Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Processes running rampant


  • This topic is locked This topic is locked
12 replies to this topic

#1 RJWaters

RJWaters

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 17 January 2016 - 03:37 AM

CMD.exe Conhost.exe dllhost.exe msiexec.exe and taskhost.exe are booting up in task manager in groups of 10-20each and along with msdtc.exe will slowly use up all 12gb of ram (only one group of processes will do it at a time) on my computer, all of these are supposed to be legitimate windows processes and they're in the system32 and syswow64 folders where i assume they should be so i dont know what the issue is. The list has grown to explorer.exe (theres a duplicate that immediately starts using 1gb of ram and quickly starts using more) and notepad.exe booting up for no reason (just in task manager no notepads register on desktop or taskbar)

Attached Files


Edited by RJWaters, 17 January 2016 - 04:01 AM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 AM

Posted 17 January 2016 - 12:19 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    File: C:\Users\RJ\AppData\Local\Temp\Temp1_DualMonitorTools-2.0.zip\DMT.exe 
    File: C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpcore.dll 
    C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    CustomCLSID: HKU\S-1-5-21-3770696253-170730383-1969595146-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> 
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 RJWaters

RJWaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 17 January 2016 - 02:33 PM

Ive encountered an issue when i click "fix" FRST has stopped working and has not changed for the past 2 hours, that and DMT.exe is dual monitor tools and shouldnt be an issue (I have had it on my computer for several months and its a reputable application used to stop my cursor from going to my second screen and minimizing my processes on accident)



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 AM

Posted 17 January 2016 - 02:35 PM

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 RJWaters

RJWaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 17 January 2016 - 03:02 PM

FRST will now not run at all the window shows but i can do nothing with it. also malware bytes deleted my bitcoin miner which isn't much of an issue. but the miner was legitimate.

 

MBAM log here

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/17/2016
Scan Time: 1:44 PM
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.17.04
Rootkit Database: v2016.01.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: RJ

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353202
Time Elapsed: 13 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
Trojan.Bedep, HKLM\SOFTWARE\CLASSES\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, , [ccecd6643861082e769ebd1a2fd24fb1],
Trojan.Bedep, HKU\S-1-5-21-3770696253-170730383-1969595146-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, , [ccecd6643861082e769ebd1a2fd24fb1],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, , [dcdcbf7b1b7e3105eaa2d1c98e745ba5],

Files: 6
Trojan.Bedep, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\rdpcore.dll, , [ccecd6643861082e769ebd1a2fd24fb1],
Trojan.BitCoinMiner, C:\Program Files (x86)\GoldCoin (GLD)\minerd.exe, , [84348ab0673273c3bf9f58d6649dd42c],
Trojan.BtcMiner.TS, C:\Users\RJ\Desktop\GUIminer\poclbm.exe, , [8632ff3b11889a9cd43e5df716eedb25],
PUP.Optional.BitCoinMiner, C:\Users\RJ\Desktop\GUIminer\cgminer\cgminer.exe, , [5167370319809b9bbf8b93a252b0e41c],
PUP.Optional.ProxyHijacker.BCM, C:\Users\RJ\Desktop\GUIminer\stratumproxy\mining_proxy.exe, , [219778c2f6a3ce6868a3ea60b24eff01],
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a, , [dcdcbf7b1b7e3105eaa2d1c98e745ba5],

Physical Sectors: 0
(No malicious items detected)


(end)



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 AM

Posted 18 January 2016 - 03:43 AM

Please download a fresh copy of FRST and run a scan.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 RJWaters

RJWaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 18 January 2016 - 08:28 AM

