Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

plug-in container (32-bit) CPU Usage 100%


  • Please log in to reply
5 replies to this topic

#1 inmrc

inmrc

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 14 January 2016 - 04:45 AM

I'm using Windows 10 Pro and I don't know how to deal with this. Please help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Ian Dulin (administrator) on DESKTOP-VRSO3IM (14-01-2016 11:13:51)
Running from C:\Users\Ian Dulin\AppData\Local\Temp
Loaded Profiles: Ian Dulin (Available Profiles: Ian Dulin)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Maxthon) C:\Program Files (x86)\Maxthon App Store\1.1.0.10848\MaxthonAppstoreSvc.exe
(Maxthon Inc.) C:\Program Files (x86)\Maxthon App Store\1.1.0.10848\MasSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
() D:\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() D:\Garena Plus\ggdllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\uTorrent.exe
() D:\Garena Plus\GarenaMessenger.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\8\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-749036960-1674562754-3875969962-1001\...\Run: [uTorrent] => C:\Users\Ian Dulin\AppData\Roaming\uTorrent\uTorrent.exe [1900056 2016-01-11] (BitTorrent Inc.)
HKU\S-1-5-21-749036960-1674562754-3875969962-1001\...\Run: [GarenaPlus] => D:\Garena Plus\GarenaMessenger.exe [10051520 2016-01-11] ()
HKU\S-1-5-21-749036960-1674562754-3875969962-1001\...\MountPoints2: {bc79ba63-b828-11e5-9bc3-d8cb8ac6796b} - "F:\autorun.exe" 
Startup: C:\Users\Ian Dulin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-01-11]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{23b07e9d-2386-4032-a74f-9f4b81ce21c3}: [DhcpNameServer] 192.168.254.254 192.168.254.254

Internet Explorer:
==================
BHO-x32: Constant Fun -> {9d6b19f5-4a89-4db4-b650-44222af825b0} -> C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll [2016-01-11] ()

FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-12-16] (NVIDIA Corporation)
FF Plugin-x32: @t.garena.com/garenatalk -> D:\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [2015-10-02] ( Garena)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-09] (NVIDIA Corporation)
R2 MasSvc_{MaxthonAppStore_1.1.0.10848}; C:\Program Files (x86)\Maxthon App Store\1.1.0.10848\MasSvc.exe [563112 2015-08-19] (Maxthon Inc.)
R2 MaxthonAppStoreSvc; C:\Program Files (x86)\Maxthon App Store\1.1.0.10848\MaxthonAppstoreSvc.exe [1867544 2015-08-11] (Maxthon)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2385832 2016-01-12] (Maxthon)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-09] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-09] (NVIDIA Corporation)
R2 Service Mgr ConstantFun; C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe [769248 2016-01-14] () <==== ATTENTION
R2 Update Mgr ConstantFun; C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe [645344 2016-01-14] () <==== ATTENTION
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [279616 2016-01-11] (DT Soft Ltd)
R3 gkernel; C:\Users\Ian Dulin\AppData\Local\Temp\gkernel.sys [31512 2016-01-14] ()
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2016-01-11] (Intel Corporation)
R3 iaLPSS2_I2C; C:\Windows\System32\drivers\iaLPSS2_I2C.sys [185128 2016-01-11] (Intel Corporation)
R3 iaLPSS2_UART2; C:\Windows\System32\drivers\iaLPSS2_UART2.sys [281896 2016-01-11] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [195336 2016-01-11] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-10-03] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 11:13 - 2016-01-14 11:13 - 00000000 ____D C:\FRST
2016-01-14 10:48 - 2016-01-14 10:48 - 00016148 _____ C:\Windows\system32\DESKTOP-VRSO3IM_Ian Dulin_HistoryPrediction.bin
2016-01-14 06:25 - 2016-01-14 06:25 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\Watch Dogs
2016-01-14 06:25 - 2016-01-14 06:25 - 00000000 ____D C:\ProgramData\Orbit
2016-01-14 01:32 - 2016-01-14 01:32 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\ESET
2016-01-13 17:29 - 2016-01-14 02:00 - 00000000 ____D C:\Users\Ian Dulin\AppData\LocalLow\uTorrent
2016-01-13 13:37 - 2016-01-13 13:37 - 00000556 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-01-13 13:37 - 2016-01-13 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2016-01-13 11:56 - 2016-01-13 11:58 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\Comms
2016-01-13 03:13 - 2016-01-13 03:13 - 00002206 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2016-01-13 03:13 - 2015-12-16 22:54 - 00523384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-01-13 03:13 - 2015-12-16 22:54 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-01-13 03:13 - 2015-12-16 22:19 - 00103216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-01-13 03:12 - 2015-12-17 00:59 - 42976888 _____ C:\Windows\system32\nvcompiler.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 37608568 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 31098488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 24923768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 21131424 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 20672376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 17568432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 17164160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 17123736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 17104016 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 02560816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 02214192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 01915512 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436143.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436143.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00938104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00872056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00786688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00735024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00681592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00632336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00601936 _____ C:\Windows\system32\nvmcumd.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00541000 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00445728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00416560 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00378784 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00376440 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00370992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00339760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00316960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00153208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-01-13 03:12 - 2015-12-17 00:59 - 00039240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-01-13 02:54 - 2016-01-14 10:25 - 00004174 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9F460E94-15B9-451A-AE6B-A068BFB2C3B4}
2016-01-12 16:13 - 2016-01-12 16:13 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-01-12 15:56 - 2016-01-13 17:09 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-12 15:56 - 2016-01-13 17:09 - 00000000 ____D C:\Windows\system32\MRT
2016-01-12 15:55 - 2016-01-12 15:55 - 00000000 ___HD C:\$WINDOWS.~BT
2016-01-12 05:58 - 2016-01-12 05:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-12 05:56 - 2016-01-12 15:56 - 00000000 ____D C:\Windows\Panther
2016-01-11 18:03 - 2016-01-11 18:03 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-01-11 18:03 - 2016-01-11 18:03 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\Maxthon App Store
2016-01-11 18:03 - 2016-01-11 18:03 - 00000000 ____D C:\Program Files (x86)\Maxthon App Store
2016-01-11 18:02 - 2016-01-11 18:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxthon Cloud Browser
2016-01-11 18:02 - 2016-01-11 18:02 - 00003710 _____ C:\Windows\System32\Tasks\Maxthon Update
2016-01-11 18:02 - 2016-01-11 18:02 - 00001154 _____ C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk
2016-01-11 18:02 - 2016-01-11 18:02 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\Maxthon3
2016-01-11 18:02 - 2016-01-11 18:02 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\PeerDistRepub
2016-01-11 18:02 - 2016-01-11 18:02 - 00000000 ____D C:\Program Files (x86)\Maxthon
2016-01-11 17:58 - 2016-01-11 17:59 - 01558792 _____ (Maxthon International ltd.) C:\Users\Ian Dulin\Downloads\mxsetup.exe
2016-01-11 17:29 - 2016-01-11 17:30 - 00000000 ____D C:\Users\Ian Dulin\Documents\Battlefield 3
2016-01-11 17:28 - 2016-01-14 08:09 - 00000000 ____D C:\Users\Ian Dulin\Desktop\Games
2016-01-11 16:52 - 2016-01-11 16:52 - 00001001 _____ C:\Users\Ian Dulin\Desktop\Steam - Shortcut.lnk
2016-01-11 16:51 - 2016-01-11 16:51 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\Steam
2016-01-11 16:51 - 2016-01-11 16:51 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\CEF
2016-01-11 16:51 - 2016-01-11 16:51 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-11 16:51 - 2015-12-09 09:51 - 00111520 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-01-11 16:49 - 2016-01-11 16:49 - 00001011 _____ C:\Users\Ian Dulin\Desktop\GarenaMessenger - Shortcut.lnk
2016-01-11 16:48 - 2016-01-11 16:48 - 00281896 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_UART2.sys
2016-01-11 16:46 - 2015-12-09 11:39 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-01-11 16:42 - 2016-01-11 16:42 - 00185128 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_I2C.sys
2016-01-11 16:37 - 2016-01-11 16:37 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\WinRAR
2016-01-11 16:37 - 2016-01-11 16:37 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-11 16:37 - 2016-01-11 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-01-11 16:37 - 2016-01-11 16:37 - 00000000 ____D C:\Program Files (x86)\WinRAR
2016-01-11 16:36 - 2016-01-11 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2016-01-11 16:24 - 2016-01-11 16:24 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\LolClient
2016-01-11 16:23 - 2016-01-14 02:00 - 00003488 _____ C:\Windows\System32\Tasks\Garena+ Plugin Host Service
2016-01-11 16:17 - 2016-01-14 02:04 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\GarenaPlus
2016-01-11 16:17 - 2016-01-14 02:04 - 00000000 ____D C:\ProgramData\GarenaMessenger
2016-01-11 16:17 - 2016-01-11 16:17 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\Garena
2016-01-11 16:17 - 2016-01-11 16:17 - 00000000 ____D C:\ProgramData\Garena
2016-01-11 16:15 - 2016-01-11 16:17 - 00000000 ____D C:\Program Files (x86)\Garena Plus
2016-01-11 16:08 - 2016-01-11 16:08 - 00000685 _____ C:\Users\Ian Dulin\Desktop\steam_rld.ini
2016-01-11 16:08 - 2016-01-11 16:08 - 00000000 ____D C:\Users\Ian Dulin\Documents\CAPCOM
2016-01-11 16:08 - 2016-01-11 16:08 - 00000000 ____D C:\ProgramData\Steam
2016-01-11 16:08 - 2016-01-11 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DangeSecond
2016-01-11 15:41 - 2016-01-11 15:41 - 00000000 ____D C:\Users\Ian Dulin\Documents\BNE
2016-01-11 15:39 - 2016-01-11 15:39 - 00000900 _____ C:\Users\Ian Dulin\Desktop\µTorrent.lnk
2016-01-11 15:39 - 2016-01-11 15:39 - 00000880 _____ C:\Users\Ian Dulin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-11 15:38 - 2016-01-14 11:12 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\uTorrent
