03 20:38 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll

2015-12-03 20:38 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll

2015-12-03 20:38 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2015-12-03 20:38 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll

2015-12-03 20:38 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2015-12-03 20:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll

2015-12-03 20:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2015-12-03 20:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll

2015-12-03 20:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2015-12-03 20:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll

2015-12-03 20:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2015-12-03 20:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll

2015-12-03 20:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2015-12-03 20:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll

2015-12-03 20:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2015-12-03 20:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll

2015-12-03 20:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2015-12-03 20:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll

2015-12-03 20:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2015-12-03 20:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll

2015-12-03 20:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2015-12-03 20:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll

2015-12-03 20:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2015-12-03 20:36 - 2015-12-03 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forward Development

2015-12-03 19:51 - 2015-12-03 20:30 - 1222067228 _____ (Forward Development ) C:\Users\Joe\Downloads\CityCarDriving_En.exe

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-01-02 20:01 - 2013-08-22 08:36 - 00000000 ____D C:\Windows

2016-01-02 20:00 - 2015-05-08 07:16 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2016-01-02 19:59 - 2015-05-09 05:23 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-02 19:56 - 2015-05-08 03:56 - 00000000 ____D C:\Program Files (x86)\Steam

2016-01-02 19:55 - 2015-06-11 18:46 - 00000000 ____D C:\Users\Joe\AppData\Local\TSVNCache

2016-01-02 19:55 - 2015-05-09 05:23 - 00000930 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-02 19:33 - 2015-08-17 20:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2016-01-01 00:32 - 2015-05-08 08:17 - 00000000 ____D C:\Users\Joe\AppData\Local\ClassicShell

2016-01-01 00:32 - 2015-05-08 03:48 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Skype

2016-01-01 00:26 - 2015-05-09 04:31 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4EDBDB83-C58F-4071-BC1C-F9FACF4F0250}

2015-12-31 22:33 - 2015-06-21 11:42 - 00000080 _____ C:\Users\Joe\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦

2015-12-31 22:23 - 2015-05-22 17:36 - 00000000 ____D C:\Users\Joe\AppData\Roaming\.minecraft

2015-12-31 22:20 - 2015-05-22 17:35 - 00000000 ____D C:\Program Files (x86)\Minecraft

2015-12-31 21:44 - 2015-05-09 04:31 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4290914269-1144193900-1776241538-1001

2015-12-31 19:32 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness

2015-12-31 19:27 - 2015-05-09 04:26 - 00000000 ____D C:\Users\Joe\AppData\Local\Packages

2015-12-31 19:27 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps

2015-12-31 19:26 - 2015-05-09 04:26 - 00000000 ____D C:\Users\Joe

2015-12-30 17:52 - 2015-07-22 19:31 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Spotify

2015-12-30 17:43 - 2015-07-22 19:32 - 00000000 ____D C:\Users\Joe\AppData\Local\Spotify

2015-12-30 16:33 - 2015-05-25 11:48 - 00000000 ____D C:\Users\Joe\AppData\Roaming\TS3Client

2015-12-30 15:52 - 2015-10-11 09:21 - 00000166 _____ C:\Users\Joe\Documents\ClownfishForTeamspeak.ini

2015-12-30 13:27 - 2014-11-21 03:44 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI

2015-12-30 13:27 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf

2015-12-30 13:21 - 2015-05-15 19:06 - 00000000 ____D C:\ProgramData\NVIDIA

2015-12-30 13:21 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2015-12-30 12:17 - 2013-08-22 10:20 - 00000000 ____D C:\Windows\CbsTemp

2015-12-30 12:17 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\BBI

2015-12-30 12:08 - 2015-07-01 13:48 - 00000000 ____D C:\Users\Joe\AppData\Local\CrashDumps

2015-12-28 21:34 - 2015-09-24 16:19 - 00000000 ____D C:\Users\Joe\Documents\Euro Truck Simulator 2

2015-12-28 20:14 - 2015-09-22 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 Multiplayer

2015-12-28 20:14 - 2015-09-22 15:41 - 00000000 ____D C:\Program Files (x86)\Euro Truck Simulator 2 Multiplayer

2015-12-28 14:33 - 2015-08-17 20:42 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2015-12-27 23:29 - 2015-05-08 04:05 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-12-26 03:48 - 2014-11-21 11:03 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-12-26 03:48 - 2014-11-21 11:03 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-12-23 19:32 - 2015-07-16 11:05 - 00000000 ___RD C:\Users\Joe\Desktop\Sheeeeeit