That worked here are the logs FRST.txt and addition.txt in that order


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by RJ (administrator) on RJ-PC (18-01-2016 06:05:36)
Running from C:\Users\RJ\Desktop
Loaded Profiles: RJ (Available Profiles: RJ)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(PcWinTech.com) C:\Program Files (x86)\CleanMem\Mini_Monitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Flux Software LLC) C:\Users\RJ\AppData\Local\FluxSoftware\Flux\flux.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [13318424 2015-03-12] (Logitech Inc.)
HKLM-x32\...\Run: [SPIRunE] => Rundll32 SPIRunE.dll,RunDLLEntry
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-15] (AVAST Software)
HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\Run: [f.lux] => C:\Users\RJ\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\Run: [GNE_DualMonitorTools] => C:\Users\RJ\Desktop\DualMonitorTools-2.2\DMT.exe [680960 2016-01-17] (GNE)
HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\MountPoints2: {5f5d69bc-58df-11e5-bb0d-74f06debe3a4} - F:\Autorun.exe
HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\MountPoints2: {5f5d69c5-58df-11e5-bb0d-74f06debe3a4} - G:\Autorun.exe
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-15] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{5609F62F-8675-49C2-986C-7D80DFD8F309}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-3770696253-170730383-1969595146-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?PC=BNHP
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-14] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-15] (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-14] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-15] (AVAST Software)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://files.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF ProfilePath: C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\w3vkjptj.default-1439595624666
FF DefaultSearchEngine.US: Bing
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-07-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-07-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-07-17] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\w3vkjptj.default-1439595624666\searchplugins\mabinogi-world-wiki-en.xml [2015-09-18]
FF Extension: Adblock Plus - C:\Users\RJ\AppData\Roaming\Mozilla\Firefox\Profiles\w3vkjptj.default-1439595624666\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-15]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-02]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-02]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-12-15]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-15]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-15] (AVAST Software)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-07-14] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [238376 2015-08-27] (EasyAntiCheat Ltd)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 AdobeARMservice; "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Alpham1; C:\Windows\System32\DRIVERS\Alpham164.sys [52992 2007-07-23] (Ideazon Corporation)
R3 Alpham2; C:\Windows\System32\DRIVERS\Alpham264.sys [21760 2007-03-20] (Ideazon Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-15] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-15] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-18] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-15] (AVAST Software)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-18] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 06:05 - 2016-01-18 06:05 - 00013982 _____ C:\Users\RJ\Desktop\FRST.txt
2016-01-17 13:43 - 2016-01-17 13:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-17 13:42 - 2016-01-17 13:42 - 22908888 _____ (Malwarebytes ) C:\Users\RJ\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-17 13:42 - 2016-01-17 13:42 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-17 13:42 - 2016-01-17 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-17 13:42 - 2016-01-17 13:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-17 13:42 - 2016-01-17 13:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-17 13:42 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-17 13:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-17 13:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-17 13:22 - 2016-01-17 13:23 - 00000358 _____ C:\Users\RJ\Desktop\fixlist.txt
2016-01-17 08:00 - 2016-01-17 08:04 - 00000000 ____D C:\Users\RJ\Desktop\DualMonitorTools-2.2
2016-01-17 08:00 - 2016-01-17 08:00 - 00234277 _____ C:\Users\RJ\Downloads\DualMonitorTools-2.2.zip
2016-01-17 08:00 - 2016-01-17 08:00 - 00001061 _____ C:\Users\RJ\Desktop\DMT.exe - Shortcut.lnk
2016-01-17 07:33 - 2016-01-17 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Tyranid Mod for Soulstorm
2016-01-17 07:33 - 2016-01-17 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tyranid Mod for Soulstorm
2016-01-17 06:57 - 2016-01-17 07:14 - 1045112431 _____ () C:\Users\RJ\Downloads\UA_173_installer.exe
2016-01-17 06:08 - 2016-01-17 06:08 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2016-01-17 05:44 - 2016-01-17 05:46 - 71070044 _____ () C:\Users\RJ\Downloads\Tyranid_Mod_0.5b2_Installer.exe
2016-01-17 05:37 - 2016-01-17 05:37 - 00001207 _____ C:\Users\Public\Desktop\Soulstorm.lnk
2016-01-17 05:22 - 2016-01-17 05:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2016-01-17 05:22 - 2016-01-17 05:22 - 00000000 ____D C:\Program Files (x86)\THQ
2016-01-17 02:19 - 2016-01-18 06:05 - 00000000 ____D C:\FRST
2016-01-17 02:19 - 2016-01-17 02:19 - 02370560 _____ (Farbar) C:\Users\RJ\Desktop\FRST64.exe
2016-01-16 08:45 - 2016-01-16 08:45 - 52988120 _____ (Microsoft Corporation) C:\Users\RJ\Downloads\Windows-KB890830-x64-V5.32.exe
2016-01-16 08:45 - 2016-01-16 08:45 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-16 08:29 - 2016-01-16 08:30 - 00243214 _____ C:\Windows\ntbtlog.txt
2016-01-15 02:35 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-01-15 02:35 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-01-15 02:35 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-01-15 02:35 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-01-15 02:35 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-01-15 01:07 - 2016-01-15 01:07 - 00000221 _____ C:\Users\RJ\Desktop\Borderlands 2.url
2016-01-12 20:01 - 2015-12-16 15:52 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-12 20:01 - 2015-12-16 15:52 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-12 20:01 - 2015-12-16 15:52 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 14269440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 13723648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 02793984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-12 20:01 - 2015-12-16 15:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-12 20:01 - 2015-12-16 15:50 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-12 20:01 - 2015-12-16 15:50 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-12 20:01 - 2015-12-16 15:50 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-12 20:01 - 2015-12-16 14:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-12 20:01 - 2015-12-16 13:43 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-12 20:01 - 2015-12-16 13:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2016-01-12 20:01 - 2015-12-16 12:08 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-12 20:01 - 2015-12-16 08:36 - 19349504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-12 20:01 - 2015-12-16 08:36 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-12 20:01 - 2015-12-16 