2016-01-11 15:37 - 2016-01-11 15:39 - 01900056 _____ (BitTorrent Inc.) C:\Users\Ian Dulin\Downloads\uTorrent.exe
2016-01-11 15:37 - 2016-01-11 15:37 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-01-11 15:14 - 2016-01-14 06:25 - 00000000 ____D C:\Users\Ian Dulin\Documents\My Games
2016-01-11 15:14 - 2016-01-11 15:14 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\Skyrim
2016-01-11 15:06 - 2016-01-11 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-11 15:04 - 2016-01-11 15:04 - 00001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-01-11 15:04 - 2016-01-11 15:04 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\vlc
2016-01-11 15:04 - 2016-01-11 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-11 15:04 - 2016-01-11 15:04 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-01-11 15:02 - 2016-01-11 15:02 - 00000000 ____D C:\Users\Ian Dulin\Documents\BioWare
2016-01-11 15:01 - 2016-01-12 15:56 - 00000000 ____D C:\Program Files\KMSpico
2016-01-11 15:01 - 2016-01-11 15:01 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2016-01-11 15:01 - 2016-01-11 15:01 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2016-01-11 15:01 - 2016-01-11 15:01 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\Macromedia
2016-01-11 15:01 - 2016-01-11 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2016-01-11 15:01 - 2010-12-06 10:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2016-01-11 15:00 - 2010-06-02 20:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-01-11 15:00 - 2010-06-02 20:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-01-11 15:00 - 2010-06-02 20:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-01-11 15:00 - 2010-06-02 20:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-01-11 15:00 - 2010-05-27 03:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-01-11 15:00 - 2010-05-27 03:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-01-11 15:00 - 2010-02-05 02:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-01-11 15:00 - 2010-02-05 02:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-01-11 15:00 - 2010-02-05 02:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-01-11 15:00 - 2010-02-05 02:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-01-11 15:00 - 2010-02-05 02:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-01-11 15:00 - 2010-02-05 02:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-01-11 15:00 - 2009-09-05 09:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-01-11 15:00 - 2009-09-05 09:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-01-11 15:00 - 2009-09-05 09:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-01-11 15:00 - 2009-09-05 09:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-01-11 15:00 - 2009-09-05 09:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-01-11 15:00 - 2009-03-17 06:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-01-11 15:00 - 2009-03-17 06:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-01-11 15:00 - 2009-03-17 06:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-01-11 15:00 - 2009-03-17 06:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-01-11 15:00 - 2009-03-17 06:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-01-11 15:00 - 2009-03-10 07:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-01-11 15:00 - 2009-03-10 07:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-01-11 15:00 - 2009-03-10 07:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-01-11 15:00 - 2009-03-10 07:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-01-11 15:00 - 2009-03-10 07:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-01-11 15:00 - 2009-03-10 07:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-01-11 15:00 - 2008-10-28 02:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-01-11 15:00 - 2008-10-28 02:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-01-11 15:00 - 2008-10-28 02:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-01-11 15:00 - 2008-10-28 02:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-01-11 15:00 - 2008-10-28 02:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-01-11 15:00 - 2008-10-28 02:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-01-11 15:00 - 2008-10-15 22:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-01-11 15:00 - 2008-10-15 22:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-01-11 15:00 - 2008-10-15 22:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-01-11 15:00 - 2008-10-15 22:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-01-11 15:00 - 2008-10-15 22:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-01-11 15:00 - 2008-10-15 22:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-01-11 15:00 - 2008-08-01 02:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-01-11 15:00 - 2008-08-01 02:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-01-11 15:00 - 2008-08-01 02:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-01-11 15:00 - 2008-08-01 02:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-01-11 15:00 - 2008-07-11 03:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-01-11 15:00 - 2008-07-11 03:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-01-11 15:00 - 2008-07-11 03:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-01-11 15:00 - 2008-07-11 03:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-01-11 15:00 - 2008-07-11 03:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-01-11 15:00 - 2008-07-11 03:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-01-11 15:00 - 2008-05-31 06:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-01-11 15:00 - 2008-05-31 06:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-01-11 15:00 - 2008-05-31 06:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-01-11 15:00 - 2008-05-31 06:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-01-11 15:00 - 2008-05-31 06:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-01-11 15:00 - 2008-05-31 06:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-01-11 15:00 - 2008-05-31 06:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-01-11 15:00 - 2008-05-31 06:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-01-11 15:00 - 2008-05-31 06:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-01-11 15:00 - 2008-05-31 06:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-01-11 15:00 - 2008-05-31 06:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-01-11 15:00 - 2008-05-31 06:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-01-11 15:00 - 2008-03-06 08:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-01-11 15:00 - 2008-03-06 08:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-01-11 15:00 - 2008-03-06 08:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-01-11 15:00 - 2008-03-06 08:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-01-11 15:00 - 2008-03-06 08:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-01-11 15:00 - 2008-03-06 07:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-01-11 15:00 - 2008-03-06 07:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-01-11 15:00 - 2008-03-06 07:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-01-11 15:00 - 2008-03-06 07:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-01-11 15:00 - 2008-02-06 15:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-01-11 15:00 - 2008-02-06 15:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-01-11 15:00 - 2007-10-22 19:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-01-11 15:00 - 2007-10-22 19:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-01-11 15:00 - 2007-10-22 19:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-01-11 15:00 - 2007-10-22 19:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-01-11 15:00 - 2007-10-13 07:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-01-11 15:00 - 2007-10-13 07:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-01-11 15:00 - 2007-10-13 07:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-01-11 15:00 - 2007-10-13 07:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-01-11 15:00 - 2007-10-03 01:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-01-11 15:00 - 2007-10-03 01:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-01-11 15:00 - 2007-07-20 16:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-01-11 15:00 - 2007-07-20 16:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-01-11 15:00 - 2007-07-20 10:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-01-11 15:00 - 2007-07-20 10:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-01-11 15:00 - 2007-07-20 10:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-01-11 15:00 - 2007-07-20 10:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-01-11 15:00 - 2007-07-20 10:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-01-11 15:00 - 2007-07-20 10:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-01-11 15:00 - 2007-06-21 12:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-01-11 15:00 - 2007-06-21 12:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-01-11 15:00 - 2007-05-17 08:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-01-11 15:00 - 2007-05-17 08:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-01-11 15:00 - 2007-05-17 08:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-01-11 15:00 - 2007-05-17 08:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-01-11 15:00 - 2007-05-17 08:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-01-11 15:00 - 2007-05-17 08:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-01-11 15:00 - 2007-04-05 10:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-01-11 15:00 - 2007-04-05 10:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-01-11 15:00 - 2007-04-05 10:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-01-11 15:00 - 2007-03-16 08:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-01-11 15:00 - 2007-03-16 08:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-01-11 15:00 - 2007-03-13 08:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-01-11 15:00 - 2007-03-13 08:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-01-11 15:00 - 2007-03-13 08:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-01-11 15:00 - 2007-03-13 08:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-01-11 15:00 - 2007-03-06 04:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-01-11 15:00 - 2007-03-06 04:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-01-11 15:00 - 2007-01-25 07:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-01-11 15:00 - 2007-01-25 07:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-01-11 15:00 - 2006-12-09 04:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-01-11 15:00 - 2006-12-09 04:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-01-11 15:00 - 2006-11-30 05:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-01-11 15:00 - 2006-11-30 05:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-01-11 15:00 - 2006-11-30 05:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-01-11 15:00 - 2006-11-30 05:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-01-11 15:00 - 2006-09-29 08:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-01-11 15:00 - 2006-09-29 08:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-01-11 15:00 - 2006-09-29 08:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-01-11 15:00 - 2006-09-29 08:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-01-11 15:00 - 2006-07-29 01:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-01-11 15:00 - 2006-07-29 01:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-01-11 15:00 - 2006-07-29 01:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-01-11 15:00 - 2006-05-31 23:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-01-11 15:00 - 2006-05-31 23:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-01-11 15:00 - 2006-04-01 04:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-01-11 15:00 - 2006-04-01 04:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-01-11 15:00 - 2006-04-01 04:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-01-11 15:00 - 2006-04-01 04:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-01-11 15:00 - 2006-04-01 04:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-01-11 15:00 - 2006-02-04 00:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-01-11 15:00 - 2006-02-04 00:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-01-11 15:00 - 2006-02-04 00:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-01-11 15:00 - 2006-02-04 00:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-01-11 15:00 - 2006-02-04 00:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-01-11 15:00 - 2006-02-04 00:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-01-11 15:00 - 2005-12-06 10:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-01-11 15:00 - 2005-12-06 10:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-01-11 15:00 - 2005-07-23 11:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-01-11 15:00 - 2005-07-23 11:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-01-11 15:00 - 2005-05-27 07:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-01-11 15:00 - 2005-05-27 07:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-01-11 15:00 - 2005-03-19 09:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-01-11 15:00 - 2005-03-19 09:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-01-11 15:00 - 2005-02-06 11:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-01-11 15:00 - 2005-02-06 11:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-01-11 14:49 - 2016-01-11 14:49 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\SKIDROW
2016-01-11 14:49 - 2016-01-11 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
2016-01-11 14:49 - 2010-06-02 20:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-01-11 14:49 - 2010-06-02 20:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-01-11 14:49 - 2010-05-27 03:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-01-11 14:49 - 2010-05-27 03:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-01-11 14:49 - 2010-02-05 02:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-01-11 14:49 - 2010-02-05 02:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-01-11 14:49 - 2009-09-05 09:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-01-11 14:49 - 2009-09-05 09:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-01-11 14:49 - 2009-03-17 06:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-01-11 14:49 - 2008-10-28 02:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-01-11 14:49 - 2008-10-28 02:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-01-11 14:49 - 2008-08-01 02:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-01-11 14:49 - 2008-08-01 02:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-01-11 14:49 - 2008-05-31 06:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-01-11 14:49 - 2008-05-31 06:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-01-11 14:49 - 2008-03-06 08:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-01-11 14:49 - 2007-04-05 10:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-01-11 14:49 - 2006-07-29 01:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-01-11 14:49 - 2006-04-01 04:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-01-11 14:45 - 2016-01-14 08:12 - 00000000 ____D C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54
2016-01-11 14:45 - 2016-01-14 01:47 - 00000000 ____D C:\Program Files (x86)\Constant Fun
2016-01-11 14:45 - 2016-01-11 14:45 - 00002019 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2016-01-11 14:45 - 2016-01-11 14:45 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\OpenCandy
2016-01-11 14:45 - 2016-01-11 14:45 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\MicrosoftEdge
2016-01-11 14:45 - 2016-01-11 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2016-01-11 14:44 - 2016-01-11 14:46 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\DAEMON Tools Lite
2016-01-11 14:44 - 2016-01-11 14:44 - 00279616 _____ (DT Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2016-01-11 14:44 - 2016-01-11 14:44 - 00001747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2016-01-11 14:44 - 2016-01-11 14:44 - 00000000 ____D C:\Users\Ian Dulin\Documents\Rainmeter
2016-01-11 14:44 - 2016-01-11 14:44 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\Rainmeter
2016-01-11 14:44 - 2016-01-11 14:44 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-01-11 14:44 - 2016-01-11 14:44 - 00000000 ____D C:\Program Files\Rainmeter
2016-01-11 14:44 - 2016-01-11 14:44 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2016-01-11 14:43 - 2016-01-13 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-01-11 14:43 - 2016-01-11 16:51 - 00001450 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-01-11 14:43 - 2016-01-11 14:43 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\NVIDIA Corporation
2016-01-11 14:43 - 2016-01-11 14:43 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\NVIDIA
2016-01-11 14:43 - 2015-12-09 09:51 - 01846016 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-01-11 14:43 - 2015-12-09 09:51 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-01-11 14:43 - 2015-12-09 09:51 - 01530240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-01-11 14:43 - 2015-12-09 09:51 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-01-11 14:43 - 2010-05-27 03:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-01-11 14:43 - 2010-05-27 03:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-01-11 14:43 - 2010-05-27 03:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-01-11 14:43 - 2010-05-27 03:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-01-11 14:43 - 2010-05-27 03:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-01-11 14:43 - 2010-05-27 03:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-01-11 14:42 - 2016-01-14 02:00 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-11 14:42 - 2016-01-13 03:13 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-01-11 14:42 - 2016-01-11 14:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-01-11 14:42 - 2015-12-18 16:48 - 12426896 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-01-11 14:42 - 2015-12-17 00:59 - 19727624 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-01-11 14:42 - 2015-12-17 00:59 - 14103608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-01-11 14:42 - 2015-12-17 00:59 - 03603368 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-01-11 14:42 - 2015-12-17 00:59 - 03184152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-01-11 14:42 - 2015-12-17 00:59 - 01572496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-01-11 14:42 - 2015-12-17 00:59 - 00205456 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-01-11 14:42 - 2015-12-17 00:59 - 00035775 _____ C:\Windows\system32\nvinfo.pb