2015-12-23 19:32 - 2015-05-13 19:02 - 00000000 ____D C:\Users\Joe\AppData\Roaming\OBS

2015-12-23 19:11 - 2015-09-15 10:06 - 00000000 ____D C:\Users\Joe\.gimp-2.8

2015-12-22 21:14 - 2013-08-22 09:44 - 00337864 _____ C:\Windows\system32\FNTCACHE.DAT

2015-12-22 18:43 - 2015-05-13 19:02 - 00000000 ____D C:\Program Files\OBS

2015-12-21 15:38 - 2015-10-10 18:59 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client

2015-12-20 14:34 - 2015-05-15 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2015-12-20 14:34 - 2015-05-15 19:05 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2015-12-20 14:05 - 2015-05-20 18:46 - 00000000 ____D C:\Users\Joe\Downloads\LiveSetup

2015-12-20 12:33 - 2015-06-27 14:01 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox

2015-12-20 11:44 - 2015-06-13 19:41 - 00000000 ____D C:\Users\Joe\AppData\Roaming\TeamViewer

2015-12-19 20:43 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\FxsTmp

2015-12-19 20:30 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF

2015-12-18 17:45 - 2015-05-09 14:52 - 00000000 ___SD C:\Windows\SysWOW64\GWX

2015-12-18 17:45 - 2015-05-09 14:52 - 00000000 ___SD C:\Windows\system32\GWX

2015-12-16 15:04 - 2015-06-21 11:41 - 00000000 ____D C:\Program Files\Rockstar Games

2015-12-16 15:04 - 2015-06-21 11:41 - 00000000 ____D C:\Program Files (x86)\Rockstar Games

2015-12-12 17:06 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache

2015-12-11 21:41 - 2015-06-23 17:54 - 00000000 ____D C:\Users\Joe\AppData\Local\DayZ

2015-12-08 22:39 - 2015-07-23 16:01 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-12-08 20:51 - 2015-05-15 19:20 - 01846016 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2015-12-08 20:51 - 2015-05-15 19:20 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2015-12-08 20:51 - 2015-05-15 19:20 - 01530240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2015-12-08 20:51 - 2015-05-15 19:20 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2015-12-08 16:10 - 2015-05-09 10:38 - 00000000 ____D C:\Windows\system32\MRT

2015-12-08 16:06 - 2015-05-09 10:38 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-12-03 15:03 - 2015-05-08 03:48 - 00000000 ____D C:\ProgramData\Skype

2015-12-03 14:54 - 2015-05-09 05:23 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2015-12-03 14:54 - 2015-05-09 05:23 - 00003670 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

 

==================== Files in the root of some directories =======

 

2015-10-21 16:04 - 2015-10-21 16:04 - 0003806 _____ () C:\Users\Joe\AppData\Local\recently-used.xbel

 

Some files in TEMP:

====================

C:\Users\Joe\AppData\Local\Temp\nvSCPAPI.dll

C:\Users\Joe\AppData\Local\Temp\nvSCPAPI64.dll

C:\Users\Joe\AppData\Local\Temp\nvSCPAPISvr.exe

C:\Users\Joe\AppData\Local\Temp\nvStInst.exe

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-12-30 16:10

 

==================== End of FRST.txt ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015

Ran by Joe (2016-01-02 20:02:27)

Running from C:\Users\Joe\Downloads

Windows 8.1 (X64) (2015-05-09 09:26:16)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-4290914269-1144193900-1776241538-500 - Administrator - Disabled)

Guest (S-1-5-21-4290914269-1144193900-1776241538-501 - Limited - Disabled)

Joe (S-1-5-21-4290914269-1144193900-1776241538-1001 - Administrator - Enabled) => C:\Users\Joe

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

«City Car Driving»  version 1.5.0 (HKLM-x32\...\{CC457F3D-5CDE-4CE8-9685-90A4EDE81374}_is1) (Version: 1.5.0 - Forward Development)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

A3Launcher version 0.0.1.5 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4CFDE640DF}_is1) (Version: 0.0.1.5 - Maca134)

Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)

APP Shop v1.0.13 (HKLM-x32\...\{90242E9B-BC60-46E3-8EE7-8E953F702280}_is1) (Version: 1.0.13 - ASRock Inc.)

Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)

ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)

ASRock Restart to UEFI v1.0.3 (HKLM-x32\...\ASRock Restart to UEFI_is1) (Version:  - )

ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version:  - ASRock Inc.)

ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)

Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version:  - Kunos Simulazioni)

ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.8.2.0 - ASUSTek COMPUTER INC.)

ASUS GPU Tweak (x32 Version: 2.8.2.0 - ASUSTek COMPUTER INC.) Hidden

ASUS UEFI (HKLM-x32\...\InstallShield_{926C75FA-31A5-45B9-A26D-33EF1097D569}) (Version: 1.1.1.0 - ASUSTek COMPUTER INC.)

ASUS UEFI (x32 Version: 1.1.1.0 - ASUSTek COMPUTER INC.) Hidden

A-Tuning v2.0.119.5 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.119.5 - )

Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.25648 - Electronic Arts)

CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)

CEVO CS:GO Client Beta version 1.0 (HKLM-x32\...\CEVO CS:GO Client Beta_is1) (Version: 1.0 - )

Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)

Classroom Aquatic Demo (HKLM-x32\...\Steam App 317560) (Version:  - Sunken Places)

Clownfish for Skype (HKLM-x32\...\Clownfish) (Version:  - )

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)

Dev Guy (HKLM-x32\...\Steam App 351800) (Version:  - )

Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)

Epic Games Launcher (HKLM\...\{7C8ED4CE-7D28-442D-AD14-C95C18A7CB1A}) (Version: 1.1.35.0 - Epic Games, Inc.)

Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)

Euro Truck Simulator 2 Multiplayer 0.2.0.5.1 Alpha (HKLM-x32\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 0.2.0.5.1 Alpha - ETS2MP Team)

FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)

Fishing Planet (HKLM-x32\...\Steam App 380600) (Version:  - Fishing Planet LLC)

Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)

Fuse (HKLM-x32\...\Steam App 257400) (Version:  - Mixamo)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)

Google Update Helper (x32 Version: 1.3.21.115 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden

Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)

Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)

Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version:  - OP Productions LLC)

Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)

Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)

Intel® Network Connections 19.0.27.0 (HKLM\...\PROSetDX) (Version: 19.0.27.0 - Intel)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)

Intel® Smart Connect Technology (HKLM\...\{3CC1CC76-AB3A-4360-AB6F-1355D05A2A17}) (Version: 5.0.10.2907 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)

Just Cause 2 (HKLM-x32\...\Steam App 8190) (Version:  - Avalanche Studios)

Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - Avalanche Studios)

Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)

Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)

Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)

NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 359.06 - NVIDIA Corporation)

NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)

NVIDIA Graphics Driver 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 359.06 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)

NVIDIA Miracast Virtual Audio 359.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 359.06 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)

Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )

Oracle VM VirtualBox 5.0.0 (HKLM\...\{FCD0B365-2189-45F3-9AF2-2BCED86C121A}) (Version: 5.0.0 - Oracle Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)

PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)

POSTAL 2 (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)

Project CARS (HKLM-x32\...\Steam App 234630) (Version:  - Slightly Mad Studios)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)

RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)

ROBLOX Player for Joe (HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)

Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)

Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)

Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)

SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)

Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.)

Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)

Spintires (HKLM-x32\...\Steam App 263280) (Version:  - Oovee® Game Studios)

Spotify (HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)

STAR WARS™ Battlefront™ Beta (HKLM-x32\...\{8A863B64-C9BE-4203-9ED7-92981CF690D3}) (Version: 1.0.3.51560 - Electronic Arts)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1200 - SUPERAntiSpyware.com)

Supraball (closed beta) (HKLM-x32\...\Steam App 321400) (Version:  - )

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)

TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)

TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)

TortoiseSVN 1.8.11.26392 (64 bit) (HKLM\...\{11309CA9-9118-44D6-B345-83C86A5111D5}) (Version: 1.8.26392 - TortoiseSVN)

Trove (HKLM-x32\...\Steam App 304050) (Version:  - Trion Worlds)

Unreal Development Kit: 2012-10 (HKLM\...\UDK-9557cda4-3ad9-4792-bd8e-9d00f23625ee) (Version:  - Epic Games, Inc.)