08:36 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-12 20:01 - 2015-12-16 08:36 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-12 20:01 - 2015-12-16 08:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-12 20:01 - 2015-12-16 08:36 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-12 20:01 - 2015-12-16 08:36 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-12 20:01 - 2015-12-16 08:36 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-12 20:01 - 2015-12-16 08:35 - 15422976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 03805696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 02658304 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-12 20:01 - 2015-12-16 08:35 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-12 20:01 - 2015-12-16 08:35 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-12 20:01 - 2015-12-10 14:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-12 20:01 - 2015-12-10 13:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-12 20:01 - 2015-12-10 13:10 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2016-01-12 20:01 - 2015-12-10 11:59 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-12 20:01 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-12 20:01 - 2015-11-13 17:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-12 20:01 - 2015-11-13 17:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-12 20:01 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-12 20:01 - 2015-11-13 16:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-12 20:01 - 2015-11-13 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-12 20:00 - 2015-12-30 13:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-12 20:00 - 2015-12-30 13:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-12 20:00 - 2015-12-30 13:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-12 20:00 - 2015-12-30 13:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-12 20:00 - 2015-12-30 13:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-12 20:00 - 2015-12-30 13:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-12 20:00 - 2015-12-30 13:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-12 20:00 - 2015-12-30 13:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-12 20:00 - 2015-12-30 13:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-12 20:00 - 2015-12-30 13:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-12 20:00 - 2015-12-30 13:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-12 20:00 - 2015-12-30 13:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-01-12 20:00 - 2015-12-30 13:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-12 20:00 - 2015-12-30 13:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-12 20:00 - 2015-12-30 13:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-01-12 20:00 - 2015-12-30 13:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-12 20:00 - 2015-12-30 13:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-12 20:00 - 2015-12-30 13:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-12 20:00 - 2015-12-30 12:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-12 20:00 - 2015-12-30 12:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-12 20:00 - 2015-12-30 12:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-12 20:00 - 2015-12-30 12:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-12 20:00 - 2015-12-30 12:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-12 20:00 - 2015-12-30 12:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-12 20:00 - 2015-12-30 12:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-12 20:00 - 2015-12-30 12:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-12 20:00 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-12 20:00 - 2015-12-30 12:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-12 20:00 - 2015-12-30 12:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-12 20:00 - 2015-12-30 12:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-12 20:00 - 2015-12-30 12:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-12 20:00 - 2015-12-30 12:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-12 20:00 - 2015-12-30 12:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-12 20:00 - 2015-12-30 12:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-12 20:00 - 2015-12-30 12:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-12 20:00 - 2015-12-30 12:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-12 20:00 - 2015-12-30 12:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-12 20:00 - 2015-12-30 12:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-01-12 20:00 - 2015-12-30 12:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-12 20:00 - 2015-12-30 12:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-12 20:00 - 2015-12-30 12:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-12 20:00 - 2015-12-30 12:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-12 20:00 - 2015-12-30 12:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-12 20:00 - 2015-12-30 12:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-12 20:00 - 2015-12-30 12:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-12 20:00 - 2015-12-30 12:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-12 20:00 - 2015-12-30 12:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 12:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 11:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-12 20:00 - 2015-12-30 11:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-12 20:00 - 2015-12-30 11:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-01-12 20:00 - 2015-12-30 11:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-12 20:00 - 2015-12-30 11:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-12 20:00 - 2015-12-30 11:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-12 20:00 - 2015-12-30 11:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-12 20:00 - 2015-12-30 11:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-12 20:00 - 2015-12-30 11:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-12 20:00 - 2015-12-30 11:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-12 20:00 - 2015-12-30 11:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-12 20:00 - 2015-12-30 11:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-12 20:00 - 2015-12-30 11:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-12 20:00 - 2015-12-30 11:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-12 20:00 - 2015-12-30 11:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 11:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 11:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-12 20:00 - 2015-12-30 11:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-12 20:00 - 2015-12-11 12:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 20:00 - 2015-12-08 15:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-12 20:00 - 2015-12-08 15:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-01-12 20:00 - 2015-12-08 15:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-12 20:00 - 2015-12-08 15:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-12 20:00 - 2015-12-08 15:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-12 20:00 - 2015-12-08 15:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-12 20:00 - 2015-12-08 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-12 20:00 - 2015-12-08 15:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-12 20:00 - 2015-12-08 15:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-12 20:00 - 2015-12-08 15:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-12 20:00 - 2015-12-08 15:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-12 20:00 - 2015-12-08 13:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-12 20:00 - 2015-12-08 13:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-12 20:00 - 2015-12-08 13:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-12 20:00 - 2015-12-08 13:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-12 20:00 - 2015-12-08 13:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-12 20:00 - 2015-12-08 13:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-12 20:00 - 2015-12-08 12:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-12 20:00 - 2015-12-08 12:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-12 20:00 - 2015-12-08 12:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-12 20:00 - 2015-12-08 11:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-12 20:00 - 2015-11-16 14:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-10 23:55 - 2016-01-11 00:08 - 00000000 ____D C:\Users\RJ\Desktop\bug fix warsword