2016-01-11 14:42 - 2015-12-16 22:54 - 06359672 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-01-11 14:42 - 2015-12-16 22:54 - 02985264 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-01-11 14:42 - 2015-12-16 22:54 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-01-11 14:42 - 2015-12-16 22:54 - 01256240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-01-11 14:42 - 2015-12-16 22:54 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-01-11 14:42 - 2015-12-16 22:54 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-01-11 14:42 - 2015-12-16 22:49 - 06090019 _____ C:\Windows\system32\nvcoproc.bin
2016-01-11 14:42 - 2015-10-03 12:58 - 01905272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435850.dll
2016-01-11 14:42 - 2015-10-03 12:58 - 01564792 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435850.dll
2016-01-11 14:42 - 2015-10-03 12:58 - 00112760 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-01-11 14:42 - 2015-10-03 12:58 - 00105264 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-01-11 14:42 - 2015-10-03 12:58 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-01-11 14:42 - 2015-10-03 12:58 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-01-11 14:42 - 2015-10-03 12:58 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-01-11 14:41 - 2016-01-11 14:43 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-01-11 14:41 - 2016-01-11 14:41 - 00000000 ____D C:\NVIDIA
2016-01-11 14:09 - 2016-01-11 14:09 - 00195336 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys
2016-01-11 14:06 - 2016-01-14 02:07 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-11 14:05 - 2016-01-11 14:05 - 00084264 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_GPIO2.sys
2016-01-11 14:03 - 2016-01-11 14:04 - 00002375 _____ C:\Users\Ian Dulin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-11 14:03 - 2016-01-11 14:04 - 00000000 ___RD C:\Users\Ian Dulin\OneDrive
2016-01-11 14:03 - 2016-01-11 14:03 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-01-11 14:02 - 2016-01-14 06:26 - 00000000 ____D C:\Users\Ian Dulin
2016-01-11 14:02 - 2016-01-12 15:41 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\Packages
2016-01-11 14:02 - 2016-01-11 14:02 - 00016148 _____ C:\Windows\system32\DESKTOP-VRSO3IM_defaultuser0_HistoryPrediction.bin
2016-01-11 14:02 - 2016-01-11 14:02 - 00000020 ___SH C:\Users\Ian Dulin\ntuser.ini
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 _SHDL C:\Users\Ian Dulin\My Documents
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 _SHDL C:\Users\Ian Dulin\Documents\My Videos
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 _SHDL C:\Users\Ian Dulin\Documents\My Pictures
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 _SHDL C:\Users\Ian Dulin\Documents\My Music
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 ____D C:\Users\Ian Dulin\AppData\Roaming\Adobe
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\VirtualStore
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\TileDataLayer
2016-01-11 14:02 - 2016-01-11 14:02 - 00000000 ____D C:\Users\Ian Dulin\AppData\Local\Publishers
2016-01-11 14:00 - 2015-12-01 15:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-01-11 14:00 - 2015-11-18 14:36 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-01-11 14:00 - 2015-11-18 13:56 - 04047280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-01-11 14:00 - 2015-08-19 12:50 - 00609592 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-01-11 14:00 - 2015-07-22 11:52 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-01-11 13:59 - 2016-01-11 13:59 - 00000000 ____D C:\Windows\CSC
2016-01-11 13:59 - 2015-07-10 18:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-14 11:13 - 2015-07-10 17:05 - 00000000 ____D C:\Windows
2016-01-14 02:07 - 2015-07-10 19:02 - 00000000 ____D C:\Windows\INF
2016-01-14 02:00 - 2015-07-10 20:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-14 02:00 - 2015-07-10 17:05 - 00131072 ___SH C:\Windows\system32\config\BBI
2016-01-14 01:59 - 2015-07-10 19:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-01-13 17:09 - 2015-07-10 18:55 - 00000000 ____D C:\Windows\CbsTemp
2016-01-13 13:54 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\AppReadiness
2016-01-13 13:48 - 2015-07-10 19:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-12 15:39 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2016-01-12 05:59 - 2015-07-10 17:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-01-12 05:56 - 2015-07-10 19:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-01-11 19:13 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\appcompat
2016-01-11 16:52 - 2015-07-10 19:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-11 14:42 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\Help
2016-01-11 14:08 - 2015-07-10 19:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-01-11 14:02 - 2015-07-10 19:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-01-11 14:02 - 2015-07-10 19:04 - 00000000 ___RD C:\Windows\PrintDialog
2016-01-11 14:02 - 2015-07-10 19:04 - 00000000 ___RD C:\Windows\MiracastView
2016-01-11 14:02 - 2015-07-10 19:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-01-11 14:01 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\oobe
2016-01-11 13:59 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-11 13:58 - 2015-07-10 19:04 - 00000000 ____D C:\Windows\system32\spool
2016-01-03 09:40 - 2015-07-10 19:06 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-03 09:40 - 2015-07-10 19:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
C:\Users\Ian Dulin\AppData\Local\Temp\FRST64.exe
C:\Users\Ian Dulin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ian Dulin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ian Dulin\AppData\Local\Temp\nvStInst.exe
C:\Users\Ian Dulin\AppData\Local\Temp\setup.exe
C:\Users\Ian Dulin\AppData\Local\Temp\{00A7F9EA-BDA6-48E1-9908-614505C0BD78}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{1C784C40-FE4D-48C3-BF6D-B57F88839A01}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{21A5681D-135C-475E-B436-073BD07E93A1}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{231D1247-E8B8-4E9F-9BF5-F7A733D898EF}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{23E8053C-58FB-4C3F-B11E-19C789DE8AAC}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{240F1EEE-73AC-4697-856E-F5DAE6C94638}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{31E85CDD-235A-4A4F-9229-30CBB0918355}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{36D4DEA5-1B8B-4EF0-ABB2-6677666C82FE}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{441B2C68-8213-4C12-A2FB-174E319F4EF9}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{46B41DD9-8841-44D4-A6A0-EC7A4645774E}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{477EBDAB-18F8-44E7-928A-83E22CD2749D}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{51697D26-CB57-4BFB-85C0-A93CE8D46C56}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{530CC3BD-A227-4B19-AC45-5A005852307A}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{54203C79-0814-4D6A-BC1E-23450FE5D1B3}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{659196E2-9451-4A5A-B852-77F4F72E0FCA}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{70F5898F-C3BE-413C-AA87-C9E1C42BA9EA}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{7B305C07-9B28-496D-8EC3-5925C30251DD}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{7C0B3744-0FA6-419B-BC45-4F9D3169CD53}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{8DA83353-7124-4266-82BE-F05ED86C7CC5}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{8F385831-D203-47E5-98DA-C25B6573137E}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{94EC9B78-B206-41D4-ABFA-E631F97DBE4C}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{9878618D-B8C4-4FB7-A197-476B74617552}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{991E9A3E-1D8B-4EDD-905E-F79C47BB7C93}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{9C0E6F23-DF8F-4BBE-845D-1E4D000B79B6}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{ABA3D777-EA7B-442F-A560-3F803AB2C7F3}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{C1803959-185E-4D25-98EA-62E43841C179}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{CB096BF5-5DD4-4D4E-BABD-B4A45C17633B}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{CE72A1E2-2D51-49BF-8B62-D99DBA1E81EE}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DAE0E6A7-AF78-40B0-A652-6D6806605F40}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DB6F4975-CA0B-4B66-8716-4E09015A1817}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DD7C540E-A703-4D47-830B-F846A2FAFBFD}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{EAFE5BB4-5AD2-485B-989A-0ED9AAC2FC19}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F00F5C25-193B-404D-A12F-96160B8017BF}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F0A62778-9D27-4BFD-A1B6-0F6564E6890D}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F9D7DBFF-9D05-435D-9613-AA740C6144C4}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-12 05:58