Unturned (HKLM-x32\...\Steam App 304930) (Version:  - Nelson Sexton)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

Wireshark 1.12.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.6 - The Wireshark developer community, hxxp://www.wireshark.org)

XFast LAN v9.05 (HKLM\...\XFast LAN) (Version: 9.05 - cFos Software GmbH, Bonn)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-4290914269-1144193900-1776241538-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-4290914269-1144193900-1776241538-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Joe\AppData\Local\Roblox\Versions\version-f7131a583a8d4ea7\RobloxProxy64.dll (ROBLOX Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {2118B824-5D2A-4919-AB31-DD204AB1844F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)

Task: {2ADCCC17-A790-4812-9136-8F37F6097A4C} - System32\Tasks\ASUS UEFI => C:\Program Files (x86)\ASUS\UEFI\ASUS UEFI.exe [2013-06-08] (ASUS VGA)

Task: {2BC2EADE-CE48-4AF3-B359-900BFC1E7BAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {51B482B3-F929-4CF0-98A8-CCB739EA4D09} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {55EDE168-9C0E-4949-BF13-9A39030399CE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)

Task: {6722F04B-4D25-4121-9441-53BD026AA067} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)

Task: {8E33EED0-5222-48CB-A9F2-DD5212A9A01B} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {9B6AB864-B736-4031-863A-84F6CB3F8B47} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {9F1BDC2B-CA9C-4FB9-86C3-1B653FE9723F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-12-08] (Microsoft Corporation)

Task: {BA48FCCD-F364-42BF-B684-E7B4DCC4D3D1} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

Task: {C81C6327-0669-4FC3-9C89-07C5BA9D627B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)

Task: {DC4DD1D5-A60F-4DC0-A59D-2EC55DC9023D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-28] (Adobe Systems Incorporated)

Task: {EEE04919-C288-494A-949F-4ECF5D60A3A1} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)

Task: {FA3DBFA3-9C50-463E-981E-C0050A4CDE04} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-04-18] ()

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2012-01-17 10:24 - 2012-01-17 10:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe

2015-05-09 05:24 - 2013-07-25 17:04 - 00454656 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe

2015-12-20 14:06 - 2015-12-08 20:52 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll

2015-05-09 15:36 - 2015-05-09 15:36 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe

2015-05-15 19:05 - 2015-11-24 13:40 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2015-10-16 05:02 - 2015-10-16 05:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll

2015-03-19 18:55 - 2015-03-19 18:55 - 00088960 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll

2015-10-16 05:02 - 2015-10-16 05:02 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

2014-03-20 13:43 - 2014-03-20 13:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-03-19 18:29 - 2015-03-19 18:29 - 00072064 _____ () C:\Program Files\TortoiseSVN\bin\libsasl32.dll

2015-05-15 19:20 - 2015-12-08 20:53 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2015-05-08 03:57 - 2015-11-10 14:55 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-05-08 03:57 - 2015-07-03 11:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-05-08 03:57 - 2015-12-14 15:01 - 02547280 _____ () C:\Program Files (x86)\Steam\video.dll

2015-05-08 03:57 - 2015-07-03 11:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-05-08 03:57 - 2015-07-03 11:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2015-05-08 03:57 - 2015-09-23 19:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2015-05-08 03:57 - 2015-09-23 19:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2015-05-08 03:57 - 2015-09-23 19:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2015-05-08 03:57 - 2015-09-23 19:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2015-05-08 03:57 - 2015-09-23 19:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2015-05-08 03:57 - 2015-12-14 15:01 - 00804432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2015-07-21 19:14 - 2015-11-03 17:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll

2015-05-08 03:57 - 2015-11-16 19:31 - 47846176 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2015-05-08 03:57 - 2015-09-24 18:56 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll

2015-12-16 15:02 - 2015-12-10 22:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll

2015-12-16 15:02 - 2015-12-10 22:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Users\Joe:Heroes & Generals

AlternateDataStreams: C:\ProgramData\TEMP:FB6A21E3

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run: => "XFast LAN"

HKLM\...\StartupApproved\Run: => "ISCT Tray"

HKLM\...\StartupApproved\Run: => "Launch LCore"

HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "Skype"

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "Clownfish"

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "ooVoo.exe"

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "Spotify"

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "Spotify Web Helper"

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

HKU\S-1-5-21-4290914269-1144193900-1776241538-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{EAE21093-1E49-4A7E-8605-DE60F15B109C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{DA343498-AB2C-411B-B683-B75CF29534E7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe

FirewallRules: [{C7D9A17E-595F-420E-8360-2B0DA5A122F0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{31613C54-0BEB-4183-8C1B-106B2EBF74F1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

FirewallRules: [{AE21E921-3B2B-4DED-9077-E7FD6612E252}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe

FirewallRules: [{22C12AD7-DFA6-4C27-BD28-FE80B4667052}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Heroes & Generals\hngsteamlauncher.exe

FirewallRules: [{0F21A06D-00F3-417C-A5A9-929B4F181ABD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [{DBD8EEC7-6289-4707-A88F-159D1CB8F3DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe

FirewallRules: [TCP Query User{8D0648D6-1A23-4DD3-8B39-BE94D52EAC48}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [uDP Query User{A18672DC-5547-48C8-A181-AB90E6A58C56}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{61EE8DD3-B6A6-4711-B099-FB7BC8CD9D2F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{D41D9144-8492-453A-8F6A-E9260C3BC86C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe

FirewallRules: [{CC888242-7E11-4351-9C62-A1860EFEBC3F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{89E8BEAD-32FB-4239-BDE4-C6F4C569BBD1}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe

FirewallRules: [{02BB9ADE-AF3E-4298-80B7-EB30997136D5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe

FirewallRules: [{5055A414-EAC6-43CA-B3EF-4AD666F7C413}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4_x86.exe

FirewallRules: [{B90364A3-67FD-4B90-8FAE-3C47F0A7B5D5}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe

FirewallRules: [{A5D59F75-8452-4957-9668-B575978E2DE1}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\bf4.exe

FirewallRules: [{AF103D71-759A-4DB0-86B7-E5311E1FC68B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{C8C5F66D-4D96-4302-A25A-E933491A95D6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

FirewallRules: [{D07A8190-EB8B-4D7B-9E86-E33EAFB6A710}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{806FBCD5-88B9-418A-850B-F79D498A7A81}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe

FirewallRules: [{A65D6B1B-ECC6-4FC5-8DBD-522AC00D2202}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe

FirewallRules: [{34B6FCF1-7B47-406B-956E-AC55DDD52D47}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Robocraft\Robocraft.exe

FirewallRules: [{C7453CE8-8085-41F5-BE2F-642B38598B4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe

FirewallRules: [{B100320A-56CE-412B-AF21-E86EC24F8D85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe

FirewallRules: [{C60FFB81-3CB4-479D-8C6B-15B6F41A4F99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe

FirewallRules: [{D154CEE5-8202-4589-A2FF-5E415F6BF927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SleepingDogs\HKShip.exe

FirewallRules: [{973A92C5-1BE4-4E75-A581-A71387F9F44A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [{11048E4E-9708-4CC0-89E7-AF99324463D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe

FirewallRules: [{ED94280A-932F-491E-904F-DFFEAF235A93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe

FirewallRules: [{254F20A8-629F-4849-9A7E-CAB66EE318BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe

FirewallRules: [{0DCB6333-EE97-4417-B033-933635381883}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe

FirewallRules: [{6E071A23-9C3C-4554-A3DA-9ECE3B74E3CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2 - Multiplayer Mod\JcmpLauncher.exe

FirewallRules: [{E2468351-AAA4-4347-A6F1-7A4589D56533}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe

FirewallRules: [{E81CC901-497F-418D-AC49-9087E8688535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\System\Postal2.exe

FirewallRules: [{FE848C39-2F4B-4385-BE9C-BBE89AC3AB62}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe

FirewallRules: [{55163AE8-85DA-4BD2-85D3-8D70CE8243BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\POSTAL2Complete\ShareThePain\System\Postal2MP.exe

FirewallRules: [{AF763021-AD00-4B37-86B0-525129A5F488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dev Guy\Binaries\Win64\Dev Guy.exe

FirewallRules: [{62A6A8F5-58F0-4427-865E-8CA635C9CEE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dev Guy\Binaries\Win64\Dev Guy.exe

FirewallRules: [{090C8219-2C8A-4544-BDE5-F857EE6AE942}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supraball\launcher\supraball-launcher.exe

FirewallRules: [{7EBC6276-6739-4D1C-A00A-C0E164446D7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Supraball\launcher\supraball-launcher.exe

FirewallRules: [{C023F3A1-7683-4DAD-B003-6727C388947B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{1F935250-D639-4E63-A36E-FB1F1C6651C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Source\hl2.exe

FirewallRules: [{90EADEDE-9D25-437E-9211-9F358F1F5929}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe

FirewallRules: [{A4B0996C-D28E-4492-AF0D-B600778B7924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe

FirewallRules: [{AD7CE437-CE0F-4A81-8F27-1FF9D8585EB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe

FirewallRules: [{B9406DB7-3871-429D-9511-63D79119B148}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DayZ\DayZ_BE.exe

FirewallRules: [{386C10FF-ED40-422F-8D12-F1271E06BAC9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe

FirewallRules: [{292BF04B-9AEE-46A9-BF2A-EF81EDA178E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY The Heist\payday_win32_release.exe

FirewallRules: [{C1B1F126-6030-45F9-AC6D-1E43EF7489CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe

FirewallRules: [{CE797326-64E9-4F1B-A005-BD3C62174461}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unturned\Unturned.exe

FirewallRules: [TCP Query User{1C5C6B3D-A4BD-4AAE-9067-FBECFAA823CE}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{43BDCE5E-705C-4946-A8E9-3EC645A99ADE}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe

FirewallRules: [TCP Query User{3B0E138E-6A6F-4239-B6B5-2FE9C948EEC7}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [uDP Query User{F44D20B2-A764-4855-B93A-2CDF613E362E}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe

FirewallRules: [{F94879BE-B715-467E-B701-40033FCFE4AB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{91AD5BA0-FC3D-485C-9772-D73904082236}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe

FirewallRules: [{D74AB4CD-7564-4796-BDD6-0FA6A5793227}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{0760AEF2-F323-4526-9CC5-9CC2DA45E555}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{E35349BC-A9FD-4D8B-80DC-94C432784623}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{2B1572CE-EBCB-4AB8-B246-48883E7AA83A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe

FirewallRules: [{750C429C-E38D-460B-934C-676D2BBDCBE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe

FirewallRules: [{CCD6F18C-8654-4889-AB28-BC60596390BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Classroom Aquatic Demo\game.exe

FirewallRules: [{393FDFF1-A405-46F1-A818-D6A8052A1078}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Classroom Aquatic Demo\game.exe

FirewallRules: [{9DEB9FD7-1A40-4DB0-8F79-38AB26F1BE26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The War Z\WarZlauncher.exe

FirewallRules: [{F347E68F-B1D7-40A4-9F86-0F38A14E6535}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The War Z\WarZlauncher.exe

FirewallRules: [TCP Query User{D35E6945-EB6D-42C6-BAA9-5A8F8E6E3ADD}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe

FirewallRules: [uDP Query User{907490F8-7518-422C-B92E-90DBDCD7777C}C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the war z\infestation.exe

FirewallRules: [TCP Query User{15D7515F-323F-4A41-9EC3-6146D0C152E7}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exe

FirewallRules: [uDP Query User{B9F67C99-A4F3-44B3-B1CD-1554C661456C}C:\gmod\srcds.exe] => (Allow) C:\gmod\srcds.exe

FirewallRules: [TCP Query User{92441597-8317-4E3B-833F-A4FAF5CF4FFD}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [uDP Query User{D73D0EB1-81E9-4DCE-ABFB-50B7B379B12D}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{86280866-AB8B-450D-B5F4-71FE3AFBC80D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [uDP Query User{AC62CB7C-90B6-4691-B0F0-6A3280D119A1}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe

FirewallRules: [{BD4C2244-8DBB-41E3-B754-3BF0CD246669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe

FirewallRules: [{6F355B88-EABF-478F-9DD2-40869EB9FF2C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fuse\Code\Build\Output\bin\Release\Fuse.exe

FirewallRules: [TCP Query User{863C5E16-E8ED-48AA-AB1A-E713ABF6BE03}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe

FirewallRules: [uDP Query User{D2E2F008-8EA3-42A5-B487-FB7809BFBA65}C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dayz\dayz.exe

FirewallRules: [{C52F5F1E-BF33-4BF2-B57D-5375D38C0DC4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe

FirewallRules: [{25931B09-EE94-4076-A9B4-BB5E71D4C3AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Trove\GlyphClient.exe

FirewallRules: [{5D84E4BC-FC31-4E56-8A8D-99CF8B64569C}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe

FirewallRules: [{2CF3E978-6AA3-49F1-BA87-9F8E6666D897}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe

FirewallRules: [TCP Query User{A206236D-E01C-4040-B34F-DA10341BFD0C}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe

FirewallRules: [uDP Query User{93814377-F05D-46FA-9D7A-30861C5121CB}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe

FirewallRules: [{94FBA8C9-96BB-4140-A9B5-F8CE6ACB93DB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{B936FE67-DA4D-4561-AA2B-26A2A045A079}] => (Allow) LPort=2869