2016-01-07 15:48 - 2016-01-07 15:48 - 00001085 _____ C:\Users\RJ\Desktop\Cheat Engine.lnk
2016-01-07 15:48 - 2016-01-07 15:48 - 00000000 ____D C:\Users\RJ\Documents\My Cheat Tables
2016-01-07 15:48 - 2016-01-07 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.5
2016-01-07 15:48 - 2016-01-07 15:48 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.5
2016-01-07 00:36 - 2016-01-07 00:36 - 00001451 _____ C:\Users\RJ\Desktop\Warband Battle Sizer.lnk
2016-01-06 23:48 - 2016-01-07 15:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-03 10:16 - 2016-01-11 01:37 - 00000000 ____D C:\Users\RJ\Documents\Mount&Blade Warband Savegames
2016-01-03 10:14 - 2016-01-05 15:53 - 00000000 ____D C:\Users\RJ\Documents\Mount&Blade Warband
2016-01-03 10:14 - 2016-01-03 10:15 - 00000000 ____D C:\Users\RJ\AppData\Roaming\Mount&Blade Warband
2016-01-03 10:08 - 2016-01-03 10:08 - 00000221 _____ C:\Users\RJ\Desktop\Mount & Blade Warband.url
2016-01-02 09:30 - 2016-01-02 09:30 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-01-02 09:30 - 2016-01-02 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-01-02 09:30 - 2015-12-15 09:02 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-01 15:49 - 2016-01-01 15:49 - 00000000 ____D C:\Users\RJ\AppData\Local\ArchiveInvalidation
2015-12-30 16:11 - 2015-12-30 16:12 - 00000000 ____D C:\Users\RJ\Desktop\nvse_5_0_beta2
2015-12-30 16:07 - 2015-12-30 16:10 - 00000000 ____D C:\Users\RJ\AppData\Local\FalloutNV
2015-12-30 15:50 - 2015-12-30 15:50 - 00000221 _____ C:\Users\RJ\Desktop\Fallout New Vegas.url
2015-12-30 12:32 - 2015-12-30 12:32 - 00000000 ____D C:\Windows\SysWOW64\xlive
2015-12-30 12:32 - 2015-12-30 12:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2015-12-30 12:27 - 2015-12-30 12:28 - 00000000 ____D C:\Program Files\Unlocker
2015-12-30 12:27 - 2015-12-30 12:27 - 00000000 ____D C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2015-12-30 11:28 - 2015-12-30 11:28 - 00000000 ____D C:\Users\RJ\AppData\Local\FOMM
2015-12-30 11:28 - 2015-12-30 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
2015-12-30 11:28 - 2015-12-30 11:28 - 00000000 ____D C:\Program Files (x86)\GeMM
2015-12-30 11:27 - 2015-12-30 11:27 - 01404186 _____ (Q, Timeslip ) C:\Users\RJ\Downloads\New FOMM-640-0-13-21.exe
2015-12-30 11:10 - 2015-12-30 11:10 - 00384875 _____ C:\Users\RJ\Downloads\fose_v1_2_beta2.7z
2015-12-30 10:57 - 2015-12-30 12:34 - 00000000 ____D C:\Users\RJ\AppData\Local\Fallout3
2015-12-26 22:53 - 2015-12-26 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-12-26 22:53 - 2015-12-26 22:53 - 00000000 ____D C:\ProgramData\Apple
2015-12-25 11:00 - 2015-12-25 11:00 - 01263512 _____ C:\Windows\Minidump\122515-18486-01.dmp
2015-12-23 19:32 - 2015-12-29 14:33 - 00000000 ____D C:\Users\RJ\AppData\Local\Fallout4
2015-12-21 15:59 - 2015-12-21 15:59 - 00000016 _____ C:\ProgramData\mntemp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-18 06:02 - 2015-07-19 16:24 - 00000000 ____D C:\Users\RJ\AppData\Roaming\Skype
2016-01-18 05:54 - 2015-07-14 15:24 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-18 00:38 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2016-01-18 00:09 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-18 00:09 - 2009-07-13 22:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-18 00:00 - 2015-07-14 13:35 - 00000000 ____D C:\ProgramData\NVIDIA
2016-01-18 00:00 - 2009-07-13 23:32 - 00000000 ____D C:\Windows\Offline Web Pages
2016-01-18 00:00 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-17 13:58 - 2015-09-11 16:23 - 00000000 ____D C:\Users\RJ\Desktop\GUIminer
2016-01-17 13:45 - 2015-07-14 15:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-17 05:37 - 2009-07-13 21:20 - 00000000 ____D C:\Windows
2016-01-17 05:22 - 2015-07-14 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-17 00:26 - 2009-07-13 23:13 - 00781654 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-17 00:26 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-01-16 08:27 - 2009-07-13 22:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-16 08:22 - 2015-07-14 13:46 - 00773536 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-01-16 07:04 - 2015-07-14 15:00 - 00000000 ____D C:\Users\RJ\Desktop\Test
2016-01-15 02:15 - 2015-07-15 16:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-15 01:28 - 2015-07-22 20:47 - 00000000 ____D C:\Users\RJ\Documents\My Games
2016-01-13 22:21 - 2009-07-13 23:08 - 00026734 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-13 22:06 - 2015-12-15 14:05 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-01-13 22:06 - 2015-12-15 14:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-01-13 22:06 - 2015-12-15 14:05 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-01-02 09:38 - 2015-07-14 15:22 - 00000000 ____D C:\Program Files\AVAST Software
2016-01-02 09:31 - 2015-07-14 15:21 - 00000000 ____D C:\ProgramData\AVAST Software
2015-12-30 16:04 - 2009-07-13 23:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-29 14:43 - 2015-07-14 19:37 - 00000000 ____D C:\Users\RJ\AppData\Local\Adobe
2015-12-29 14:40 - 2015-07-14 19:38 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-29 14:40 - 2015-07-14 19:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-28 01:00 - 2015-07-20 23:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 01:00 - 2015-07-20 23:32 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 01:00 - 2015-07-19 16:20 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-28 01:00 - 2015-07-19 16:20 - 00000896 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-28 00:59 - 2015-08-25 22:46 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2015-12-26 22:53 - 2015-08-25 22:47 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-12-26 22:15 - 2015-07-20 03:52 - 00003392 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachineDaily
2015-12-26 22:15 - 2015-07-20 03:52 - 00003266 _____ C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-12-26 22:15 - 2015-07-19 16:20 - 00003908 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2015-12-26 22:15 - 2015-07-19 16:20 - 00003656 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2015-12-26 22:14 - 2015-08-01 12:31 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-26 22:14 - 2015-07-20 23:32 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-26 22:14 - 2015-07-20 23:32 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-25 11:00 - 2015-09-21 01:04 - 698396830 _____ C:\Windows\MEMORY.DMP
2015-12-25 11:00 - 2015-09-21 01:04 - 00000000 ____D C:\Windows\Minidump
2015-12-21 00:18 - 2015-07-14 19:22 - 00000000 ____D C:\Users\RJ\AppData\Roaming\TS3Client
2015-12-19 16:22 - 2015-10-20 19:48 - 00000000 ____D C:\Users\RJ\Desktop\Technic