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Ian Dulin (2016-01-14 11:14:12)
Running from C:\Users\Ian Dulin\AppData\Local\Temp
Windows 10 Pro (X64) (2016-01-11 06:01:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-749036960-1674562754-3875969962-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-749036960-1674562754-3875969962-503 - Limited - Disabled)
Guest (S-1-5-21-749036960-1674562754-3875969962-501 - Limited - Disabled)
Ian Dulin (S-1-5-21-749036960-1674562754-3875969962-1001 - Administrator - Enabled) => C:\Users\Ian Dulin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-749036960-1674562754-3875969962-1001\...\uTorrent) (Version: 3.4.5.41628 - BitTorrent Inc.)
Battlefield 3 (HKLM-x32\...\{744A6DF3-38E1-41D7-B332-E64463CF5BB3}_is1) (Version: 1.0 - EA Games)
Constant Fun (HKLM-x32\...\Constant Fun) (Version: 2.0.5853.33784 - Constant Fun) <==== ATTENTION
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.00 - Electronic Arts, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Maxthon App Store (HKLM-x32\...\Maxthon App Store 1.1.0.10848) (Version: 1.1.0.10848 - Maxthon, Inc.)
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.8.1000 - Maxthon International Limited)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 361.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Piece Pirate Warriors 3: GOLD Edition (HKLM-x32\...\One Piece Pirate Warriors 3: GOLD Edition_is1) (Version: - )
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.2.1 r2386 - )
Resident. Evil 6 (HKLM-x32\...\Resident. Evil 6_is1) (Version: - )
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Tombraider (HKLM-x32\...\Tombraider_is1) (Version: - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Watch Dogs (HKLM-x32\...\Watch Dogs_R.G. Mechanics_is1) (Version: - R.G. Mechanics, spider91)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-749036960-1674562754-3875969962-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Ian Dulin\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BABD2F-224D-4036-8F5D-334A441C2FE2} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {33B38A9E-259F-4261-BBBB-4CC2708D78AE} - System32\Tasks\Garena+ Plugin Host Service => D:\Garena Plus\ggdllhost.exe [2015-12-08] ()
Task: {3BAD67EB-83DF-4B2D-8B62-75BE3299F6E1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {7F8481DD-B70E-478D-BFCE-EF968A803465} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-10-29] (Maxthon International ltd.)
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts ============