FirewallRules: [{F751DA71-2EF1-4482-B0FC-B50D126BBE1D}] => (Allow) LPort=1900

FirewallRules: [{4BB970F7-19D5-4339-B797-AACEB6049107}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe

FirewallRules: [{3ED81FA4-3486-4955-BF91-349712553633}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fishing Planet\FishingPlanet.exe

FirewallRules: [TCP Query User{B7E1D5EC-6719-400F-A6C2-46E317B45A8C}C:\darkrp\srcds.exe] => (Allow) C:\darkrp\srcds.exe

FirewallRules: [uDP Query User{EFB3FCFB-3439-472F-98EE-23C4D5F3C9C9}C:\darkrp\srcds.exe] => (Allow) C:\darkrp\srcds.exe

FirewallRules: [{DD75CD25-B2AE-485C-8241-2A0B883D6BA0}] => (Allow) C:\Program Files (x86)\Forward Development\City Car Driving Home Edition\bin\win32\starter.exe

FirewallRules: [{3FED0629-D666-47D3-B87C-2CC1D4757995}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

FirewallRules: [{24AC2EBE-524B-490E-96B4-E0A7D0CB8A65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe

FirewallRules: [{73778357-AE5A-4547-A48D-5925FAF3DF12}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [TCP Query User{170F9183-2295-4A92-A495-E62C4B52B21C}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe

FirewallRules: [uDP Query User{3D3BD0A8-4925-4738-B28F-6D2A467AD784}C:\users\joe\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joe\appdata\roaming\spotify\spotify.exe

FirewallRules: [{89232FCC-D6EA-4616-BF80-F313E105DECC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{03B53CE2-3290-4F60-8C1B-914F56915CCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{44AA64EF-1564-4AB6-8C8C-CE9C9FBFCC8E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{81010B5F-77EA-4C1C-8813-283FAD0F714E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [TCP Query User{20DDA456-9285-4828-9FAA-687358C6920A}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [uDP Query User{9EA7F6E2-8AD8-49D3-9F58-B9ABA00DF16D}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe

FirewallRules: [{42B047CF-CA04-42D3-A927-4454EC38364E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe

FirewallRules: [{3B56A04D-1EED-4C2D-9B69-984A8C89088C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe

FirewallRules: [{F44E637F-59EA-4024-9E2B-73AACF4A38B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe

FirewallRules: [{19C2C2B7-9D11-47CF-83A8-218616629B24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe

FirewallRules: [{AA7FFCF0-0661-4920-9AF2-CDF85B171233}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe

FirewallRules: [{AAEC2406-C09A-4B31-B8DB-A8317225EE5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Spintires\SpinTires.exe

FirewallRules: [{7C4376AB-2E7E-44AC-BE26-A2133977CD90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe

FirewallRules: [{DBF266EA-841F-496F-9B08-F2E474905D34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\assettocorsa\AssettoCorsa.exe

FirewallRules: [TCP Query User{201F76B4-33DE-44E2-BB61-F038585555DC}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe

FirewallRules: [uDP Query User{FD9DF36D-AC18-4824-A585-08F07A60D0FA}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe

FirewallRules: [{ECE95086-583D-4011-8E58-91500794F6BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\pCars\pCARS64.exe

FirewallRules: [{5587E2BA-55A5-4CAE-B6DF-4AF8185C8FB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\pCars\pCARS64.exe

FirewallRules: [{008EA107-3B0D-4534-B680-D0EE36B1B243}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe

FirewallRules: [{58EDC81E-B172-4356-B251-3AD402E77E5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arma 3\arma3launcher.exe

FirewallRules: [TCP Query User{1A060E19-5B86-4F1B-8706-268885159C53}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe

FirewallRules: [uDP Query User{13BACE4D-78C8-4306-84B9-78CF631860D5}C:\program files (x86)\a3launcher\a3launcher.exe] => (Allow) C:\program files (x86)\a3launcher\a3launcher.exe

FirewallRules: [TCP Query User{C2FC6A23-AE7C-436E-B987-49183D9416AD}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe

FirewallRules: [uDP Query User{CA547064-6D64-4438-B444-7019C0C0EE45}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe

 

==================== Restore Points =========================

 

28-12-2015 22:01:17 Scheduled Checkpoint

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (12/31/2015 07:27:39 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: JOE_GAMING_PC)

Description: windows_ie_ac_0013

 