==================== Files in the root of some directories =======

2015-09-11 12:39 - 2015-09-11 14:11 - 0000033 _____ () C:\Users\RJ\AppData\Roaming\AdobeWLCMCache.dat
2015-10-01 15:41 - 2015-10-01 15:41 - 0000000 _____ () C:\Users\RJ\AppData\Local\{673A4F9F-6FFB-40D4-9F1A-004FD86DEBDE}
2015-11-23 10:28 - 2015-11-23 10:28 - 0000000 _____ () C:\Users\RJ\AppData\Local\{75ED0FAD-EF3B-4CF7-890F-83B984A80717}
2015-09-26 07:19 - 2015-09-26 07:19 - 0000000 _____ () C:\Users\RJ\AppData\Local\{B3DFFD17-F0FE-4FBF-BE55-7737F8E1284F}
2015-09-22 17:05 - 2015-09-22 17:05 - 0000000 _____ () C:\Users\RJ\AppData\Local\{D7FFAA22-BB16-42A2-B302-F17D8BE75D98}
2015-12-21 15:59 - 2015-12-21 15:59 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\RJ\AppData\Local\Temp\drm_dyndata_7350007.dll
C:\Users\RJ\AppData\Local\Temp\Nexus Mod Manager-0.61.5.exe
C:\Users\RJ\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-09 00:02

==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by RJ (2016-01-18 06:06:02)
Running from C:\Users\RJ\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2015-07-14 18:21:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3770696253-170730383-1969595146-500 - Administrator - Disabled)
Guest (S-1-5-21-3770696253-170730383-1969595146-501 - Limited - Disabled)
RJ (S-1-5-21-3770696253-170730383-1969595146-1000 - Administrator - Enabled) => C:\Users\RJ