BC AdBot (Login to Remove)

 


#2 Phantom010

Phantom010

  • Members
  • 1,022 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cyberspace
  • Local time:10:11 PM

Posted 14 January 2016 - 08:00 AM

The plugin-container.exe process is part of Firefox and manages your extensions. Try isolating the possible add-on causing high CPU usage.

 

https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

 

https://support.mozilla.org/en-US/kb/firefox-uses-too-many-cpu-resources-how-fix



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:11 PM

Posted 14 January 2016 - 03:43 PM

Hi inmrc, my name is nasdaq

At his request I will take over from Phantom010

===

Using the Control Panel > Programs and Features applet remove this program in bold.
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
() C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\8\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe
BHO-x32: Constant Fun -> {9d6b19f5-4a89-4db4-b650-44222af825b0} -> C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll [2016-01-11] ()
R2 Service Mgr ConstantFun; C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe [769248 2016-01-14] () <==== ATTENTION
R2 Update Mgr ConstantFun; C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe [645344 2016-01-14] () <==== ATTENTION
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates
C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54
C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll

C:\Users\Ian Dulin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ian Dulin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ian Dulin\AppData\Local\Temp\nvStInst.exe
C:\Users\Ian Dulin\AppData\Local\Temp\setup.exe
C:\Users\Ian Dulin\AppData\Local\Temp\{00A7F9EA-BDA6-48E1-9908-614505C0BD78}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{1C784C40-FE4D-48C3-BF6D-B57F88839A01}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{21A5681D-135C-475E-B436-073BD07E93A1}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{231D1247-E8B8-4E9F-9BF5-F7A733D898EF}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{23E8053C-58FB-4C3F-B11E-19C789DE8AAC}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{240F1EEE-73AC-4697-856E-F5DAE6C94638}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{31E85CDD-235A-4A4F-9229-30CBB0918355}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{36D4DEA5-1B8B-4EF0-ABB2-6677666C82FE}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{441B2C68-8213-4C12-A2FB-174E319F4EF9}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{46B41DD9-8841-44D4-A6A0-EC7A4645774E}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{477EBDAB-18F8-44E7-928A-83E22CD2749D}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{51697D26-CB57-4BFB-85C0-A93CE8D46C56}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{530CC3BD-A227-4B19-AC45-5A005852307A}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{54203C79-0814-4D6A-BC1E-23450FE5D1B3}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{659196E2-9451-4A5A-B852-77F4F72E0FCA}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{70F5898F-C3BE-413C-AA87-C9E1C42BA9EA}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{7B305C07-9B28-496D-8EC3-5925C30251DD}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{7C0B3744-0FA6-419B-BC45-4F9D3169CD53}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{8DA83353-7124-4266-82BE-F05ED86C7CC5}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{8F385831-D203-47E5-98DA-C25B6573137E}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{94EC9B78-B206-41D4-ABFA-E631F97DBE4C}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{9878618D-B8C4-4FB7-A197-476B74617552}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{991E9A3E-1D8B-4EDD-905E-F79C47BB7C93}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{9C0E6F23-DF8F-4BBE-845D-1E4D000B79B6}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{ABA3D777-EA7B-442F-A560-3F803AB2C7F3}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{C1803959-185E-4D25-98EA-62E43841C179}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{CB096BF5-5DD4-4D4E-BABD-B4A45C17633B}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{CE72A1E2-2D51-49BF-8B62-D99DBA1E81EE}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DAE0E6A7-AF78-40B0-A652-6D6806605F40}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DB6F4975-CA0B-4B66-8716-4E09015A1817}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DD7C540E-A703-4D47-830B-F846A2FAFBFD}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{EAFE5BB4-5AD2-485B-989A-0ED9AAC2FC19}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F00F5C25-193B-404D-A12F-96160B8017BF}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F0A62778-9D27-4BFD-A1B6-0F6564E6890D}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F9D7DBFF-9D05-435D-9613-AA740C6144C4}.dll
Task: {01BABD2F-224D-4036-8F5D-334A441C2FE2} - \AutoPico Daily Restart -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.

#4 inmrc

inmrc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 15 January 2016 - 05:24 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Ian Dulin (2016-01-16 06:20:46) Run:1
Running from D:\Farbar
Loaded Profiles: Ian Dulin (Available Profiles: Ian Dulin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
(BitTorrent Inc.) C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe
() C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\8\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe
() C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe
BHO-x32: Constant Fun -> {9d6b19f5-4a89-4db4-b650-44222af825b0} -> C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll [2016-01-11] ()
R2 Service Mgr ConstantFun; C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe [769248 2016-01-14] () <==== ATTENTION
R2 Update Mgr ConstantFun; C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe [645344 2016-01-14] () <==== ATTENTION
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates
C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54
C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll

C:\Users\Ian Dulin\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Ian Dulin\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Ian Dulin\AppData\Local\Temp\nvStInst.exe
C:\Users\Ian Dulin\AppData\Local\Temp\setup.exe
C:\Users\Ian Dulin\AppData\Local\Temp\{00A7F9EA-BDA6-48E1-9908-614505C0BD78}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{1C784C40-FE4D-48C3-BF6D-B57F88839A01}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{21A5681D-135C-475E-B436-073BD07E93A1}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{231D1247-E8B8-4E9F-9BF5-F7A733D898EF}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{23E8053C-58FB-4C3F-B11E-19C789DE8AAC}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{240F1EEE-73AC-4697-856E-F5DAE6C94638}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{31E85CDD-235A-4A4F-9229-30CBB0918355}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{36D4DEA5-1B8B-4EF0-ABB2-6677666C82FE}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{441B2C68-8213-4C12-A2FB-174E319F4EF9}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{46B41DD9-8841-44D4-A6A0-EC7A4645774E}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{477EBDAB-18F8-44E7-928A-83E22CD2749D}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{51697D26-CB57-4BFB-85C0-A93CE8D46C56}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{530CC3BD-A227-4B19-AC45-5A005852307A}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{54203C79-0814-4D6A-BC1E-23450FE5D1B3}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{659196E2-9451-4A5A-B852-77F4F72E0FCA}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{70F5898F-C3BE-413C-AA87-C9E1C42BA9EA}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{7B305C07-9B28-496D-8EC3-5925C30251DD}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{7C0B3744-0FA6-419B-BC45-4F9D3169CD53}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{8DA83353-7124-4266-82BE-F05ED86C7CC5}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{8F385831-D203-47E5-98DA-C25B6573137E}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{94EC9B78-B206-41D4-ABFA-E631F97DBE4C}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{9878618D-B8C4-4FB7-A197-476B74617552}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{991E9A3E-1D8B-4EDD-905E-F79C47BB7C93}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{9C0E6F23-DF8F-4BBE-845D-1E4D000B79B6}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{ABA3D777-EA7B-442F-A560-3F803AB2C7F3}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{C1803959-185E-4D25-98EA-62E43841C179}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{CB096BF5-5DD4-4D4E-BABD-B4A45C17633B}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{CE72A1E2-2D51-49BF-8B62-D99DBA1E81EE}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DAE0E6A7-AF78-40B0-A652-6D6806605F40}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DB6F4975-CA0B-4B66-8716-4E09015A1817}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{DD7C540E-A703-4D47-830B-F846A2FAFBFD}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{EAFE5BB4-5AD2-485B-989A-0ED9AAC2FC19}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F00F5C25-193B-404D-A12F-96160B8017BF}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F0A62778-9D27-4BFD-A1B6-0F6564E6890D}.dll
C:\Users\Ian Dulin\AppData\Local\Temp\{F9D7DBFF-9D05-435D-9613-AA740C6144C4}.dll
Task: {01BABD2F-224D-4036-8F5D-334A441C2FE2} - \AutoPico Daily Restart -> No File <==== ATTENTION