Error: (12/31/2015 07:23:58 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

 

Error: (12/30/2015 12:05:37 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ASUS UEFI.exe, version: 1.1.1.0, time stamp: 0x51b2d9e3

Faulting module name: Exeio.dll, version: 1.0.4.0, time stamp: 0x513ec0ad

Exception code: 0xc0000005

Fault offset: 0x00004df8

Faulting process id: 0xd1c

Faulting application start time: 0xASUS UEFI.exe0

Faulting application path: ASUS UEFI.exe1

Faulting module path: ASUS UEFI.exe2

Report Id: ASUS UEFI.exe3

Faulting package full name: ASUS UEFI.exe4

Faulting package-relative application ID: ASUS UEFI.exe5

 

Error: (12/29/2015 01:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ASUS UEFI.exe, version: 1.1.1.0, time stamp: 0x51b2d9e3

Faulting module name: Exeio.dll, version: 1.0.4.0, time stamp: 0x513ec0ad

Exception code: 0xc0000005

Fault offset: 0x00004df8

Faulting process id: 0x11ac

Faulting application start time: 0xASUS UEFI.exe0

Faulting application path: ASUS UEFI.exe1

Faulting module path: ASUS UEFI.exe2

Report Id: ASUS UEFI.exe3

Faulting package full name: ASUS UEFI.exe4

Faulting package-relative application ID: ASUS UEFI.exe5

 

Error: (12/29/2015 10:40:20 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: ASUS UEFI.exe, version: 1.1.1.0, time stamp: 0x51b2d9e3

Faulting module name: Exeio.dll, version: 1.0.4.0, time stamp: 0x513ec0ad

Exception code: 0xc0000005

Fault offset: 0x00004df8

Faulting process id: 0x1140

Faulting application start time: 0xASUS UEFI.exe0

Faulting application path: ASUS UEFI.exe1

Faulting module path: ASUS UEFI.exe2

Report Id: ASUS UEFI.exe3

Faulting package full name: ASUS UEFI.exe4

Faulting package-relative application ID: ASUS UEFI.exe5

 

Error: (12/28/2015 11:58:21 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: WmiApRplC:\Windows\system32\wbem\wmiaprpl.dll4

 

Error: (12/28/2015 11:58:20 AM) (Source: Perflib) (EventID: 1023) (User: )

Description: rdyboost4

 

Error: (12/28/2015 11:58:20 AM) (Source: PerfNet) (EventID: 2004) (User: )

Description: 

 

Error: (12/28/2015 11:58:20 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: MSDTCC:\Windows\system32\msdtcuiu.DLL4

 

Error: (12/28/2015 11:58:20 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: LsaC:\Windows\System32\Secur32.dll4

 

 

System errors:

=============

Error: (12/31/2015 04:15:20 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (12/31/2015 04:14:50 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (12/31/2015 10:31:22 AM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (12/31/2015 10:30:52 AM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (12/30/2015 04:22:19 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (12/30/2015 04:11:03 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (12/30/2015 04:10:33 PM) (Source: DCOM) (EventID: 10010) (User: JOE_GAMING_PC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (12/30/2015 01:21:31 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 12:56:22 PM on ‎12/‎30/‎2015 was unexpected.

 

Error: (12/30/2015 12:05:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IOMap service failed to start due to the following error: 

%%2

 

Error: (12/30/2015 12:05:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The IOMap service failed to start due to the following error: 

%%2

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-4690K CPU @ 3.50GHz

Percentage of memory in use: 27%

Total physical RAM: 8149.57 MB

Available physical RAM: 5868.15 MB

Total Virtual: 10402.54 MB

Available Virtual: 7414.19 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.17 GB) (Free:577.34 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6D79A418)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

 

==================== End of Addition.txt ============================

Link to post
Share on other sites

I am almost 90% sure there is an infection on my PC, it crashes sometimes and was able to open Google chrome and download files without my permission or awareness. I would really like to run some more scans or flush my DNS just to be 100% sure that my computer is clean. If you can show me some more scans/tests I can do for my PC, your help is greatly appreciated, thank you.

Link to post
Share on other sites

Do you have any problems now with your PC?

I was just looking at my FRST scans and found this: 

 

2015-12-31 22:33 - 2015-06-21 11:42 - 00000080 _____ C:\Users\Joe\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦

 

I really don't know what this is because I don't think i should be seeing Japanese characters. I think more scans would be appropriate.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.