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
7-Zip 15.06 beta (HKLM-x32\...\7-Zip) (Version: 15.06 - Igor Pavlov)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
A Story About My Uncle (HKLM-x32\...\Steam App 278360) (Version:  - Gone North Games)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version:  - Frictional Games)
Arx Fatalis (HKLM-x32\...\Steam App 1700) (Version:  - Arkane Studios)
Arx Libertatis (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\ArxLibertatis) (Version: 1.1.2 - )
AutoHotkey 1.1.22.03 (HKLM\...\AutoHotkey) (Version: 1.1.22.03 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
BitTorrent (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Cheat Engine 6.5 (HKLM-x32\...\Cheat Engine 6.5_is1) (Version:  - Cheat Engine)
Circle of Eight Modpack version 8.1.0 New Content Edition (HKLM-x32\...\{4D57C220-6ACB-4427-8885-13933789323E}_is1) (Version: 8.1.0 New Content Edition - Circle of Eight)
CleanMem (HKLM-x32\...\CleanMem) (Version: v2.5.0 - PcWinTech.com)
Contagion (HKLM-x32\...\Steam App 238430) (Version:  - Monochrome, Inc)
CPUID CPU-Z 1.74 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 3.00 - Creative Technology Limited)
Creative Diagnostics (HKLM-x32\...\Diagnostics 4_5) (Version: 5.11 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - Creative Technology Limited)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dawn of War - Soulstorm (HKLM-x32\...\{20533183-D42D-4261-A125-956736FBEA8C}) (Version: 1.00.0000 - THQ)
Dawn of War - Soulstorm (x32 Version: 1.00.0000 - THQ) Hidden
Dirty Bomb (HKLM-x32\...\Steam App 333930) (Version:  - Splash Damage®)
Divinity: Dragon Commander (HKLM-x32\...\Steam App 243950) (Version:  - Larian Studios)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
EVE Online (HKLM-x32\...\{CC9CB947-73DB-47CD-A106-64CD8F871B90}) (Version: 3.0.0 - CCP Games Ltd.)
f.lux (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\Flux) (Version:  - )
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version:  - Q, Timeslip)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fistful of Frags (HKLM-x32\...\Steam App 265630) (Version:  - Fistful of Frags Team)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Host OpenAL (HKLM-x32\...\Host OpenAL) (Version: 1.00 - Creative Technology Limited)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Litecoin Core (64-bit) (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\Litecoin Core (64-bit)) (Version: 0.10.2.2 - Litecoin Core project)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - NEXON Korea Corp.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version:  - TaleWorlds Entertainment)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Neverwinter Nights Platinum Edition (HKLM-x32\...\{C1583439-B034-4881-819C-D52A0587662B}) (Version:  - )
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.5 - Black Tree Gaming)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OBS Multiplatform (HKLM-x32\...\OBS Multiplatform) (Version: 0.11.1 - OBS Project)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version:  - Daybreak Games)
PlanetSide 2 (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\DG0-PlanetSide 2) (Version:  - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\SOE-PlanetSide 2) (Version:  - Sony Online Entertainment)
Project New Sky (HKLM-x32\...\{A2779ECA-2ED3-456A-96CD-FEF2A03D3FFF}) (Version: 1.00.0001 - Project New Sky)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6240 - Realtek Semiconductor Corp.)
Recursion Tracker (HKLM-x32\...\{7764D59B-8E68-49FB-A4D8-4A22FE9700A6}) (Version: 0.10.3.3 - Recursion)
SafeZone Stable 1.46.1990.139 (x32 Version: 1.46.1990.139 - Avast Software) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - Keen Software House)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Temple of Elemental Evil (HKLM-x32\...\{AD80F06B-0F21-4EEE-934D-BEF0D21E6383}) (Version: 1.00.000 - )
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Tyranid Mod 0.5b2 for Soulstorm (HKLM-x32\...\Tyranid Mod 0.5b2 for Soulstorm) (Version:  - )
Ultimate Apocalypse mod 1.73 (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\Ultimate Apocalypse mod 1.73) (Version:  - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.2 - WebM Project)
World of Tanks (HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2F518D9E-54D9-4B74-AB60-45BCF5BF72EF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-15] (AVAST Software)
Task: {30FEEA12-B93F-45CB-A615-6EEF18177563} - System32\Tasks\Clean System Memory => C:\Windows\syswow64\CleanMem.exe [2014-08-20] (PcWinTech.com)
Task: {531BC04E-75FF-4AF1-B331-57C03AD80303} - System32\Tasks\{4B82B26C-5C10-465D-9AAD-B0DA2DA69E78} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.15.0.103/en/abandoninstall?page=tsMain
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {66535F96-8551-4129-82A7-2A17BFA3B0DC} - System32\Tasks\{ED0D915C-F962-445D-87CC-F058499F57B4} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.12.0.101/en/abandoninstall?page=tsMain
Task: {69232986-F702-4BD9-BD9B-E46D7502D66E} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()
Task: {8F76B6AC-4F8F-4F68-B3F8-9373E40D3AB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {91C2575C-8054-4F64-9DA1-AEEA860D89FD} - System32\Tasks\{8D80F0C0-4E1D-4042-88AD-C7368FEE5EA3} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.12.0.101/en/abandoninstall?page=tsMain
Task: {9614037C-474C-4E34-A857-5F5FF0315860} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {C11E2ED4-83A3-4C5F-8973-9B5CFF3DE1EF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2015-12-15] (AVAST Software)
Task: {D344CB72-C6A1-4E1F-8635-20D8BB72A52B} - System32\Tasks\CleanMem Mini Monitor => C:\Program Files (x86)\CleanMem\mini_monitor.exe [2014-08-20] (PcWinTech.com)
Task: {D8383126-C562-40AC-9C08-FA72ECB29DC5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.)
Task: {DB292281-34B5-4EF4-AB43-3A4D74F9DD97} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.)
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {E90FB513-6665-4E2A-B97C-2842809A0AEB} - System32\Tasks\SafeZone scheduled Autoupdate 1450225370 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
Task: {EE58826F-9FE9-468E-85E5-E3FDF146CFB4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {FD8CBCA9-1A79-4C7F-A33B-50DBCE17843A} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\RJ\Desktop\Wurm Online.lnk -> C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.wurmonline.com/client/wurmclient.jnlp "C:\Users\RJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5fef8269-5b778ad2"
ShortcutWithArgument: C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wurm Online\Wurm Online.lnk -> C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://www.wurmonline.com/client/wurmclient.jnlp "C:\Users\RJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\5fef8269-5b778ad2"