End
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe => No running process found
C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe => No running process found
C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates\3.4.5_41628\utorrentie.exe => No running process found
C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54\updater.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugincontainer.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\5\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\8\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\7\Plugin.exe => No running process found
C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54\plugins\12\Plugin.exe => No running process found
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9d6b19f5-4a89-4db4-b650-44222af825b0}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{9d6b19f5-4a89-4db4-b650-44222af825b0}" => key removed successfully
Service Mgr ConstantFun => service removed successfully
Update Mgr ConstantFun => service removed successfully
wfpcapture => service removed successfully
C:\Users\Ian Dulin\AppData\Roaming\uTorrent\updates => moved successfully
C:\Program Files (x86)\Common Files\415c6520-c0da-4fcb-9597-9d03c710be54 => moved successfully
C:\Program Files (x86)\Constant Fun\Extensions\9d6b19f5-4a89-4db4-b650-44222af825b0.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\nvSCPAPI.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\nvSCPAPI64.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\nvStInst.exe => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\setup.exe => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{00A7F9EA-BDA6-48E1-9908-614505C0BD78}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{1C784C40-FE4D-48C3-BF6D-B57F88839A01}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{21A5681D-135C-475E-B436-073BD07E93A1}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{231D1247-E8B8-4E9F-9BF5-F7A733D898EF}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{23E8053C-58FB-4C3F-B11E-19C789DE8AAC}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{240F1EEE-73AC-4697-856E-F5DAE6C94638}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{31E85CDD-235A-4A4F-9229-30CBB0918355}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{36D4DEA5-1B8B-4EF0-ABB2-6677666C82FE}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{441B2C68-8213-4C12-A2FB-174E319F4EF9}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{46B41DD9-8841-44D4-A6A0-EC7A4645774E}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{477EBDAB-18F8-44E7-928A-83E22CD2749D}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{51697D26-CB57-4BFB-85C0-A93CE8D46C56}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{530CC3BD-A227-4B19-AC45-5A005852307A}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{54203C79-0814-4D6A-BC1E-23450FE5D1B3}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{659196E2-9451-4A5A-B852-77F4F72E0FCA}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{70F5898F-C3BE-413C-AA87-C9E1C42BA9EA}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{7B305C07-9B28-496D-8EC3-5925C30251DD}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{7C0B3744-0FA6-419B-BC45-4F9D3169CD53}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{8DA83353-7124-4266-82BE-F05ED86C7CC5}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{8F385831-D203-47E5-98DA-C25B6573137E}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{94EC9B78-B206-41D4-ABFA-E631F97DBE4C}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{9878618D-B8C4-4FB7-A197-476B74617552}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{991E9A3E-1D8B-4EDD-905E-F79C47BB7C93}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{9C0E6F23-DF8F-4BBE-845D-1E4D000B79B6}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{ABA3D777-EA7B-442F-A560-3F803AB2C7F3}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{C1803959-185E-4D25-98EA-62E43841C179}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{CB096BF5-5DD4-4D4E-BABD-B4A45C17633B}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{CE72A1E2-2D51-49BF-8B62-D99DBA1E81EE}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{DAE0E6A7-AF78-40B0-A652-6D6806605F40}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{DB6F4975-CA0B-4B66-8716-4E09015A1817}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{DD7C540E-A703-4D47-830B-F846A2FAFBFD}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{EAFE5BB4-5AD2-485B-989A-0ED9AAC2FC19}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{F00F5C25-193B-404D-A12F-96160B8017BF}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{F0A62778-9D27-4BFD-A1B6-0F6564E6890D}.dll => moved successfully
C:\Users\Ian Dulin\AppData\Local\Temp\{F9D7DBFF-9D05-435D-9613-AA740C6144C4}.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01BABD2F-224D-4036-8F5D-334A441C2FE2} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key not found. 
EmptyTemp: => 963.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 06:21:11 ====

Here it is. I think its okay now. I checked task manager and the plugin container now is gone and other plug ins also the updater.exe which uses also alot of cpu usage. Thank you very much Mr. Nasdaq! I really Appreciate your help and kindness!


Edited by inmrc, 15 January 2016 - 05:31 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:11 PM

Posted 16 January 2016 - 08:00 AM


Quoted from a PM message.

May I ask if this is also a malware infection? If yes then how can I remove it?

==================== Files in the root of some directories =======

2016-01-14 17:46 - 2016-01-14 17:54 - 1065984 _____ () C:\Users\Ian Dulin\AppData\Local\file__0.localstorage

Some files in TEMP:
====================
C:\Users\Ian Dulin\AppData\Local\Temp\idman625build10.exe


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

All files in the C:\Users\Ian Dulin\AppData\Local\Temp\ folder can be deleted. NOT THE FOLDER.
Programs are not running from a \temp.

When you download files are they downloaded in that folder?

#6 inmrc

inmrc
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 16 January 2016 - 03:17 PM

Here is the log fie

# AdwCleaner v5.029 - Logfile created 17/01/2016 at 04:10:14
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : Ian Dulin - DESKTOP-VRSO3IM
# Running from : D:\Installer\adwcleaner_5.029.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : MasSvc_{MaxthonAppStore_1.1.0.10848}

***** [ Folders ] *****

Folder Found : C:\Program Files\kmspico
Folder Found : C:\Program Files (x86)\Constant Fun
Folder Found : C:\Program Files (x86)\Constant Fun
Folder Found : C:\ProgramData\415c6520-c0da-4fcb-9597-9d03c710be54
Folder Found : C:\Users\Ian Dulin\AppData\Roaming\OpenCandy

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B853E835-9F24-4F4B-B55C-E554D15CCCD2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{999721D2-F4D1-4397-8608-38928DDC0932}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D6B19F5-4A89-4DB4-B650-44222AF825B0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0FAA29E8-B9EF-4766-823A-2B3512C0AC25}
Key Found : HKLM\SOFTWARE\ConstantFun
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Constant Fun
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Constant Fun

***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1733 bytes] ##########






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users