==================== Loaded Modules (Whitelisted) ==============

2015-07-14 13:34 - 2015-02-05 13:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-09-18 01:23 - 2014-09-18 01:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2015-03-12 12:23 - 2015-03-12 12:23 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 01:23 - 2014-09-18 01:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2015-03-12 12:23 - 2015-03-12 12:23 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2015-12-15 09:02 - 2015-12-15 09:02 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-12-15 09:02 - 2015-12-15 09:02 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-17 12:43 - 2016-01-17 12:43 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011704\algo.dll
2015-12-15 09:02 - 2015-12-15 09:02 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-01-18 05:55 - 2016-01-18 05:55 - 02818048 _____ () C:\Program Files\AVAST Software\Avast\defs\16011800\algo.dll
2015-07-14 13:33 - 2009-02-06 17:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2015-07-14 13:33 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2009-08-26 04:29 - 2009-08-26 04:29 - 00150016 _____ () C:\Windows\SysWOW64\OemSpiE.dll
2015-12-15 09:02 - 2015-12-15 09:02 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-3770696253-170730383-1969595146-1000\...\sony.com -> sony.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3770696253-170730383-1969595146-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\RJ\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Survarium-Steam Update Service => 3
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BingSvc => C:\Users\RJ\AppData\Local\Microsoft\BingSvc\BingSvc.exe
MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{02A3BABE-17F7-4E47-874B-0490E1A82B03}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6125D08A-4DD0-44F3-9075-C0444CB22360}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{71BDD911-5D2F-43A0-8F47-FB655AE53954}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
FirewallRules: [UDP Query User{0208CF19-23D4-41C5-8378-C767415EA86A}C:\program files\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\java.exe
FirewallRules: [{AD754177-6F0C-4544-8014-85DDF041B8D9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FFF2F5AF-1D8C-4611-B9EC-EF5E5D462770}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0EDD7053-EC5F-4AC7-A123-339A5114FE47}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{58BAE70C-0C92-4265-9E2F-E4424363DD3B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{38A43A81-503D-426E-81C2-FA3797D0EA5E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{9392F9DE-44B1-4DAD-9BFA-FC82E27EDF6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [TCP Query User{143CD82C-1BAF-41E9-B36F-BD7E1379EE0B}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{CFE0D9D7-8F61-48DB-BC27-17214F014470}C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{6334E4C2-FB46-4920-A76D-49F6D23CEAFF}] => (Allow) C:\Users\RJ\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{D2F868DB-60CE-41E0-A7D6-614AAB2B42DA}] => (Allow) C:\Users\RJ\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3D9224FD-7363-4FA0-B83A-A329A2AD2D8D}] => (Allow) C:\Users\RJ\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0B2A233A-C012-4E36-A0B2-3936388BF5DB}] => (Allow) C:\Users\RJ\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{51A38CC6-B155-4FE4-A4A9-3F3CB6E409CC}] => (Allow) C:\Users\RJ\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{5F572439-F9E5-4193-8136-C0E712FDD429}] => (Allow) C:\Users\RJ\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{E9007068-DB1E-4FE8-A414-130C111E1B04}] => (Allow) C:\Users\RJ\AppData\Local\Temp\nsl976F.tmp\Installer-10874879.exe
FirewallRules: [{E339F724-9121-4A45-85E0-77F437BDD123}] => (Allow) C:\Users\RJ\AppData\Local\Temp\nsl976F.tmp\Installer-10874879.exe
FirewallRules: [{4D2E4BED-7D78-486E-B8F1-7043EF4C60B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mabinogi\nxsteam.exe
FirewallRules: [{145490E9-D5A1-48EB-82FA-0BE6FA31593A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mabinogi\nxsteam.exe
FirewallRules: [{CC7BFEA4-4493-48EB-BD4C-F8A9D0DD60AF}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{DC147EB2-12AE-4B55-B366-9360D211F13B}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{5CF5EF4E-D9BB-4A18-B8A6-CE51F597D683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{2B857962-445A-4FED-8B90-14999956875B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SpaceEngineers\Bin64\SpaceEngineers.exe
FirewallRules: [{01DDC483-13D5-4BAB-9F75-CC8838F78598}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C97BB87F-505A-4153-90C3-45F00516C044}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{2AF6C60D-3AA3-42CE-B295-71ADC08D8C75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie_EAC.exe
FirewallRules: [{1FF25DAE-1866-43C5-8816-8F05263F7F77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [{A20B6323-5E93-4B48-A8F7-2C18013B0099}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\7 Days To Die\7DaysToDie.exe
FirewallRules: [TCP Query User{CCFD4CFE-59DD-4F64-A2EA-B101EAEB8BBF}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{5E70A0D8-BDE2-42EC-9A23-86C14B43EE9F}C:\program files\java\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{5F213539-753F-4C54-9D5D-F2DECB8202CD}] => (Allow) C:\Users\RJ\AppData\Local\Temp\nsv6CCD.tmp\Installer-10767852.exe
FirewallRules: [{03301851-58A2-4CDE-8236-51F8E02EC42A}] => (Allow) C:\Users\RJ\AppData\Local\Temp\nsv6CCD.tmp\Installer-10767852.exe
FirewallRules: [{9020FBF2-3E54-41F0-BECB-0D2778B38DB5}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{64C8371F-1A3C-4CE8-81C6-00788E41344A}] => (Allow) C:\Games\World_of_Tanks\WorldofTanks.exe
FirewallRules: [TCP Query User{730667DC-CC44-4CB8-8334-7A3F8EFA9BC7}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{22F1956D-9741-4FB1-B290-613231133C04}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{4B907B7F-C79E-45AC-B499-B3046B60664F}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{4F734385-EC42-489B-B500-C94848982F25}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{268CD296-6B45-4779-94F2-091A22B3DD05}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [UDP Query User{66E6DC37-0422-4192-B14D-8B4BB48D0B2D}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe
FirewallRules: [TCP Query User{40A2C779-D8AE-4719-91D7-95E7147D12CC}C:\program files (x86)\goldcoin (gld)\goldcoin-qt.exe] => (Allow) C:\program files (x86)\goldcoin (gld)\goldcoin-qt.exe
FirewallRules: [UDP Query User{8099FB62-62FE-411A-9442-E9EDF8EE24B7}C:\program files (x86)\goldcoin (gld)\goldcoin-qt.exe] => (Allow) C:\program files (x86)\goldcoin (gld)\goldcoin-qt.exe
FirewallRules: [{E690AF75-AAF9-416D-8C43-167DFF2B37AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{B83FF897-DB86-4273-A495-6DC0C37FEA34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{1D8427D4-B600-4583-AD0A-FC5F2B82872F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{E052DC62-5779-415D-88F7-FE6DCD62377C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [TCP Query User{C99E4B49-64C3-484A-B455-26E9CFD30161}C:\users\rj\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\rj\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6F599D8F-3253-44C7-8EAC-37470FA082CB}C:\users\rj\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\rj\documents\curse\minecraft\install\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F2547260-1A1D-4285-8392-101A6C60109E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{D6C7F0D7-395C-460C-9DD8-3362683418A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [TCP Query User{9D2D5876-1E7E-4DB4-8C3F-144E4EF529E1}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe
FirewallRules: [UDP Query User{558B0128-4B4A-4942-850A-A53AAAC5A7A7}C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\aftermath\aftermath.exe
FirewallRules: [TCP Query User{71F6C181-A1D2-42C3-AEA1-38F43360001F}C:\neverwinternights\nwn\nwmain.exe] => (Allow) C:\neverwinternights\nwn\nwmain.exe
FirewallRules: [UDP Query User{F56717F6-033C-4A34-B2A8-D04AD2115734}C:\neverwinternights\nwn\nwmain.exe] => (Allow) C:\neverwinternights\nwn\nwmain.exe
FirewallRules: [{BC690AA4-35A0-4550-A994-ADFDB459695A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B3252D74-C9CA-4CA3-908F-E2F464D9C739}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3AB459E4-FEDF-420D-8B95-1996DBAB4697}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [{F45F6BDF-9A44-4DF7-A3C9-85294954B48B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Contagion\contagion.exe
FirewallRules: [{A787F9E1-A364-46BA-93C6-490A169E61DE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Dragon Commander\Shipping\DCApp.exe
FirewallRules: [{F29C683F-CDF9-4BFB-B844-64BECFB4DC0B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Dragon Commander\Shipping\DCApp.exe
FirewallRules: [{2617B6A3-CAEB-44B4-9628-219284F334AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{2A336B61-CF45-4125-8369-E6438E62FA30}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{235C90C9-906C-484A-BDD3-0BC508AB7F46}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{8377C249-E451-4186-A886-101E7A80150C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arx Fatalis\arx.exe
FirewallRules: [{EFF1B98C-EF2D-4E60-AF76-D5E1F72A4DCB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Arx Fatalis\arx.exe
FirewallRules: [{ACA96025-5C80-44F1-87C5-D5D258A8E59F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{4329128D-4FF5-43F8-A0DF-FC6B15C29A0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{38752A34-284C-418D-B71B-134B2F5208B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E0E07E34-8176-4A18-81AF-8006E635FF4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{04DF2402-25D2-4B00-A7B8-171F2FA9A25A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{51079BD3-275C-4962-B207-18C6AEA49FDE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [TCP Query User{48F33554-C267-41CB-B047-6ED73A74B00B}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [UDP Query User{0D98FBB2-11D5-4091-B810-8BAFAE436DCA}C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\fallout 4\fallout4.exe
FirewallRules: [{1CC92591-C52F-4023-9F8C-F7855CB5519E}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{CE6B078F-CC18-40C2-8B64-C6AAD537168D}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{8EDE0688-BF14-4C54-AD34-7F6FCF66205E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{BA22B3F0-1B73-4F81-AAC0-17F3C2018C1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{42F74D09-C076-40E4-AEEC-34DA0B50FC09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{751A6050-AA5B-4679-A52A-4E4E35538063}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{86925F86-311C-4A20-946A-84CAE822BC1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{2623BE7D-2B38-495E-A7E3-398BAE3FC726}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{CE7FEBCB-FF50-4E78-8226-070A55069D28}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{F9AD5644-9134-4B6B-9B20-35A81723B347}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fistful of Frags\sdk\hl2.exe
FirewallRules: [{63EC792C-31FF-4368-81B9-A7B6D36BDB09}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOMO_US\Main\DOMO.exe
FirewallRules: [{D7E1131F-E62C-4CA5-83A1-FBF365EF4581}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOMO_US\Main\DOMO.exe
FirewallRules: [{F55AA2EB-0ADC-4D46-9D90-838785AE1B89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{F0B9738D-8551-4AD3-80E2-DD2595DD2765}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{00266B7D-6981-4CDA-BC1B-5FAB9E4F6ACE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E0A708A5-D11F-410F-8051-74578E7D49BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{9037BDAF-4672-4769-81DA-03507E9DFFE0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{28407ADE-24B5-42FC-9884-D2DF3E15C7E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8EEC7915-14A7-4F35-9169-7CE9D3B1CD1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{4FF3DF70-9C55-4026-8346-F6B7DB1B8334}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [TCP Query User{EFAD4A5D-3C60-40CF-9DB3-DC8736FE1D43}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe] => (Allow) C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe
FirewallRules: [UDP Query User{329C0F57-6909-4EAF-B4B1-E3E350DB59FF}C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe] => (Allow) C:\program files (x86)\thq\dawn of war - soulstorm\soulstorm.exe

==================== Restore Points =========================

17-01-2016 05:21:53 Installed Dawn of War - Soulstorm
17-01-2016 05:36:49 Installed DirectX

==================== Faulty Device Manager Devices =============

Name: 802.11 n WLAN
Description: 802.11 n WLAN
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2016 12:02:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2016 02:54:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 43.0.4.5848, time stamp: 0x568c88bd
Faulting module name: mozglue.dll, version: 43.0.4.5848, time stamp: 0x568c7b16
Exception code: 0x80000003
Fault offset: 0x0000ed44
Faulting process id: 0xc5c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (01/17/2016 02:03:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.3.14.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1f30

Start Time: 01d151621a10fc51

Termination Time: 2

Application Path: C:\Users\RJ\Desktop\FRST64.exe

Report Id: 5cc13b67-bd55-11e5-966c-74f06debe3a4

Error: (01/17/2016 02:02:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.3.14.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 176c

Start Time: 01d15161a8a5f81d

Termination Time: 2

Application Path: C:\Users\RJ\Desktop\FRST64.exe

Report Id: 4d51970a-bd55-11e5-966c-74f06debe3a4

Error: (01/17/2016 02:00:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.3.14.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13b8

Start Time: 01d15161a242e57c

Termination Time: 1

Application Path: C:\Users\RJ\Desktop\FRST64.exe

Report Id: e469a73e-bd54-11e5-966c-74f06debe3a4

Error: (01/17/2016 01:45:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.3.14.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 222c

Start Time: 01d1515c9639a34b

Termination Time: 2

Application Path: C:\Users\RJ\Desktop\FRST64.exe

Report Id: d879cdab-bd52-11e5-966c-74f06debe3a4

Error: (01/17/2016 01:23:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 3.3.14.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d84

Start Time: 01d1515c69149492

Termination Time: 1

Application Path: C:\Users\RJ\Desktop\FRST64.exe

Report Id: d08c57e6-bd4f-11e5-966c-74f06debe3a4

Error: (01/17/2016 07:06:44 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.21.0.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e7c

Start Time: 01d15127c4ec0220

Termination Time: 2

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: 26feecab-bd1b-11e5-966c-74f06debe3a4

Error: (01/17/2016 07:05:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.21.0.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a4c

Start Time: 01d151272aae90a7

Termination Time: 2

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: ffb520f6-bd1a-11e5-966c-74f06debe3a4

Error: (01/17/2016 07:01:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.21.0.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b24

Start Time: 01d150ef266ed84b

Termination Time: 71

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id: 64e55868-bd1a-11e5-966c-74f06debe3a4


System errors:
=============
Error: (01/18/2016 12:04:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (01/17/2016 02:55:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (01/17/2016 03:06:22 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Support Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/17/2016 02:12:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Support Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/17/2016 02:12:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/17/2016 02:11:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/17/2016 02:11:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 300000 milliseconds: Restart the service.

Error: (01/17/2016 01:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2016 01:57:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Support Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/17/2016 01:56:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 12269.63 MB
Available physical RAM: 9703.35 MB
Total Virtual: 24537.47 MB
Available Virtual: 20741.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:101.04 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 13582CBC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 AM

Posted 18 January 2016 - 03:56 PM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 RJWaters

RJWaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 19 January 2016 - 08:19 AM

took 12hours to scan but here is the log file there was no option to check settings before the scan was started I hope that this does not require another scan

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0d783a177a92d14a8380f20427584435
# end=init
# utc_time=2016-01-18 10:54:36
# local_time=2016-01-18 04:54:36 (-0600, Central Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 27702
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=0d783a177a92d14a8380f20427584435
# end=updated
# utc_time=2016-01-18 10:57:11
# local_time=2016-01-18 04:57:11 (-0600, Central Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=0d783a177a92d14a8380f20427584435
# engine=27702
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-01-19 11:26:50
# local_time=2016-01-19 05:26:50 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 532089 16207408 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 204746260 0 0
# scanned=572080
# found=3
# cleaned=3
# scan_time=44978
sh=ECE55B91079B62BDE5190752BC4434FF9108E0E5 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NLG trojan (cleaned by deleting)" ac=C fn="C:\Users\RJ\AppData\Local\Microsoft\Windows\Temporary Internet

Files\Content.IE5\9DQ4DCC8\index[1].htm"
sh=FFDBB3B0F9D50AB958993EFB6D2DAE17BCCD805C ft=0 fh=0000000000000000 vn="HTML/Iframe.B trojan (deleted)" ac=C fn="C:\Users\RJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low

\Content.IE5\2NY1L788\a862a43ebda9b40da6f18fbac7d1[1].htm"
sh=35109FA7630EF14F41EAAE405B1ABC8A57719321 ft=1 fh=c71c0011ab2ba2f0 vn="Win32/TrojanDropper.Agent.RFX trojan (cleaned by deleting)" ac=C fn="C:\Users\RJ\AppData\Local\Temp\{0EFBC415-8E0F-4D7B-937D-

3017F6BC46D5}\TMPDA19.tmp"
 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 AM

Posted 19 January 2016 - 03:05 PM


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 RJWaters

RJWaters
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 19 January 2016 - 04:51 PM

all of the problems seem to have cleared up with all the scanners. although i have not ran my computer very hard since running ESET which i noticed right before running it that if i pushed the computer past 30% CPU or 50% ram usage that the problem would trigger, will run a few games momentarily to see if its fine. all problems do indeed seem to be gone


Edited by RJWaters, 19 January 2016 - 05:43 PM.


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 AM

Posted 21 January 2016 - 04:02 PM

It's good to hear that your problems appear to be solved.
If your computer was used for online banking, has credit card information or other sensitive data you should change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:

 

Internet Explorer Version 10
Adobe Flash Player 18 ActiveX
Java 8 Update 51



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:20 AM

Posted 25 January 2016 - 01:14 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users